#VU27700 Code Injection in Sun ONE/iPlanet Web Server - CVE-2020-9314
Published: May 12, 2020
Vulnerability identifier: #VU27700
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2020-9314
CWE-ID: CWE-94
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Sun ONE/iPlanet Web Server
Sun ONE/iPlanet Web Server
Software vendor:
Sun
Sun
Description
The vulnerability allows a remote attacker to perform a phishing attack.
The vulnerability exists due to improper input validation when processing HTTP requests within the "/admingui/version/" URL in the Administration Console. A remote attacker can send a specially crafted request and permanently inject arbitrary images.
Note, this vulnerability exists due to incomplete fix of SB2012050302 (CVE-2012-0516).
Remediation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Note, this product is no longer supported by the vendor.