Vulnerability in Oracle HTTP Server Component of Oracle Fusion Middleware
CVE-2019-2751

5.9MEDIUM

Key Information:

Vendor: Oracle
Status: Http Server
Vendor: CVE Published:; 23 July 2019

What is CVE-2019-2751?

A vulnerability exists in the Oracle HTTP Server component of Oracle Fusion Middleware, specifically within the OHS Config MBeans. Network attackers with HTTPS access can exploit this vulnerability to gain unauthorized access, potentially compromising sensitive data. Successful exploitation enables attackers to access all data handled by the Oracle HTTP Server, raising significant security concerns for affected organizations.

Affected Version(s)

HTTP Server 12.1.3.0.0

HTTP Server 12.2.1.3.0

References

http://www.oracle.com/technetwork/security-advisory/cpuju...

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 23, 2019
Vulnerability Reserved
Dec 14, 2018