5 matches found
Oracle iPlanet Web Server 7.0.x - Image Injection
Oracle iPlanet Web Server 7.0.x allows image injection in the Administration console via the productNameSrc parameter to an admingui URI. This issue exists because of an incomplete fix for CVE-2012-0516. id: CVE-2020-9314 info: name: Oracle iPlanet Web Server 7.0.x - Image Injection author:...
CVE-2020-9314
PRODUCT NOT SUPPORTED WHEN ASSIGNED Oracle iPlanet Web Server 7.0.x allows image injection in the Administration console via the productNameSrc parameter to an admingui URI. This issue exists because of an incomplete fix for CVE-2012-0516. NOTE: a related support policy can be found in the...
Unpatched Bugs in Oracle iPlanet Open Door to Info-Disclosure, Injection
A pair of vulnerabilities in Oracle’s iPlanet Web Server have been disclosed that can lead to sensitive data exposure and image injections onto web pages if exploited. However, no patch is forthcoming for either flaw. The bugs CVE-2020-9315 and CVE-2020-9314 are specifically found in the web...
CVE-2020-9314
PRODUCT NOT SUPPORTED WHEN ASSIGNED Oracle iPlanet Web Server 7.0.x allows image injection in the Administration console via the productNameSrc parameter to an admingui URI. This issue exists because of an incomplete fix for CVE-2012-0516. NOTE: a related support policy can be found in the...
CVE-2020-9314
CVE-2020-9314 affects Oracle iPlanet Web Server 7.0.x. The issue is described as image injection in the Administration console via the productNameSrc parameter to an admingui URI, arising from an incomplete fix for CVE-2012-0516. It is part of a pair with CVE-2020-9315; while CVE-2020-9314 enable...