cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-21498,https://securityvulnerability.io/vulnerability/CVE-2025-21498,Vulnerability in Oracle HTTP Server of Oracle Fusion Middleware,"An improper access control vulnerability exists in the Oracle HTTP Server component of Oracle Fusion Middleware. This flaw may be exploited by an unauthenticated attacker with network access via HTTP, potentially allowing unauthorized read access to sensitive data. Affected versions include Oracle Fusion Middleware 12.2.1.4.0, which is susceptible to compromise, highlighting the importance of applying available security updates.",Oracle,Oracle Http Server,5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:52:54.938Z,0
CVE-2024-20991,https://securityvulnerability.io/vulnerability/CVE-2024-20991,Unauthenticated Access Vulnerability in Oracle HTTP Server by Oracle,"A significant vulnerability has been identified in Oracle HTTP Server, part of Oracle Fusion Middleware, specifically within the Web Listener component. This vulnerability allows an unauthenticated attacker, armed with basic network access via HTTP, to compromise the Oracle HTTP Server. Successful exploitation can lead to unauthorized read access to specific data that is available through the server, potentially exposing sensitive information. It is crucial for organizations using the affected version, 12.2.1.4.0, to assess their security posture and implement protective measures.",Oracle,Http Server,5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-16T22:15:00.000Z,0
CVE-2023-22019,https://securityvulnerability.io/vulnerability/CVE-2023-22019,Remote Code Execution Vulnerability in Oracle HTTP Server by Oracle,"An easily exploitable vulnerability in Oracle HTTP Server, part of Oracle Fusion Middleware's Web Listener component, allows an unauthenticated attacker with network access via HTTP to compromise the server. Exploitation can lead to unauthorized access to sensitive data, jeopardizing the confidentiality of information managed by Oracle HTTP Server, particularly in version 12.2.1.4.0. Administrators are urged to apply available patches promptly to mitigate risks.",Oracle,Http Server,7.5,HIGH,0.0006099999882280827,false,,false,false,false,,,false,false,,2023-10-17T22:15:00.000Z,0
CVE-2022-21593,https://securityvulnerability.io/vulnerability/CVE-2022-21593,Unauthenticated Network Access Vulnerability in Oracle HTTP Server by Oracle,"An unauthenticated access vulnerability exists in the Oracle HTTP Server component of Oracle Fusion Middleware. This vulnerabilities allows an attacker with network access via HTTP to exploit the server, provided there is human interaction from a third party. If successfully exploited, this vulnerability can lead to unauthorized access to sensitive data and the potential for unauthorized modifications to Oracle HTTP Server accessible data.",Oracle,Http Server,7.1,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2022-10-18T00:00:00.000Z,0
CVE-2021-35666,https://securityvulnerability.io/vulnerability/CVE-2021-35666,Unauthenticated Network Vulnerability in Oracle HTTP Server by Oracle,"A vulnerability in Oracle HTTP Server, part of Oracle Fusion Middleware, could be exploited by unauthenticated attackers with network access via HTTPS. This flaw allows for potential unauthorized access to sensitive data or complete control over all data accessible through the server. It primarily affects version 11.1.1.9.0 of the Oracle HTTP Server, emphasizing the importance of updating and securing server configurations to mitigate such risks.",Oracle,Http Server,5.9,MEDIUM,0.0038399999029934406,false,,false,false,false,,,false,false,,2021-10-20T10:51:42.000Z,0
CVE-2021-2480,https://securityvulnerability.io/vulnerability/CVE-2021-2480,Vulnerability in Oracle HTTP Server of Oracle Fusion Middleware,"This vulnerability exists in the Oracle HTTP Server component of Oracle Fusion Middleware, allowing an unauthenticated attacker with network access via HTTP to exploit the service. The vulnerability can lead to unauthorized updates, insertions, or deletions of data accessible by the Oracle HTTP Server. It emphasizes the need for secure configurations and vigilant monitoring to prevent exploitation.",Oracle,Http Server,3.7,LOW,0.0008999999845400453,false,,false,false,false,,,false,false,,2021-10-20T10:49:44.000Z,0
