Vulnerability in Oracle HTTP Server of Oracle Fusion Middleware
CVE-2019-2414

7.8HIGH

Key Information:

Vendor
Oracle
Vendor
CVE Published:
16 January 2019

Summary

A vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware, specifically within the Web Listener subcomponent, allows a low privileged attacker with access to the infrastructure to exploit the system. This could potentially lead to a complete takeover of the Oracle HTTP Server, compromising the confidentiality, integrity, and availability of the affected systems. This flaw primarily affects version 12.2.1.3, emphasizing the need for immediate security measures to mitigate the risk of exploitation.

Affected Version(s)

HTTP Server 12.2.1.3

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.