CVE-2013-1509

Oracle Fusion Middleware WebCenter Sites 7.6.2, 11.1.1.6.0, 11.1.1.6.1 - Authenticated Integrity Impact

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-1509. PoCs published by SEC Consult.

AI-analyzed exploit summary This advisory describes an HTTP header injection vulnerability in Oracle WebCenter Sites Satellite Server, allowing attackers to inject arbitrary headers (e.g., Refresh, Set-Cookie) via the blobheadername2 and blobheadervalue2 parameters, leading to cache poisoning and redirection attacks.

Description

Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 7.6.2, 11.1.1.6.0, and 11.1.1.6.1 allows remote authenticated users to affect integrity via unknown vectors related to WebCenter Sites.

Exploits (1)

exploitdb WRITEUP

by SEC Consult · textwebappswindows

https://www.exploit-db.com/exploits/24964

View Code ZIP pw:eip

This advisory describes an HTTP header injection vulnerability in Oracle WebCenter Sites Satellite Server, allowing attackers to inject arbitrary headers (e.g., Refresh, Set-Cookie) via the blobheadername2 and blobheadervalue2 parameters, leading to cache poisoning and redirection attacks.

Classification

Writeup 100%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Oracle WebCenter Sites Satellite Server (7.6.0 Patch1, 7.6.2, 11.1.1.6.0, 11.1.1.6.1)

No auth needed

Prerequisites: Access to a vulnerable Oracle WebCenter Sites Satellite Server instance

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory x_refsource_confirm

http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html

Vendor Advisory vendor-advisory x_refsource_mandriva

http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

Third Party Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2013-04/0189.html

Scores

EPSS 0.0221

EPSS Percentile 80.2%

Details

Status published

Products (3)

oracle/fusion_middleware 7.6.2

oracle/fusion_middleware 11.1.1.6.0

oracle/fusion_middleware 11.1.1.6.1

Published Apr 17, 2013

Tracked Since Feb 18, 2026