CVE-2021-2315,https://securityvulnerability.io/vulnerability/CVE-2021-2315,Unauthenticated Access Vulnerability in Oracle HTTP Server by Oracle,"An unauthenticated access vulnerability exists in the Oracle HTTP Server component of Oracle Fusion Middleware. This weakness allows attackers with network access to exploit the server, potentially leading to unauthorized updates, deletions, or reading of sensitive data. Although successful attacks require human interaction, the implications on the confidentiality and integrity of the data can be significant, highlighting the need for immediate mitigation strategies.",Oracle,Http Server,5.4,MEDIUM,0.0009500000160187483,false,,false,false,false,,,false,false,,2021-04-22T21:54:02.000Z,0
CVE-2020-2952,https://securityvulnerability.io/vulnerability/CVE-2020-2952,Oracle HTTP Server Vulnerability in Fusion Middleware,"This vulnerability affects the Oracle HTTP Server within Oracle Fusion Middleware, specifically targeting the Web Listener component. It allows unauthenticated attackers with network access via HTTP to exploit the server, potentially leading to unauthorized updates, inserts, or deletions of accessible data. Additionally, attackers might gain unauthorized read access to sensitive data hosted on Oracle HTTP Server, highlighting the critical need for patching and mitigation strategies.",Oracle,Http Server,6.5,MEDIUM,0.0008900000248104334,false,,false,false,false,,,false,false,,2020-04-15T13:29:54.000Z,0
CVE-2020-2530,https://securityvulnerability.io/vulnerability/CVE-2020-2530,Vulnerability in Oracle HTTP Server of Oracle Fusion Middleware,"An exploitable vulnerability exists in the Oracle HTTP Server component of Oracle Fusion Middleware, which allows unauthenticated attackers with network access to compromise the server. Successful exploitation may require interaction from a third party and can lead to unauthorized access to sensitive data, including the ability to update, insert, or delete information. This vulnerability can also potentially impact connected products significantly.",Oracle,Http Server,6.1,MEDIUM,0.0008299999753944576,false,,false,false,false,,,false,false,,2020-01-15T16:33:59.000Z,0
CVE-2019-2751,https://securityvulnerability.io/vulnerability/CVE-2019-2751,Vulnerability in Oracle HTTP Server Component of Oracle Fusion Middleware,"A vulnerability exists in the Oracle HTTP Server component of Oracle Fusion Middleware, specifically within the OHS Config MBeans. Network attackers with HTTPS access can exploit this vulnerability to gain unauthorized access, potentially compromising sensitive data. Successful exploitation enables attackers to access all data handled by the Oracle HTTP Server, raising significant security concerns for affected organizations.",Oracle,Http Server,5.9,MEDIUM,0.0026599999982863665,false,,false,false,false,,,false,false,,2019-07-23T23:15:00.000Z,0
CVE-2019-2414,https://securityvulnerability.io/vulnerability/CVE-2019-2414,,"Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). The supported version that is affected is 12.2.1.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle HTTP Server executes to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in takeover of Oracle HTTP Server. CVSS 3.0 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",Oracle,Http Server,7.8,HIGH,0.00044999999227002263,false,,false,false,false,,,false,false,,2019-01-16T19:00:00.000Z,0
CVE-2018-2760,https://securityvulnerability.io/vulnerability/CVE-2018-2760,,Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: OSSL Module). Supported versions that are affected are 12.1.3 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle HTTP Server accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).,Oracle,Http Server,5.9,MEDIUM,0.001500000013038516,false,,false,false,false,,,false,false,,2018-04-19T02:00:00.000Z,0
CVE-2018-2561,https://securityvulnerability.io/vulnerability/CVE-2018-2561,,"Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).",Oracle,Http Server,5.3,MEDIUM,0.0011500000255182385,false,,false,false,false,,,false,false,,2018-01-18T02:00:00.000Z,0
CVE-2016-3482,https://securityvulnerability.io/vulnerability/CVE-2016-3482,,Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.9 and 12.1.3.0 allows remote attackers to affect confidentiality via vectors related to SSL/TLS Module.,Oracle,Http Server,3.7,LOW,0.002469999948516488,false,,false,false,false,,,false,false,,2016-07-21T10:00:00.000Z,0
CVE-2016-0671,https://securityvulnerability.io/vulnerability/CVE-2016-0671,,Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 12.1.2.0 allows remote attackers to affect confidentiality via vectors related to OSSL Module.,Oracle,Http Server,3.7,LOW,0.0016799999866634607,false,,false,false,false,,,false,false,,2016-04-21T10:00:00.000Z,0
