{"id":7605,"date":"2020-09-03T04:10:21","date_gmt":"2020-09-03T11:10:21","guid":{"rendered":"https:\/\/webdev.securin.xyz\/?p=7605"},"modified":"2023-04-05T12:43:07","modified_gmt":"2023-04-05T19:43:07","slug":"how-to-detect-the-vulnerability-cve-2020-14723","status":"publish","type":"post","link":"https:\/\/10.42.32.162\/articles\/how-to-detect-the-vulnerability-cve-2020-14723\/","title":{"rendered":"How to Detect the Vulnerability CVE-2020-14723?"},"content":{"rendered":"
A new zero-day vulnerability, CVE-2020-14723, was discovered by Cyber Security Works<\/strong> in Oracle Help Technologies related to the Web UIX component. CVE-2020-14723 has a base score of 5.8 and an exploitability score of 8.6 in the CVSSv2 vulnerability severity scale. This vulnerability was discovered in our research lab on January 11, 2020, and we found that it has affected geographic locations such as the United States, Ireland, Germany, Netherlands, and Brazil.<\/p>\n You can use the following script to detect this vulnerability –<\/p>\n Python 2.7+ Required CVE-2020-14723 was detected using an IAST tool to capture the Request, <\/em><\/strong>which showed that a simple payload reflects in Response.<\/p>\n The vulnerability was disclosed to Oracle in January 2020. The vendor responded and released a patch in June 2020 to mitigate this vulnerability.<\/p>\n The CVE-2020-14723 allows an unauthenticated user to insert a malicious JavaScript on the help page. Whenever a user clicks on a Print<\/i><\/b> page option, the script will be executed as part of the current user browser context.<\/p>\n CVE-2020-14723 is a vulnerability in the Oracle Help Technologies product of Oracle Fusion Middleware (component: Web UIX). Supported versions that are affected are 11.1.1.9.0 and 12.2.1.3.0.<\/p>\n <\/p>\n Step 1<\/strong>: Click on the Help<\/em><\/strong> docs page in the Oracle Web content.<\/em><\/strong><\/p>\n <\/em><\/strong><\/p>\n Step 2<\/strong>: Navigate to any of the help topics shown below and intercept using the proxy tool (Burp).<\/p>\n <\/p>\n Step 3<\/strong>: Capturing the Request<\/em><\/strong> and a simple Payload<\/em><\/strong> reflects in the Response<\/em><\/strong> without sanitization.<\/p>\n <\/p>\n Step 4<\/strong>: While triggering the Print <\/i>page event, the payload gets stored and is assigned with the path URL. Whenever the user clicks the print page, the payload will be automatically executed in the user\u2019s browser.<\/p>\n <\/p>\n
\nMulti os support<\/p>\n\n
Vulnerability Detection<\/strong><\/h2>\n
Disclosure<\/strong><\/h2>\n
Timeline<\/b><\/h2>\n
\n\n
\n Date<\/b><\/td>\n Description<\/b><\/td>\n<\/tr>\n \n Jan 11, 2020<\/td>\n Discovered in our research lab<\/td>\n<\/tr>\n \n Jan 12, 2020<\/td>\n Reported to Oracle<\/td>\n<\/tr>\n \n Jun 23, 2020<\/td>\n Oracle notified that the issue is addressed in the main code line and scheduled a future CPU – Critical Patch Update Releases.<\/td>\n<\/tr>\n \n Jul 14, 2020<\/td>\n The date of public disclosure<\/td>\n<\/tr>\n \n Jul 15, 2020<\/td>\n Published in NVD<\/td>\n<\/tr>\n \n Jul 20, 2020<\/td>\n Last modified on NVD<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n Incident Analysis<\/strong><\/h2>\n
\n\n
\n Vendor<\/strong><\/td>\n Product<\/strong><\/td>\n Versions<\/strong><\/td>\n<\/tr>\n \n Oracle<\/td>\n Help Technologies<\/td>\n 11.1.1.9.0, 12.2.1.3.0<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n Vulnerability Analysis<\/strong><\/h2>\n
Proof of Concept<\/strong><\/h2>\n
\n\n
\n Product<\/td>\n Oracle Web Content Management<\/td>\n<\/tr>\n \n Product Version<\/td>\n 12.2.1.3.0<\/td>\n<\/tr>\n \n Privilege<\/b><\/td>\n Any user who has access to the Help<\/i><\/b> Page<\/td>\n<\/tr>\n \n Request Type<\/td>\n GET<\/td>\n<\/tr>\n \n Vulnerable<\/b> URL<\/strong><\/td>\n http:\/\/localhost\/_ocsh\/help\/state?navSetId=help_for_translation_dc_template_editor_en_dcted_html_l10n_dcted_hlpbk&navId=0&locale=en844&destination=<\/td>\n<\/tr>\n \n Vulnerable Parameter<\/b><\/td>\n locale<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n Steps to Reproduce<\/strong>:<\/h2>\n
Mitigation<\/strong><\/h2>\n