Help
Technical Articles
F5 SMEs share good practice.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

Oracle Identity Manager Remote Hijack Vulnerability (CVE-2017-10151)

Gal_Goldshtein
F5 Employee
F5 Employee

on ‎02-Nov-2017 14:14

Last week, Oracle has released an out of cycle security advisory (CVE-2017-10151) for a vulnerability which affects Oracle identity manager. The vulnerability allows attackers to access Oracle Identity Manager using a built-in account (OIMINTERNAL) which has its default password set to a single space character.

This highly privileged account allows attackers to completely compromise Oracle Identity Manager.

Mitigation with attack signatures

ASM users are encouraged to configure the following user defined attack signature to detect exploitation attempts of this vulnerability:

 

valuecontent:"pt1:_pt_it2"; nocase; norm; re2:"/pt1:_pt_it2\W*?=\s$/Vi"; norm;

 

This signature is due to be included in the next ASU, which is planned to be released in mid-November.

Labels:
0 Kudos
Comments
MSZ
Nimbostratus
Nimbostratus
‎06-Nov-2017 21:25

Please share the step by step details to create the customized signature.

 

0 Kudos
Version history
Last update:
‎02-Nov-2017 14:14
Updated by:
F5 Employee
Contributors
Copyright © 2023 Khoros, LLC