/claim #13997

close #13997

What This Does

Detects CVE-2022-21445, a critical RCE vulnerability in Oracle ADF Faces (CVSS 9.8, CISA KEV).

The vulnerability allows unauthenticated attackers to execute code via deserialization in the ADF Faces component.

How It Works

• Tests 4 common Oracle contexts: /em, /bicomposer, /analytics, /xmlpserver
• Sends a safe serialized payload that triggers detectable errors without causing harm
• Uses 3 matcher layers: status codes, Java error messages, and Oracle headers
• Includes extractors for Oracle-specific identifiers

Why It’s Accurate

• Complete POC-based detection (not version checking)
• Multiple matchers reduce false positives
• Safe payload - won’t break anything
• Follows the actual exploitation path discovered by security researchers

Validation Status

Template is ready and follows all guidelines. I’ve requested environment access from templates@projectdiscovery.io to capture debug output.

Can provide full debug data immediately once I get test environment access.

References

• Oracle Advisory
• Miracle Exploit Analysis
• CISA KEV

Author: @ritik4ever