Vulnerability in Oracle HTTP Server of Oracle Fusion Middleware
CVE-2021-2480

3.7LOW

Key Information:

Vendor: Oracle
Status: Http Server
Vendor: CVE Published:; 20 October 2021

Summary

This vulnerability exists in the Oracle HTTP Server component of Oracle Fusion Middleware, allowing an unauthenticated attacker with network access via HTTP to exploit the service. The vulnerability can lead to unauthorized updates, insertions, or deletions of data accessible by the Oracle HTTP Server. It emphasizes the need for secure configurations and vigilant monitoring to prevent exploitation.

Affected Version(s)

HTTP Server 11.1.1.9.0

References

https://www.oracle.com/security-alerts/cpuoct2021.html

x_refsource_MISC

CVSS V3.1

Score:

3.7

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 20, 2021
Vulnerability Reserved
Dec 9, 2020