CVE-2015-2808,https://securityvulnerability.io/vulnerability/CVE-2015-2808,,"The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing network traffic that occasionally relies on keys affected by the Invariance Weakness, and then using a brute-force approach involving LSB values, aka the ""Bar Mitzvah"" issue.",Oracle,"Http Server,Integrated Lights Out Manager Firmware,Communications Application Session Controller,Communications Policy Management",,,0.004379999823868275,false,,false,false,false,,,false,false,,2015-04-01T00:00:00.000Z,0
CVE-2013-2566,https://securityvulnerability.io/vulnerability/CVE-2013-2566,,"The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.",Oracle,"Http Server,Integrated Lights Out Manager Firmware,Communications Application Session Controller",5.9,MEDIUM,0.005609999876469374,false,,false,false,false,,,false,false,,2013-03-15T21:55:00.000Z,0
CVE-2008-2614,https://securityvulnerability.io/vulnerability/CVE-2008-2614,,"Unspecified vulnerability in the Oracle HTTP Server component in Oracle Application Server 9.0.4.3, 10.1.2.3, and 10.1.3.3 has unknown impact and remote attack vectors.",Oracle,"Application Server,Oracle Http Server Component,Oracle Application Server",,,0.006800000090152025,false,,false,false,false,,,false,false,,2008-07-15T23:41:00.000Z,0
CVE-2007-0280,https://securityvulnerability.io/vulnerability/CVE-2007-0280,,"Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.2, and 10.1.2.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN01.   NOTE: as of 20070123, Oracle has not disputed claims by a reliable researcher that OPMN01 is for a buffer overflow in Oracle Notification Service (ONS).",Oracle,"Application Server,Collaboration Suite,Http Server",,,0.028459999710321426,false,,false,false,false,,,false,false,,2007-01-17T02:00:00.000Z,0
CVE-2007-0279,https://securityvulnerability.io/vulnerability/CVE-2007-0279,,"Multiple unspecified vulnerabilities in Oracle HTTP Server 9.2.0.8 and Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, aka (1) OHS01, (2) OHS02, (3) OHS05, (4) OHS06, and (5) OHS07.",Oracle,"E-business Suite,Http Server",,,0.05494000017642975,false,,false,false,false,,,false,false,,2007-01-17T02:00:00.000Z,0
CVE-2007-0282,https://securityvulnerability.io/vulnerability/CVE-2007-0282,,"Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.2 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN02.",Oracle,"Application Server,Collaboration Suite,Http Server",,,0.0023300000466406345,false,,false,false,false,,,false,false,,2007-01-17T02:00:00.000Z,0
CVE-2007-0281,https://securityvulnerability.io/vulnerability/CVE-2007-0281,,"Multiple unspecified vulnerabilities in Oracle HTTP Server 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.1, 10.1.2.0.2, 10.1.2.1, and 10.1.3.0; and Collaboration Suite 9.0.4.2 and 10.1.2; have unknown impact and attack vectors related to the Oracle HTTP Server, aka (1) OHS03 and (2) OHS04.",Oracle,"Application Server,Collaboration Suite,Http Server",,,0.01867000013589859,false,,false,false,false,,,false,false,,2007-01-17T02:00:00.000Z,0
CVE-2006-5354,https://securityvulnerability.io/vulnerability/CVE-2006-5354,,"Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and 10.1.0.5, Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0, racle Collaboration Suite 9.0.4.2 and 10.1.2, and Oracle E-Business Suite and Applications 11.5.10CU2 has unknown impact and remote attack vectors, aka Vuln# OHS06.",Oracle,"Application Server,E-business Suite,Http Server,Collaboration Suite",,,0.009730000048875809,false,,false,false,false,,,false,false,,2006-10-18T01:00:00.000Z,0
CVE-2006-5346,https://securityvulnerability.io/vulnerability/CVE-2006-5346,,"Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, as used in Oracle Collaboration Suite 9.0.4.2 and Oracle E-Business Suite and Applications 11.5.10CU2, has unknown impact and remote attack vectors related to htdigest, aka Vuln# OHS02.",Oracle,"E-business Suite,Collaboration Suite,Http Server",,,0.006829999852925539,false,,false,false,false,,,false,false,,2006-10-18T01:00:00.000Z,0
CVE-2006-5350,https://securityvulnerability.io/vulnerability/CVE-2006-5350,,"Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and Oracle E-Business Suite and Applications 11.5.10CU2 has unknown impact and local attack vectors, aka Vuln# OHS08.",Oracle,"E-business Suite,Http Server",,,0.0009800000116229057,false,,false,false,false,,,false,false,,2006-10-18T01:00:00.000Z,0