Remote Access Vulnerability in Oracle HTTP Server - Oracle Fusion Middleware
CVE-2016-3482

3.7LOW

Key Information:

Vendor
Oracle
Status
Http Server
Vendor
CVE Published:
21 July 2016

Summary

The Oracle HTTP Server component within Oracle Fusion Middleware versions 11.1.1.9 and 12.1.3.0 contains a vulnerability that allows remote attackers to potentially impact the confidentiality of affected systems. This vulnerability is associated with the SSL/TLS module, exposing sensitive information through improper handling of SSL/TLS connections. As a result, unauthorized entities may exploit this issue to gain access to confidential data.

References

http://www.oracle.com/technetwork/security-advisory/cpuju...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1036372
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/91787
vdb-entryx_refsource_BID

CVSS V3.1

Score:
3.7
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.