6 matches found
Oracle iPlanet Web Server 7.0.x - Authentication Bypass
Oracle iPlanet Web Server 7.0.x has incorrect access control for admingui/version URIs in the Administration console, as demonstrated by unauthenticated read access to encryption keys. NOTE a related support policy can be found in the www.oracle.com references attached to this CVE. id:...
CVE-2020-9315
PRODUCT NOT SUPPORTED WHEN ASSIGNED Oracle iPlanet Web Server 7.0.x has Incorrect Access Control for admingui/version URIs in the Administration console, as demonstrated by unauthenticated read access to encryption keys. NOTE: a related support policy can be found in the www.oracle.com references...
Oracle iPlanet Web Server Authentication Bypass (CVE-2020-9315)
An authentication bypass vulnerability exists in Oracle iPlanet Web Server. Successful exploitation of this vulnerability could allow a remote attacker to gain unauthorized access to the affected system...
Unpatched Bugs in Oracle iPlanet Open Door to Info-Disclosure, Injection
A pair of vulnerabilities in Oracle’s iPlanet Web Server have been disclosed that can lead to sensitive data exposure and image injections onto web pages if exploited. However, no patch is forthcoming for either flaw. The bugs CVE-2020-9315 and CVE-2020-9314 are specifically found in the web...
CVE-2020-9315
PRODUCT NOT SUPPORTED WHEN ASSIGNED Oracle iPlanet Web Server 7.0.x has Incorrect Access Control for admingui/version URIs in the Administration console, as demonstrated by unauthenticated read access to encryption keys. NOTE: a related support policy can be found in the www.oracle.com references...
CVE-2020-9315
Oracle iPlanet Web Server 7.0.x is affected by two CVEs. CVE-2020-9315: authentication bypass via incorrect access control on admingui/version URIs, enabling unauthenticated read access to encryption keys. CVE-2020-9314: image injection via productNameSrc in the admingui, stemming from an incompl...