cbcvebase.
CVE-2020-9315
published 2020-05-10

CVE-2020-9315: ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7.0.x has Incorrect Access Control for admingui/version URIs in the Administration console…

PriorityP274high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
81.81%
99.6th percentile
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7.0.x has Incorrect Access Control for admingui/version URIs in the Administration console, as demonstrated by unauthenticated read access to encryption keys. NOTE: a related support policy can be found in the www.oracle.com references attached to this CVE.

Affected

1 ranges
VendorProductVersion rangeFixed in
oracleiplanet_web_server7.0 – 7.0.27

Detection & IOCsextracted from sources · hover to see the quote

url/admingui/version/serverTasksGeneral?serverTasksGeneral.GeneralWebserverTabs.TabHref=2
url/admingui/version/serverConfigurationsGeneral?serverConfigurationsGeneral.GeneralWebserverTabs.TabHref=4
path/admingui/version/
sigma
matchers: words: ['Admin Console'] AND words: ['serverConfigurationsGeneral' OR 'serverCertificatesGeneral'] AND status: 200
  • Unauthenticated HTTP GET requests to /admingui/version/* URIs returning HTTP 200 with 'Admin Console' in the body indicate successful authentication bypass exploitation of CVE-2020-9315.
  • Response body containing both 'Admin Console' and either 'serverConfigurationsGeneral' or 'serverCertificatesGeneral' on a 200 OK confirms the authentication bypass is successful and encryption key material may be exposed.
  • Shodan/FOFA fingerprint for exposed Oracle iPlanet Web Server instances: search for cpe:"cpe:2.3:a:oracle:iplanet_web_server" to identify attack surface.
  • ·Oracle iPlanet Web Server 7.0.x is end-of-life and unsupported; Oracle will not issue patches. The CVE was assigned with a 'PRODUCT NOT SUPPORTED WHEN ASSIGNED' note.
  • ·The two exploit paths target different admingui/version sub-URIs; both must be tested as the vulnerability may be present on either endpoint.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.