CVE-2020-9315

Name of the Vulnerable Software and Affected Versions Oracle iPlanet Web Server version 7.0.x

Description The issue is related to incorrect access control in the Oracle iPlanet Web Server, allowing unauthenticated read access to encryption keys. This can enable a remote attacker to disclose protected information. The vulnerability is demonstrated by unauthenticated read access to encryption keys through the admingui/version URIs in the Administration console.

Recommendations For Oracle iPlanet Web Server version 7.0.x, consider restricting access to the admingui/version URIs in the Administration console to prevent unauthenticated read access to encryption keys until a fix is available. As a temporary workaround, limit access to the Administration console to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.