.. / CVE-2020-9315

Exploit for Oracle iPlanet Web Server 7.0.x - Authentication Bypass (CVE-2020-9315)

Description:

Oracle iPlanet Web Server 7.0.x has incorrect access control for admingui/version URIs in the Administration console, as demonstrated by unauthenticated read access to encryption keys. NOTE a related support policy can be found in the www.oracle.com references attached to this CVE.

Nuclei Template

View the template here CVE-2020-9315.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-9315.yaml

References:

https://www.oracle.com/support/lifetime-support/
https://www.cvebase.com/cve/2020/9315
https://wwws.nightwatchcybersecurity.com/2020/05/10/two-vulnerabilities-in-oracles-iplanet-web-server-cve-2020-9315-and-cve-2020-9314/
https://www.oracle.com/us/assets/lifetime-support-middleware-069163.pdf
https://nvd.nist.gov/vuln/detail/CVE-2020-9315

.. / CVE-2020-9315 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Oracle iPlanet Web Server 7.0.x - Authentication Bypass (CVE-2020-9315)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2020-9315