cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-20991,https://securityvulnerability.io/vulnerability/CVE-2024-20991,Unauthenticated Access Vulnerability in Oracle HTTP Server by Oracle,"A significant vulnerability has been identified in Oracle HTTP Server, part of Oracle Fusion Middleware, specifically within the Web Listener component. This vulnerability allows an unauthenticated attacker, armed with basic network access via HTTP, to compromise the Oracle HTTP Server. Successful exploitation can lead to unauthorized read access to specific data that is available through the server, potentially exposing sensitive information. It is crucial for organizations using the affected version, 12.2.1.4.0, to assess their security posture and implement protective measures.",Oracle,Http Server,5.3,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-04-16T22:15:00.000Z,0
CVE-2023-22019,https://securityvulnerability.io/vulnerability/CVE-2023-22019,Remote Code Execution Vulnerability in Oracle HTTP Server by Oracle,"An easily exploitable vulnerability in Oracle HTTP Server, part of Oracle Fusion Middleware's Web Listener component, allows an unauthenticated attacker with network access via HTTP to compromise the server. Exploitation can lead to unauthorized access to sensitive data, jeopardizing the confidentiality of information managed by Oracle HTTP Server, particularly in version 12.2.1.4.0. Administrators are urged to apply available patches promptly to mitigate risks.",Oracle,Http Server,7.5,HIGH,0.0006099999882280827,false,false,false,false,,false,false,2023-10-17T22:15:00.000Z,0
CVE-2022-21593,https://securityvulnerability.io/vulnerability/CVE-2022-21593,,"Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: OHS Config MBeans). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle HTTP Server accessible data as well as unauthorized update, insert or delete access to some of Oracle HTTP Server accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N).",Oracle,Http Server,7.1,HIGH,0.00044999999227002263,false,false,false,false,,false,false,2022-10-18T00:00:00.000Z,0
CVE-2021-35666,https://securityvulnerability.io/vulnerability/CVE-2021-35666,,Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: OSSL Module). The supported version that is affected is 11.1.1.9.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle HTTP Server accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).,Oracle,Http Server,5.9,MEDIUM,0.0038399999029934406,false,false,false,false,,false,false,2021-10-20T10:51:42.000Z,0
CVE-2021-2480,https://securityvulnerability.io/vulnerability/CVE-2021-2480,,"Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). The supported version that is affected is 11.1.1.9.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle HTTP Server accessible data. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).",Oracle,Http Server,3.7,LOW,0.0008999999845400453,false,false,false,false,,false,false,2021-10-20T10:49:44.000Z,0
CVE-2021-2315,https://securityvulnerability.io/vulnerability/CVE-2021-2315,,"Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle HTTP Server accessible data as well as unauthorized read access to a subset of Oracle HTTP Server accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).",Oracle,Http Server,5.4,MEDIUM,0.0009500000160187483,false,false,false,false,,false,false,2021-04-22T21:54:02.000Z,0
CVE-2020-2952,https://securityvulnerability.io/vulnerability/CVE-2020-2952,,"Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). The supported version that is affected is 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle HTTP Server accessible data as well as unauthorized read access to a subset of Oracle HTTP Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).",Oracle,Http Server,6.5,MEDIUM,0.0008900000248104334,false,false,false,false,,false,false,2020-04-15T13:29:54.000Z,0
CVE-2020-2530,https://securityvulnerability.io/vulnerability/CVE-2020-2530,,"Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle HTTP Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle HTTP Server accessible data as well as unauthorized read access to a subset of Oracle HTTP Server accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",Oracle,Http Server,6.1,MEDIUM,0.0008299999753944576,false,false,false,false,,false,false,2020-01-15T16:33:59.000Z,0
CVE-2019-2751,https://securityvulnerability.io/vulnerability/CVE-2019-2751,,Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: OHS Config MBeans). Supported versions that are affected are 12.1.3.0.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle HTTP Server accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).,Oracle,Http Server,5.9,MEDIUM,0.0026599999982863665,false,false,false,false,,false,false,2019-07-23T23:15:00.000Z,0
CVE-2019-2414,https://securityvulnerability.io/vulnerability/CVE-2019-2414,,"Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). The supported version that is affected is 12.2.1.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle HTTP Server executes to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in takeover of Oracle HTTP Server. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",Oracle,Http Server,7.8,HIGH,0.00044999999227002263,false,false,false,false,,false,false,2019-01-16T19:00:00.000Z,0
CVE-2018-2760,https://securityvulnerability.io/vulnerability/CVE-2018-2760,,Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: OSSL Module). Supported versions that are affected are 12.1.3 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle HTTP Server accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).,Oracle,Http Server,5.9,MEDIUM,0.001500000013038516,false,false,false,false,,false,false,2018-04-19T02:00:00.000Z,0
