Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 17, 2023Severity High Analysis Summary Chaos is a customizable ransomware builder that emerged on June 9 2021 (in underground forums) by falsely marketing itself as the .NET […]March 17, 2023Severity High Analysis Summary CVE-2023-26361 CVSS:4.9 Adobe ColdFusion could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially […]March 17, 2023Severity Medium Analysis Summary Ursnif banking trojan also known as Gozi and Dreambot has been around for more than 10 years. It gained popularity in 2015 […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Platform
Managed Security Services
Managed Penetration Testing
Rewterz penetration testing services help organizations determine if a cyber attacker can gain access to their critical assets while giving them detailed insights of the overall business impact of a cyber attack.
Resources
March 17, 2023Severity High Analysis Summary Chaos is a customizable ransomware builder that emerged on June 9 2021 (in underground forums) by falsely marketing itself as the .NET […]March 17, 2023Severity High Analysis Summary CVE-2023-26361 CVSS:4.9 Adobe ColdFusion could allow a remote authenticated attacker to traverse directories on the system. An attacker could send a specially […]March 17, 2023Severity Medium Analysis Summary Ursnif banking trojan also known as Gozi and Dreambot has been around for more than 10 years. It gained popularity in 2015 […]Threat Insights
Before Rewterz got its start, the market was in dire need of a specialized and dedicated information security company. It was nearly impossible for businesses to find a trustworthy provider that could truly cover all of their bases. We wanted to meet this need, giving companies across the globe a chance to get ahead while knowing that their data is in good hands.
Connect with Us
Rewterz Threat Advisory – Oracle Java SE Embedded Multiple Vulnerabilities
October 17, 2018Rewterz Threat Advisory – CVE-2018-6974, CVE-2018-3646 – VMware ESXi Multiple Vulnerabilities
October 18, 2018
CVE-2018-1000122, CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000300, CVE-2018-1000301
Oracle has released updates for fixing multiple vulnerabilities in Oracle HTTP Server.
IMPACT: MEDIUM
PUBLISH DATE: 18-10-2018
OVERVIEW
Multiple vulnerabilities have been reported in Oracle HTTP Server. People with malicious intent can exploit these vulnerabilities to disclose potentially sensitive information, launch Denial of Service attacks and compromise a vulnerable system.
ANALYSIS
Following vulnerabilities have been found in Oracle HTTP Server.
CVE-2018-1000122
A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code. This vulnerability allows an attacker to leak information or induce a Denial of Service condition.
CVE-2018-1000120
A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 when it handles FTP URL. This may lead to Denial of Service or far worse consequences.
CVE-2018-1000121
A NULL pointer deference in curl 7.21.0 to and including curl 7.58.0 in the LDAP code may allow an attacker to cause a Denial of Service.
CVE-2018-1000300
Curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more. This may lead curl to overflow a heap-based memory buffer when closing down an FTP connection with very long server command replies. Fixed versions for this vulnerability are curl < 7.54.1 and curl >= 7.60.0.
CVE-2018-1000301
CURL version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service. Curl can be tricked into reading data beyond the end of a heap-based buffer used to store downloaded RTSP content.
CURL versions < 7.20.0 and curl >= 7.60.0 have been fixed for this vulnerability.
AFFECTED PRODUCTS
Oracle HTTP Server 12.x
UPDATES
Apply relevant updates to avoid being a potential victim of successful exploitation of these vulnerabilities.
https://support.oracle.com/rs?type=doc&id=2433477.1
(users will need to login to access the link)