CVE-2018-2561

3 documents3 sources
Severity
5.3MEDIUM
EPSS
2.3%
top 15.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Oracle Corporation Http ServerOracle Http Server
Timeline
PublishedJan 18
Latest updateMay 14

Description

Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server. CVSS 3.0 B

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDoracle/http_server5 versions+4
CVEListV5oracle_corporation/http_server5 versions+4

Patches

Patch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

2
GHSA
GHSA-hcwc-38vw-2h96: Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener)2022-05-14
CVEList
CVE-2018-2561: Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener)2018-01-18
CVE-2018-2561 (MEDIUM CVSS 5.3) | Vulnerability in the Oracle HTTP Se | cvebase.io