Vulnerability in Oracle HTTP Server Component of Oracle Fusion Middleware
CVE-2019-2751

5.9MEDIUM

Key Information:

Vendor: Oracle
Status: Http Server
Vendor: CVE Published:; 23 July 2019

Summary

A vulnerability exists in the Oracle HTTP Server component of Oracle Fusion Middleware, specifically within the OHS Config MBeans. Network attackers with HTTPS access can exploit this vulnerability to gain unauthorized access, potentially compromising sensitive data. Successful exploitation enables attackers to access all data handled by the Oracle HTTP Server, raising significant security concerns for affected organizations.

Affected Version(s)

HTTP Server 12.1.3.0.0

HTTP Server 12.2.1.3.0

References

http://www.oracle.com/technetwork/security-advisory/cpuju...

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 23, 2019
Vulnerability Reserved
Dec 14, 2018