Davide Berardi

**Name of the Vulnerable Software and Affected Versions** Oracle VM VirtualBox versions prior to 5.2.36 Oracle VM VirtualBox versions prior to 6.0.16 **Description** The issue is related to errors in resource release in the Core component of Oracle VM VirtualBox. Exploitation of this issue can allow an attacker to cause a denial of service. A low-privileged attacker with login access to the infrastructure where Oracle VM VirtualBox runs can compromise Oracle VM VirtualBox. Although the issue occurs in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks can result in the unauthorized ability to cause a hang or frequently repeatable crash of Oracle VM VirtualBox. **Recommendations** For Oracle VM VirtualBox versions prior to 5.2.36, update to version 5.2.36 or later. For Oracle VM VirtualBox versions prior to 6.0.16, update to version 6.0.16 or later. As a temporary workaround, consider restricting access to the Core component of Oracle VM VirtualBox to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Oracle HTTP Server versions 11.1.1.9.0, 12.1.3.0.0, and 12.2.1.3.0 **Description** The issue is related to inadequate access control in the Web Listener component of Oracle HTTP Server, allowing an unauthenticated attacker with network access via HTTP to compromise the server. Successful attacks require human interaction and may significantly impact additional products, resulting in unauthorized access to data, including update, insert, delete, and read access to some of Oracle HTTP Server's accessible data. **Recommendations** For version 11.1.1.9.0, update to a newer version to mitigate the risk. For version 12.1.3.0.0, update to a newer version to mitigate the risk. For version 12.2.1.3.0, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the Web Listener component until a patch is available.