cancel
Showing results for 
Search instead for 
Did you mean: 
Gal_Goldshtein
F5 Employee
F5 Employee

Last week, Oracle has released an out of cycle security advisory (CVE-2017-10151) for a vulnerability which affects Oracle identity manager. The vulnerability allows attackers to access Oracle Identity Manager using a built-in account (OIMINTERNAL) which has its default password set to a single space character.

This highly privileged account allows attackers to completely compromise Oracle Identity Manager.

Mitigation with attack signatures

ASM users are encouraged to configure the following user defined attack signature to detect exploitation attempts of this vulnerability:

 

valuecontent:"pt1:_pt_it2"; nocase; norm; re2:"/pt1:_pt_it2\W*?=\s$/Vi"; norm;

 

This signature is due to be included in the next ASU, which is planned to be released in mid-November.

Comments
MSZ
Nimbostratus
Nimbostratus

Please share the step by step details to create the customized signature.

 

Version history
Last update:
‎02-Nov-2017 14:14
Updated by:
Contributors