id: CVE-2025-61884

info:
  name: Detection for CVE-2025-61884
  author: Blackash
  severity: high
  description: |
    This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password. If successfully exploited, this vulnerability may allow access to sensitive resources.
  metadata:
    shodan-query: html:"OA_HTML"
  tags: detect,oracle,ebusiness-suite

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    extractors:
      - type: dsl
        name: last_modified_date
        dsl:
          - last_modified

      - type: dsl
        name: date_unix
        internal: true
        dsl:
          - 'to_unix_time(last_modified, "Mon, 02 Jan 2006 15:04:05 MST")'

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "E-Business Suite Home Page"
        part: body

      - type: dsl
        dsl:
          - compare_versions(date_unix, "< 1760198400")

      - type: status
        status:
          - 200