CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

PRODUCT NOT SUPPORTED WHEN ASSIGNED Oracle iPlanet Web Server 7.0.x has Incorrect Access Control for admingui/version URIs in the Administration console, as demonstrated by unauthenticated read access to encryption keys. NOTE: a related support policy can be found in the www.oracle.com references...

7.5CVSS6.6AI score0.8793EPSS

Exploits0References1

ThreatPost•added 2020/05/11 8:19 p.m.•86 views

Unpatched Bugs in Oracle iPlanet Open Door to Info-Disclosure, Injection

A pair of vulnerabilities in Oracle’s iPlanet Web Server have been disclosed that can lead to sensitive data exposure and image injections onto web pages if exploited. However, no patch is forthcoming for either flaw. The bugs CVE-2020-9315 and CVE-2020-9314 are specifically found in the web...

9.3CVSS6.9AI score0.8793EPSS

Exploits0References8

OSV•added 2020/05/10 11:15 p.m.•2 views

CVE-2020-9315

7.5CVSS6.4AI score0.8793EPSS

Exploits0References4

NVD•added 2020/05/10 11:15 p.m.•12 views

CVE-2020-9314

PRODUCT NOT SUPPORTED WHEN ASSIGNED Oracle iPlanet Web Server 7.0.x allows image injection in the Administration console via the productNameSrc parameter to an admingui URI. This issue exists because of an incomplete fix for CVE-2012-0516. NOTE: a related support policy can be found in the...

4.9CVSS5.1AI score0.12006EPSS

Exploits0References4

Prion•added 2020/05/10 11:15 p.m.•8 views

Design/Logic Flaw

4.9CVSS5.8AI score0.8793EPSS

Exploits0References4Affected Software1

Cvelist•added 2020/05/10 10:23 p.m.•16 views

CVE-2020-9314

6AI score0.12006EPSS

Exploits0References4

Cvelist•added 2020/05/10 10:23 p.m.•13 views

CVE-2020-9315

7.3AI score0.8793EPSS

Exploits0References4

Tenable Nessus•added 2018/03/12 12:0 a.m.•53 views

Solaris 10 (sparc) : 125437-22

Oracle iPlanet Web Server 7.0.12 Solaris: Update Release patch. Date this patch was last updated by Sun : Aug/19/11 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text in this plugin was extracted from the Oracle SunOS Patch Updates. include'deprecatednasllevel.inc';...

9.8CVSS7.9AI score0.03741EPSS

Exploits14References6

Tenable Nessus•added 2018/01/25 12:0 a.m.•934 views

Oracle iPlanet Web Server 7.0.x < 7.0.27 NSS Unspecified Vulnerability (January 2018 CPU)

According to its self-reported version, the Oracle iPlanet Web Server formerly known as Sun Java System Web Server running on the remote host is 7.0.x prior to 7.0.27 Patch 26834070. It is, therefore, affected by an unspecified vulnerability in the Network Security Services NSS library with unkno...

10CVSS7.6AI score0.9438EPSS

Exploits51References29

OSV•added 2017/10/19 5:29 p.m.•1 views

CVE-2017-10055

Vulnerability in the Oracle iPlanet Web Server component of Oracle Fusion Middleware subcomponent: Admin Graphical User Interface. The supported version that is affected is 7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

6.1CVSS7.3AI score0.00389EPSS

Exploits0References3

Prion•added 2017/10/19 5:29 p.m.•9 views

Buffer overflow

5.8CVSS5.2AI score0.00389EPSS

Exploits0References3Affected Software1

Cvelist•added 2017/10/19 5:0 p.m.•13 views

CVE-2017-10055

5.4AI score0.00389EPSS

Exploits0References3

Rows per page