A vulnerability has been reported in Oracle HTTP Server, which can be exploited by malicious, local users to gain escalated privileges. This vulnerability resides in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). The supported version that is aﬀected is 22.214.171.124. The ﬂaw can easily be exploited by a low privileged attacker, with logon to the infrastructure where Oracle HTTP Server executes, to compromise Oracle HTTP Server which can be taken over if the attack is successful.
Oracle HTTP Server 12.x