rxerium/CVE-2025-61884

## CVE-2025-61884
id: CVE-2025-61884

info:
  name: Detection for CVE-2025-61884
  author: rxerium
  severity: high
  description: |
    This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password. If successfully exploited, this vulnerability may allow access to sensitive resources.
  metadata:
    shodan-query: html:"OA_HTML"
  tags: detect,oracle,ebusiness-suite

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    extractors:
      - type: dsl
        name: last_modified_date
        dsl:
          - last_modified

      - type: dsl
        name: date_unix
        internal: true
        dsl:
          - 'to_unix_time(last_modified, "Mon, 02 Jan 2006 15:04:05 MST")'

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "E-Business Suite Home Page"
        part: body

      - type: dsl
        dsl:
          - compare_versions(date_unix, "< 1760198400")

      - type: status
        status:
          - 200
	id: CVE-2025-61884

	info:
	name: Detection for CVE-2025-61884
	author: rxerium
	severity: high
	description: \|
	This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password. If successfully exploited, this vulnerability may allow access to sensitive resources.
	metadata:
	shodan-query: html:"OA_HTML"
	tags: detect,oracle,ebusiness-suite

	http:
	- method: GET
	path:
	- "{{BaseURL}}"

	extractors:
	- type: dsl
	name: last_modified_date
	dsl:
	- last_modified

	- type: dsl
	name: date_unix
	internal: true
	dsl:
	- 'to_unix_time(last_modified, "Mon, 02 Jan 2006 15:04:05 MST")'

	matchers-condition: and
	matchers:
	- type: word
	words:
	- "E-Business Suite Home Page"
	part: body

	- type: dsl
	dsl:
	- compare_versions(date_unix, "< 1760198400")

	- type: status
	status:
	- 200
No results found