Vulnerability in Oracle HTTP Server of Oracle Fusion Middleware
CVE-2021-2480

3.7LOW

Key Information:

Vendor: Oracle
Status: Http Server
Vendor: CVE Published:; 20 October 2021

What is CVE-2021-2480?

This vulnerability exists in the Oracle HTTP Server component of Oracle Fusion Middleware, allowing an unauthenticated attacker with network access via HTTP to exploit the service. The vulnerability can lead to unauthorized updates, insertions, or deletions of data accessible by the Oracle HTTP Server. It emphasizes the need for secure configurations and vigilant monitoring to prevent exploitation.

Affected Version(s)

HTTP Server 11.1.1.9.0

References

https://www.oracle.com/security-alerts/cpuoct2021.html

x_refsource_MISC

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 20, 2021
Vulnerability Reserved
Dec 9, 2020