cbcvebase.
CVE-2020-9314
published 2020-05-10

CVE-2020-9314: ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7.0.x allows image injection in the Administration console via the productNameSrc parameter…

PriorityP271medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.29%
66.7th percentile
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7.0.x allows image injection in the Administration console via the productNameSrc parameter to an admingui URI. This issue exists because of an incomplete fix for CVE-2012-0516. NOTE: a related support policy can be found in the www.oracle.com references attached to this CVE.

Affected

1 ranges
VendorProductVersion rangeFixed in
oracleiplanet_web_server7.0 – 7.0.27

Detection & IOCsextracted from sources · hover to see the quote

url/admingui/version/Version?productNameSrc=http://{{interactsh-url}}/test.jpg&productNameHeight=500&productNameWidth=500
url/admingui/version/Masthead.jsp?productNameSrc=http://{{interactsh-url}}/test.jpg&productNameHeight=500&productNameWidth=500
path/admingui/version/Version
path/admingui/version/Masthead.jsp
  • HTTP GET request to /admingui/version/Version or /admingui/version/Masthead.jsp with a remote URL in the productNameSrc parameter triggers an outbound HTTP callback (SSRF/image injection); detect via interactsh or OOB HTTP listener.
  • Successful exploitation returns HTTP 200 with body containing both 'productNameSrc' and 'Oracle iPlanet'; match both strings in the response body as a confirmation signal.
  • Shodan/FOFA fingerprint for exposed Oracle iPlanet Web Server instances: search for banner string 'Oracle-iPlanet-Web-Server' to identify attack surface.
  • The vulnerability parameter is 'productNameSrc' in GET requests to admingui URIs; monitor web/proxy logs for external URLs supplied to this parameter.
  • ·This product is no longer supported by Oracle; the vulnerability was assigned while the product was already end-of-life, limiting availability of official patches.
  • ·This is an incomplete fix for CVE-2012-0516; detections targeting CVE-2012-0516 may not cover this bypass variant — ensure detection rules specifically target the admingui/version path variants.
  • ·Exploitation requires PR:H (high privileges) per CVSS scoring, meaning the attacker must have admin console access; scope detections accordingly to privileged sessions.

CVSS provenance

nvdv3.14.8MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.9MEDIUMAV:N/AC:M/Au:S/C:P/I:P/A:N
vulncheck6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.