Unauthenticated Access Vulnerability in Oracle HTTP Server by Oracle
CVE-2021-2315

5.4MEDIUM

Key Information:

Vendor: Oracle
Status: Http Server
Vendor: CVE Published:; 22 April 2021

Summary

An unauthenticated access vulnerability exists in the Oracle HTTP Server component of Oracle Fusion Middleware. This weakness allows attackers with network access to exploit the server, potentially leading to unauthorized updates, deletions, or reading of sensitive data. Although successful attacks require human interaction, the implications on the confidentiality and integrity of the data can be significant, highlighting the need for immediate mitigation strategies.

Affected Version(s)

HTTP Server 11.1.1.9.0

HTTP Server 12.2.1.3.0

HTTP Server 12.2.1.4.0

References

https://www.oracle.com/security-alerts/cpuapr2021.html

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Apr 22, 2021
Vulnerability Reserved
Dec 9, 2020