CVE-2017-10055 : Vulnerability in the Oracle iPlanet Web Server component of Oracle Fusion Middle

Vulnerability in the Oracle iPlanet Web Server component of Oracle Fusion Middleware (subcomponent: Admin Graphical User Interface). The supported version that is affected is 7.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iPlanet Web Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iPlanet Web Server, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iPlanet Web Server accessible data as well as unauthorized read access to a subset of Oracle iPlanet Web Server accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).

Published 2017-10-19 17:29:01

Updated 2019-10-03 00:03:26

Source Oracle

View at NVD, CVE.org

Products affected by CVE-2017-10055

Oracle » Iplanet Web Server » Version: 7.0
cpe:2.3:a:oracle:iplanet_web_server:7.0:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2017-10055

Top countries where our scanners detected CVE-2017-10055

Top open port discovered on systems with this issue 443

IPs affected by CVE-2017-10055 769

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2017-10055!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2017-10055

EPSS FAQ

0.39%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 57 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2017-10055

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
5.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:N	8.6	4.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None
6.1	MEDIUM	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N	2.8	2.7	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Changed Confidentiality: Low Integrity: Low Availability: None

References for CVE-2017-10055

http://www.securityfocus.com/bid/101374

Oracle iPlanet Web Server CVE-2017-10055 Remote Security Vulnerability
Third Party Advisory;VDB Entry
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html

Oracle Critical Patch Update - October 2017
Patch;Vendor Advisory

CVEs referencing this url
http://www.securitytracker.com/id/1039605

Oracle iPlanet Web Server Flaw in Admin GUI Lets Remote Users Partially Access and Modify Data on the Target System - SecurityTracker
Third Party Advisory;VDB Entry

Jump to

Vulnerability Details : CVE-2017-10055

Products affected by CVE-2017-10055

Threat overview for CVE-2017-10055

Exploit prediction scoring system (EPSS) score for CVE-2017-10055

CVSS scores for CVE-2017-10055

References for CVE-2017-10055