CVE-2020-2545

Name of the Vulnerable Software and Affected Versions Oracle HTTP Server versions 11.1.1.9.0, 12.1.3.0.0, and 12.2.1.3.0

Description The issue is related to the OSSL Module component of Oracle HTTP Server, allowing an unauthenticated attacker with network access via HTTPS to compromise the server. This can result in a partial denial of service (DOS) of Oracle HTTP Server. The vulnerability is also associated with insufficient access control in the OSSL Module and Oracle Security Service's SSL API, which can be exploited by a remote attacker to cause a denial of service using the HTTPS protocol.

Recommendations For version 11.1.1.9.0, update to a version that includes the fix for this issue. For version 12.1.3.0.0, update to a version that includes the fix for this issue. For version 12.2.1.3.0, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the HTTPS protocol to minimize the risk of exploitation.