Unauthenticated Access Vulnerability in Oracle iPlanet Web Server by Oracle
CVE-2017-10055

6.1MEDIUM

Key Information:

Vendor
Oracle
Status
Iplanet Web Server
Vendor
CVE Published:
19 October 2017

Summary

This vulnerability in the Oracle iPlanet Web Server component of Oracle Fusion Middleware allows an unauthenticated attacker with network access to exploit the system via HTTP. Successful exploitation of this vulnerability requires interaction from a user other than the attacker, enabling unauthorized updates, insertions, or deletions to accessible data. Additionally, it facilitates unauthorized read access to certain subsets of data within Oracle iPlanet Web Server. The exploitation of this flaw can lead to significant impacts on the web server's data integrity and confidentiality, ultimately threatening the security of connected systems.

Affected Version(s)

iPlanet Web Server 7.0

References

http://www.securityfocus.com/bid/101374
vdb-entryx_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuoc...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1039605
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.