Top
image credit: Christoph Scholz / Flickr

Data leak, phishing security flaws disclosed in Oracle iPlanet Web Server

May 11, 2020

Via: ZDnet
Category:

A set of vulnerabilities impacting Oracle’s iPlanet Web Server has been disclosed by researchers.

Tracked as CVE-2020-9315 and CVE-2020-9314, the security flaws allow for sensitive data exposure and limited injection attacks.

First discovered by Nightwatch Cybersecurity researchers on January 19, 2020, the issues were found in the web administration console of the enterprise server management system.

CVE-2020-9315 permits the read of any page within the console, without authentication, by simply replacing an admin GUI URL for the target page. The researchers say that this bug could result in the leak of sensitive data, including configuration information and encryption keys.

Read More on ZDnet

RELATED PUBLICATIONS

Focusing on the wrong open source issues
7 innovative ways to use low-code tools and platforms
How to upstream code to open source projects

Latest Publications

US Senate passes bill to ban TikTok: Here’s what happens now
Is the Arm version of Windows ready for its close-up?
Gemini Code Assist to Create APIs, Integrations, and Automation Flows in Public Preview
Software Curated Copyright © 2024. All rights reserved
Go to ITCurated!