Vulnerability in Oracle HTTP Server of Oracle Fusion Middleware
CVE-2019-2414

7.8HIGH

Key Information:

Vendor: Oracle
Status: Http Server
Vendor: CVE Published:; 16 January 2019

Summary

A vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware, specifically within the Web Listener subcomponent, allows a low privileged attacker with access to the infrastructure to exploit the system. This could potentially lead to a complete takeover of the Oracle HTTP Server, compromising the confidentiality, integrity, and availability of the affected systems. This flaw primarily affects version 12.2.1.3, emphasizing the need for immediate security measures to mitigate the risk of exploitation.

Affected Version(s)

HTTP Server 12.2.1.3

References

http://www.oracle.com/technetwork/security-advisory/cpuja...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/106621

vdb-entryx_refsource_BID

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 16, 2019
Vulnerability Reserved
Dec 14, 2018