CVE-2020-2530

Name of the Vulnerable Software and Affected Versions Oracle HTTP Server versions 11.1.1.9.0, 12.1.3.0.0, and 12.2.1.3.0

Description The issue is related to inadequate access control in the Web Listener component of Oracle HTTP Server, allowing an unauthenticated attacker with network access via HTTP to compromise the server. Successful attacks require human interaction and may significantly impact additional products, resulting in unauthorized access to data, including update, insert, delete, and read access to some of Oracle HTTP Server's accessible data.

Recommendations For version 11.1.1.9.0, update to a newer version to mitigate the risk. For version 12.1.3.0.0, update to a newer version to mitigate the risk. For version 12.2.1.3.0, update to a newer version to mitigate the risk. As a temporary workaround, consider restricting access to the Web Listener component until a patch is available.