CVE-2018-2760

Published: Apr 19, 2018Modified: Nov 21, 2024

5.9

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: OSSL Module). Supported versions that are affected are 12.1.3 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle HTTP Server accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).

Affected (2)

Products: Oracle: Http Server

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Oracle Http Server	Version 12.1.3
Oracle Http Server	Version 12.2.1.2

References (6)

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

Source: secalert_us@oracle.com

PatchVendor Advisory

http://www.securityfocus.com/bid/103826

Source: secalert_us@oracle.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040699

Source: secalert_us@oracle.com

Third Party AdvisoryVDB Entry

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/103826

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040699

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.