CVE-2018-2879

CRITICAL

Oracle Fusion Middleware 11.1.2.3.0-12.2.1.3.0 - Unauthenticated RCE

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2018-2879. PoCs published by redtimmy, MostafaSoliman, AymanElSherif.

AI-analyzed exploit summary This is a multithreaded Python exploit for CVE-2018-2879, a padding oracle attack on Oracle Access Manager (OAM). It automates the decryption of encrypted queries by leveraging padding oracle vulnerabilities in CBC mode.

Description

Vulnerability in the Oracle Access Manager component of Oracle Fusion Middleware (subcomponent: Authentication Engine). Supported versions that are affected are 11.1.2.3.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager. While the vulnerability is in Oracle Access Manager, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Access Manager. Note: Please refer to Doc ID <a href="http://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=2386496.1">My Oracle Support Note 2386496.1 for instructions on how to address this issue. CVSS 3.0 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).

Exploits (3)

nomisec WORKING POC 25 stars

by redtimmy · poc

https://github.com/redtimmy/OAMBuster

View Code ZIP pw:eip

This is a multithreaded Python exploit for CVE-2018-2879, a padding oracle attack on Oracle Access Manager (OAM). It automates the decryption of encrypted queries by leveraging padding oracle vulnerabilities in CBC mode.

Classification

Working Poc 95%

Attack Type

Other

Complexity

Complex

Reliability

Reliable

Target: Oracle Access Manager (OAM)

No auth needed

Prerequisites: Access to a vulnerable Oracle OAM instance · Network connectivity to the target

MITRE ATT&CK

T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 11 stars

by MostafaSoliman · poc

https://github.com/MostafaSoliman/Oracle-OAM-Padding-Oracle-CVE-2018-2879-Exploit

View Code ZIP pw:eip

This is a Python-based exploit for CVE-2018-2879, targeting Oracle Access Manager (OAM) 11.1.2.3.0. It leverages a padding oracle vulnerability to decrypt and encrypt arbitrary data, allowing for session manipulation and authentication bypass.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Oracle Access Manager 11.1.2.3.0

No auth needed

Prerequisites: Access to a vulnerable Oracle OAM instance · Python environment with required dependencies (e.g., requests, python-paddingoracle)

MITRE ATT&CK

T1189 - Drive-by Compromise T1557 - Adversary-in-the-Middle

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 7 stars

by AymanElSherif · poc

https://github.com/AymanElSherif/oracle-oam-authentication-bypas-exploit

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2018-2879, an authentication bypass vulnerability in Oracle Access Manager (OAM) due to a padding oracle flaw. The exploit allows generating valid authentication cookies for arbitrary users by decrypting and re-encrypting OAMAuthnCookie values.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: Oracle Access Manager (OAM) v12.2.1.3.0

No auth needed

Prerequisites: Valid OAM-protected URL · Valid username for impersonation · Network access to the target OAM instance

MITRE ATT&CK