CVE-2018-2561,https://securityvulnerability.io/vulnerability/CVE-2018-2561,,"Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",Oracle,Http Server,5.3,MEDIUM,0.0011500000255182385,false,false,false,false,,false,false,2018-01-18T02:00:00.000Z,0
CVE-2016-3482,https://securityvulnerability.io/vulnerability/CVE-2016-3482,,Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.9 and 12.1.3.0 allows remote attackers to affect confidentiality via vectors related to SSL/TLS Module.,Oracle,Http Server,3.7,LOW,0.002469999948516488,false,false,false,false,,false,false,2016-07-21T10:00:00.000Z,0
CVE-2016-0671,https://securityvulnerability.io/vulnerability/CVE-2016-0671,,Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 12.1.2.0 allows remote attackers to affect confidentiality via vectors related to OSSL Module.,Oracle,Http Server,3.7,LOW,0.0016799999866634607,false,false,false,false,,false,false,2016-04-21T10:00:00.000Z,0
CVE-2015-2808,https://securityvulnerability.io/vulnerability/CVE-2015-2808,,"The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the ""Bar Mitzvah"" issue.",Oracle,"Http Server,Integrated Lights Out Manager Firmware,Communications Application Session Controller,Communications Policy Management",,,0.004379999823868275,false,false,false,false,,false,false,2015-04-01T00:00:00.000Z,0
CVE-2013-2566,https://securityvulnerability.io/vulnerability/CVE-2013-2566,,"The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.",Oracle,"Http Server,Integrated Lights Out Manager Firmware,Communications Application Session Controller",5.9,MEDIUM,0.007939999923110008,false,false,false,false,,false,false,2013-03-15T21:55:00.000Z,0
CVE-2008-2614,https://securityvulnerability.io/vulnerability/CVE-2008-2614,,"Unspecified vulnerability in the Oracle HTTP Server component in Oracle Application Server 9.0.4.3, 10.1.2.3, and 10.1.3.3 has unknown impact and remote attack vectors.",Oracle,"Application Server,Oracle Http Server Component,Oracle Application Server",,,0.004800000227987766,false,false,false,false,,false,false,2008-07-15T23:41:00.000Z,0
CVE-2007-0280,https://securityvulnerability.io/vulnerability/CVE-2007-0280,,"Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.2, and 10.1.2.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN01.   NOTE: as of 20070123, Oracle has not disputed claims by a reliable researcher that OPMN01 is for a buffer overflow in Oracle Notification Service (ONS).",Oracle,"Application Server,Collaboration Suite,Http Server",,,0.028459999710321426,false,false,false,false,,false,false,2007-01-17T02:00:00.000Z,0
CVE-2007-0281,https://securityvulnerability.io/vulnerability/CVE-2007-0281,,"Multiple unspecified vulnerabilities in Oracle HTTP Server 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.1, 10.1.2.0.2, 10.1.2.1, and 10.1.3.0; and Collaboration Suite 9.0.4.2 and 10.1.2; have unknown impact and attack vectors related to the Oracle HTTP Server, aka (1) OHS03 and (2) OHS04.",Oracle,"Application Server,Collaboration Suite,Http Server",,,0.01867000013589859,false,false,false,false,,false,false,2007-01-17T02:00:00.000Z,0
CVE-2007-0282,https://securityvulnerability.io/vulnerability/CVE-2007-0282,,"Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.2 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN02.",Oracle,"Application Server,Collaboration Suite,Http Server",,,0.0023300000466406345,false,false,false,false,,false,false,2007-01-17T02:00:00.000Z,0
CVE-2007-0279,https://securityvulnerability.io/vulnerability/CVE-2007-0279,,"Multiple unspecified vulnerabilities in Oracle HTTP Server 9.2.0.8 and Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, aka (1) OHS01, (2) OHS02, (3) OHS05, (4) OHS06, and (5) OHS07.",Oracle,"E-business Suite,Http Server",,,0.05494000017642975,false,false,false,false,,false,false,2007-01-17T02:00:00.000Z,0
CVE-2006-5349,https://securityvulnerability.io/vulnerability/CVE-2006-5349,,"Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, when running on HP Tru64 UNIX, has unknown impact and remote attack vectors related to HTTPS and SSL, aka Vuln# OHS07.",Oracle,Http Server,,,0.009730000048875809,false,false,false,false,,false,false,2006-10-18T01:00:00.000Z,0
CVE-2006-5354,https://securityvulnerability.io/vulnerability/CVE-2006-5354,,"Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and 10.1.0.5, Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0, racle Collaboration Suite 9.0.4.2 and 10.1.2, and Oracle E-Business Suite and Applications 11.5.10CU2 has unknown impact and remote attack vectors, aka Vuln# OHS06.",Oracle,"Application Server,E-business Suite,Http Server,Collaboration Suite",,,0.009730000048875809,false,false,false,false,,false,false,2006-10-18T01:00:00.000Z,0
CVE-2006-5350,https://securityvulnerability.io/vulnerability/CVE-2006-5350,,"Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and Oracle E-Business Suite and Applications 11.5.10CU2 has unknown impact and local attack vectors, aka Vuln# OHS08.",Oracle,"E-business Suite,Http Server",,,0.0009800000116229057,false,false,false,false,,false,false,2006-10-18T01:00:00.000Z,0
CVE-2006-5348,https://securityvulnerability.io/vulnerability/CVE-2006-5348,,"Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, Oracle Collaboration Suite 9.0.4.2, and Oracle E-Business Suite and Applications 11.5.10CU2 has unknown impact and remote attack vectors related to HTTPS and SSL, aka Vuln# OHS05.",Oracle,"E-business Suite,Collaboration Suite,Http Server",,,0.009730000048875809,false,false,false,false,,false,false,2006-10-18T01:00:00.000Z,0