PT-2019-1203 · Oracle · Oracle Http Server

Publicado

2019-01-16

Atualizado

2020-08-24

CVE-2019-2414

CVSS v3.1

7.8

Alta

Vetor

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Oracle HTTP Server version 12.2.1.3

Description The issue is related to inadequate access control in the Web Listener subcomponent of Oracle HTTP Server, allowing a low-privileged attacker with logon access to the infrastructure to compromise Oracle HTTP Server. Successful exploitation can result in the takeover of Oracle HTTP Server.

Recommendations For Oracle HTTP Server version 12.2.1.3, update to a version that addresses the inadequate access control issue in the Web Listener subcomponent to prevent potential takeover of Oracle HTTP Server.

Correção

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

BDU:2019-00299

CVE-2019-2414

Produtos afetados

Oracle Http Server

PT-2019-1203 · Oracle · Oracle Http Server

CVE-2019-2414

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6