Unauthenticated Network Vulnerability in Oracle HTTP Server by Oracle
CVE-2021-35666

5.9MEDIUM

Key Information:

Vendor: Oracle
Status: Http Server
Vendor: CVE Published:; 20 October 2021

What is CVE-2021-35666?

A vulnerability in Oracle HTTP Server, part of Oracle Fusion Middleware, could be exploited by unauthenticated attackers with network access via HTTPS. This flaw allows for potential unauthorized access to sensitive data or complete control over all data accessible through the server. It primarily affects version 11.1.1.9.0 of the Oracle HTTP Server, emphasizing the importance of updating and securing server configurations to mitigate such risks.

Affected Version(s)

HTTP Server 11.1.1.9.0

References

https://www.oracle.com/security-alerts/cpuoct2021.html

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 20, 2021
Vulnerability Reserved
Jun 28, 2021