http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html

1033907

The version of Oracle HTTP Server installed on the remote host is affected by multiple vulnerabilities :

  - (CVE-2003-1418)

  - A denial of service vulnerability exists in libxml2,     related to the xmlParserHandlePEReference() function in     file parser.c, due to loading external parameter     entities without regard to entity substitution or     validation being enabled, as in the case of entity     substitution in the doctype prolog. An unauthenticated,     remote attacker can exploit this, via specially crafted     XML content, to exhaust the system CPU, memory, or file     descriptor resources. (CVE-2014-0191)

  - An unspecified vulnerability exists in the Web Listener     component that allows an unauthenticated, remote     attacker to impact availability. (CVE-2015-1829)

  -  (CVE-2015-2808)

  - An unspecified vulnerability exists in the OSSL Module     that allows an unauthenticated, remote attacker to     impact confidentiality. (CVE-2015-4812)

  - An unspecified vulnerability exists in the Web Listener     component that allows an authenticated, remote attacker     to impact confidentiality. (CVE-2015-4914)

  - (CVE-2016-2183)

CVE-2015-4812

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Tenable Plugins