Vulnerability in Oracle HTTP Server of Oracle Fusion Middleware
CVE-2020-2545

5.3MEDIUM

Key Information:

Vendor: Oracle
Status: Security Service
Vendor: CVE Published:; 15 January 2020

What is CVE-2020-2545?

An exploitable vulnerability exists in the Oracle HTTP Server component of Oracle Fusion Middleware, allowing an unauthenticated attacker with network access via HTTPS to potentially compromise the server. Successful exploitation may lead to unauthorized actions, including a partial denial of service, impacting server availability and functionality. This vulnerability affects specific versions of the Oracle HTTP Server, highlighting the need for timely updates and patching solutions.

Affected Version(s)

Security Service 11.1.1.9.0

Security Service 12.1.3.0.0

Security Service 12.2.1.3.0

References

https://www.oracle.com/security-alerts/cpujan2020.html

x_refsource_MISC

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 15, 2020
Vulnerability Reserved
Dec 10, 2019