Japan Vulnerability NotesJVN:93541851JVN#93541851: Oracle WebLogic Server vulnerable to HTTP header injection
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
17.8%
Oracle WebLogic Server provided by Oracle contains an HTTP header injection vulnerability (CWE-113).
Impact
This vulnerability could be exploited by a remote attacker to conduct a cross-site scripting attack, etc., and as a result, the displayed page may be altered or an arbitrary script may be executed on the web browser of the user who is using the product.
Solution
Update the software
Update the software to the latest version according to the information provided by the developer.
Products Affected
- Oracle WebLogic Server 12.2.1.4.0
- Oracle WebLogic Server 14.1.1.0.0
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
17.8%