CVE-2020-9314
published 2020-05-10CVE-2020-9314: ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7.0.x allows image injection in the Administration console via the productNameSrc parameter…
PriorityP271medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.29%
66.7th percentile
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7.0.x allows image injection in the Administration console via the productNameSrc parameter to an admingui URI. This issue exists because of an incomplete fix for CVE-2012-0516. NOTE: a related support policy can be found in the www.oracle.com references attached to this CVE.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oracle | iplanet_web_server | 7.0 – 7.0.27 | — |
Detection & IOCsextracted from sources · hover to see the quote
url/admingui/version/Version?productNameSrc=http://{{interactsh-url}}/test.jpg&productNameHeight=500&productNameWidth=500↗
url/admingui/version/Masthead.jsp?productNameSrc=http://{{interactsh-url}}/test.jpg&productNameHeight=500&productNameWidth=500↗
- →HTTP GET request to /admingui/version/Version or /admingui/version/Masthead.jsp with a remote URL in the productNameSrc parameter triggers an outbound HTTP callback (SSRF/image injection); detect via interactsh or OOB HTTP listener. ↗
- →Successful exploitation returns HTTP 200 with body containing both 'productNameSrc' and 'Oracle iPlanet'; match both strings in the response body as a confirmation signal. ↗
- →Shodan/FOFA fingerprint for exposed Oracle iPlanet Web Server instances: search for banner string 'Oracle-iPlanet-Web-Server' to identify attack surface. ↗
- →The vulnerability parameter is 'productNameSrc' in GET requests to admingui URIs; monitor web/proxy logs for external URLs supplied to this parameter. ↗
- ·This product is no longer supported by Oracle; the vulnerability was assigned while the product was already end-of-life, limiting availability of official patches. ↗
- ·This is an incomplete fix for CVE-2012-0516; detections targeting CVE-2012-0516 may not cover this bypass variant — ensure detection rules specifically target the admingui/version path variants. ↗
- ·Exploitation requires PR:H (high privileges) per CVSS scoring, meaning the attacker must have admin console access; scope detections accordingly to privileged sessions. ↗
CVSS provenance
nvdv3.14.8MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.9MEDIUMAV:N/AC:M/Au:S/C:P/I:P/A:N
vulncheck6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8fc5-c477-8j2w: ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7
ghsa_unreviewed·2022-05-24·CVSS 6.8
CVE-2020-9314 [MEDIUM] CWE-74 GHSA-8fc5-c477-8j2w: ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7.0.x allows image injection in the Administration console via the productNameSrc parameter to an admingui URI. This issue exists because of an incomplete fix for CVE-2012-0516. NOTE: a related support policy can be found in the www.oracle.com references attached to this CVE.
VulnCheck
Oracle iplanet_web_server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
vulncheck·2020·CVSS 6.8
CVE-2020-9314 [MEDIUM] Oracle iplanet_web_server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Oracle iplanet_web_server Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7.0.x allows image injection in the Administration console via the productNameSrc parameter to an admingui URI. This issue exists because of an incomplete fix for CVE-2012-0516. NOTE: a related support policy can be found in the www.oracle.com references attached to this CVE.
Affected: Oracle iplanet_web_server
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://tracker.crowdsec.net/cves/CVE-2020-9314
No detection rules found.
Nuclei
Oracle iPlanet Web Server 7.0.x - Image Injection
nuclei·CVSS 6.8
CVE-2020-9314 [MEDIUM] Oracle iPlanet Web Server 7.0.x - Image Injection
Oracle iPlanet Web Server 7.0.x - Image Injection
Oracle iPlanet Web Server 7.0.x allows image injection in the Administration console via the productNameSrc parameter to an admingui URI. This issue exists because of an incomplete fix for CVE-2012-0516.
Template:
id: CVE-2020-9314
info:
name: Oracle iPlanet Web Server 7.0.x - Image Injection
author: DhiyaneshDk
severity: medium
description: |
Oracle iPlanet Web Server 7.0.x allows image injection in the Administration console via the productNameSrc parameter to an admingui URI. This issue exists because of an incomplete fix for CVE-2012-0516.
impact: |
Attackers can inject malicious images into the admin console, potentially leading to social engineering, phishing attacks, or interface manipulation.
remediation: |
Oracle iPlanet Web Se
Nuclei
Oracle iPlanet Web Server 7.0.x - Authentication Bypass
nuclei·CVSS 7.5
CVE-2020-9315 [HIGH] Oracle iPlanet Web Server 7.0.x - Authentication Bypass
Oracle iPlanet Web Server 7.0.x - Authentication Bypass
Oracle iPlanet Web Server 7.0.x has incorrect access control for admingui/version URIs in the Administration console, as demonstrated by unauthenticated read access to encryption keys. NOTE a related support policy can be found in the www.oracle.com references attached to this CVE.
Template:
id: CVE-2020-9315
info:
name: Oracle iPlanet Web Server 7.0.x - Authentication Bypass
author: dhiyaneshDk
severity: high
description: |
Oracle iPlanet Web Server 7.0.x has incorrect access control for admingui/version URIs in the Administration console, as demonstrated by unauthenticated read access to encryption keys. NOTE a related support policy can be found in the www.oracle.com references attached to this CVE.
impact: |
Successful exploit
No writeups or analysis indexed.
http://seclists.org/fulldisclosure/2020/May/31https://www.oracle.com/support/lifetime-support/https://www.oracle.com/us/assets/lifetime-support-middleware-069163.pdfhttps://wwws.nightwatchcybersecurity.com/2020/05/10/two-vulnerabilities-in-oracles-iplanet-web-server-cve-2020-9315-and-cve-2020-9314/http://seclists.org/fulldisclosure/2020/May/31https://www.oracle.com/support/lifetime-support/https://www.oracle.com/us/assets/lifetime-support-middleware-069163.pdfhttps://wwws.nightwatchcybersecurity.com/2020/05/10/two-vulnerabilities-in-oracles-iplanet-web-server-cve-2020-9315-and-cve-2020-9314/
2020-05-10
Published
Exploited in the wild