CVEブラウザに戻る

CVE-2020-9315

HIGH

7.5

CVSS Severity Score

EPSS Score0.1360%

EPSS Percentile44.23th

Published2020年5月10日

Last Modified2024年11月21日

Vulnerability Description

** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7.0.x has Incorrect Access Control for admingui/version URIs in the Administration console, as demonstrated by unauthenticated read access to encryption keys. NOTE: a related support policy can be found in the www.oracle.com references attached to this CVE.

Affected Platforms (CPE)

📦

Oracle

Iplanet Web Server

>= 7.0 and <= 7.0.27

References & Advisories

🔗 http://seclists.org/fulldisclosure/2020/May/31

🔗 https://www.oracle.com/support/lifetime-support/

🔗 https://www.oracle.com/us/assets/lifetime-support-middleware-069163.pdf

🔗 https://wwws.nightwatchcybersecurity.com/2020/05/10/two-vulnerabilities-in-oracles-iplanet-web-server-cve-2020-9315-and-cve-2020-9314/

🔗 http://seclists.org/fulldisclosure/2020/May/31

🔗 https://www.oracle.com/support/lifetime-support/

🔗 https://www.oracle.com/us/assets/lifetime-support-middleware-069163.pdf

🔗 https://wwws.nightwatchcybersecurity.com/2020/05/10/two-vulnerabilities-in-oracles-iplanet-web-server-cve-2020-9315-and-cve-2020-9314/

関連する脆弱性情報

CVE-2001-074610.0

Buffer overflow in Web Publisher in iPlanet Web Server Enterprise Edition 4.1 and earlier allows remote attackers to cause a denia...

CVE-2000-107710.0

Buffer overflow in the SHTML logging functionality of iPlanet Web Server 4.x allows remote attackers to execute arbitrary commands...

CVE-2001-043110.0

Vulnerability in iPlanet Web Server Enterprise Edition 4.x.

CVE-2001-04197.5

Buffer overflow in shared library ndwfn4.so for iPlanet Web Server (iWS) 4.1, when used as a web listener for Oracle application s...