Oracle Identity Manager Remote Hijack Vulnerability (CVE-2017-10151)

Last week, Oracle has released an out of cycle security advisory (CVE-2017-10151) for a vulnerability which affects Oracle identity manager. The vulnerability allows attackers to access Oracle Identity Manager using a built-in account (OIMINTERNAL) which has its default password set to a single space character.

This highly privileged account allows attackers to completely compromise Oracle Identity Manager.

Mitigation with attack signatures

ASM users are encouraged to configure the following user defined attack signature to detect exploitation attempts of this vulnerability:

 

valuecontent:"pt1:_pt_it2"; nocase; norm; re2:"/pt1:_pt_it2\W*?=\s$/Vi"; norm;

 

This signature is due to be included in the next ASU, which is planned to be released in mid-November.

Published Nov 02, 2017
Version 1.0
ASM Advanced WAF
cve-2017-10151
oracle identity manager
security

Was this article helpful?