ID CVE-2015-1829
Summary Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 10.1.3.5, 11.1.1.7, 11.1.1.9, 12.1.2.0, and 12.1.3.0 allows remote attackers to affect availability via unknown vectors related to Web Listener.
References
Vulnerable Configurations
  • Oracle Fusion Middleware 10g 10.1.3.5
    cpe:2.3:a:oracle:fusion_middleware:10.1.3.5
  • Oracle Fusion Middleware 11.1.1.7
    cpe:2.3:a:oracle:fusion_middleware:11.1.1.7
  • Oracle Fusion Middleware 11.1.1.9
    cpe:2.3:a:oracle:fusion_middleware:11.1.1.9
  • Oracle Fusion Middleware 12.1.2.0
    cpe:2.3:a:oracle:fusion_middleware:12.1.2.0
  • Oracle Fusion Middleware 12.1.3.0
    cpe:2.3:a:oracle:fusion_middleware:12.1.3.0
CVSS
Base: 5.0 (as of 26-05-2016 - 08:50)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Web Servers
    NASL id ORACLE_HTTP_SERVER_CPU_OCT_2015.NASL
    description The version of Oracle HTTP Server installed on the remote host is affected by multiple vulnerabilities : - (CVE-2003-1418) - A denial of service vulnerability exists in libxml2, related to the xmlParserHandlePEReference() function in file parser.c, due to loading external parameter entities without regard to entity substitution or validation being enabled, as in the case of entity substitution in the doctype prolog. An unauthenticated, remote attacker can exploit this, via specially crafted XML content, to exhaust the system CPU, memory, or file descriptor resources. (CVE-2014-0191) - An unspecified vulnerability exists in the Web Listener component that allows an unauthenticated, remote attacker to impact availability. (CVE-2015-1829) - (CVE-2015-2808) - An unspecified vulnerability exists in the OSSL Module that allows an unauthenticated, remote attacker to impact confidentiality. (CVE-2015-4812) - An unspecified vulnerability exists in the Web Listener component that allows an authenticated, remote attacker to impact confidentiality. (CVE-2015-4914) - (CVE-2016-2183)
    last seen 2019-01-16
    modified 2018-07-16
    plugin id 86569
    published 2015-10-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86569
    title Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities (October 2015 CPU)
  • NASL family Web Servers
    NASL id IBM_HTTP_SERVER_PI39833.NASL
    description According to its banner, the version of IBM HTTP Server running on the remote host is potentially affected by a denial of service vulnerability due to an error related to the included Apache Portable Runtime (APR) and named pipe handling. A local attacker, using a 'named pipe squatting attack' from a local process, can exploit this to cause a denial of service. This issue only affects IBM HTTP Server on Windows. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Also note that Nessus has not attempted to determine if the 'PI39833' interim fix or a later patch has been applied. If a patch has already been applied, consider this a false positive.
    last seen 2019-01-16
    modified 2018-07-12
    plugin id 84290
    published 2015-06-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84290
    title IBM HTTP Server on Windows Apache Portable Runtime (APR) Named Pipe DoS
  • NASL family Web Servers
    NASL id WEBSPHERE_CVE-2015-1829.NASL
    description The IBM HTTP Server running on the remote host is version 6.0 prior to or equal to 6.0.2.43, 6.1 prior to or equal to 6.1.0.47, 7.0 prior to 7.0.0.39, 8.0 prior to 8.0.0.11, or 8.5 prior to 8.5.5.7. It is, therefore, affected by a flaw in the Apache Portable Runtime (APR) that is triggered when an APR application is using APR named pipe support on Windows. A local attacker can exploit this to conduct a pipe squatting attack from a local process.
    last seen 2019-01-16
    modified 2018-08-06
    plugin id 86019
    published 2015-09-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86019
    title IBM HTTP Server 6.0 <= 6.0.2.43 (FP43) / 6.1 <= 6.1.0.47 (FP47) / 7.0 < 7.0.0.39 (FP39) / 8.0 < 8.0.0.11 (FP11) / 8.5 < 8.5.5.7 (FP7) Named Pipe DoS
refmap via4
bid 75164
confirm
sectrack 1032617
Last major update 29-11-2016 - 21:59
Published 21-10-2015 - 17:59
Back to Top