CVE-2020-9314 Scanner

Oracle iPlanet Web Server is a reliable and widely-used web server solution developed by Oracle. It is commonly utilized in commercial and enterprise environments to serve web pages and applications. The server facilitates efficient management and delivers high performance for handling multiple requests. However, the older version 7.0.x of this server has known vulnerabilities, including the current focus on image injection. Organizations using Oracle iPlanet Web Server can benefit from its robust integration capabilities, especially in environments needing consistent and scalable web hosting solutions.

The vulnerability in question is an Image Injection flaw within Oracle iPlanet Web Server 7.0.x. This vulnerability allows attackers to insert malicious images into the Administration console through the productNameSrc parameter. The image injection can lead to phishing attacks or tricking users into providing sensitive information. The flaw exists due to an incomplete fix applied for a previously reported vulnerability, CVE-2012-0516. It highlights the potential risk of interface manipulation when left unaddressed.

The vulnerability is technically associated with the admingui URI in Oracle iPlanet Web Server, particularly concerning the productNameSrc parameter. When exploited, an attacker can use a crafted URL to inject a malicious image into the admin console. This specific flaw can be found in the '/admingui/version/Version' and '/admingui/version/Masthead.jsp' endpoints. It requires minimal interaction, and once executed, it allows attackers to possibly mislead users interacting with the administration interface. The interaction with the image injection could potentially cause malicious content execution.

Exploitation of this image injection vulnerability could result in several negative outcomes. The most significant risks include social engineering attacks, where a user can be misled into providing confidential information due to manipulated visuals. Additionally, attackers could leverage this vulnerability to perform phishing attacks, which could compromise user data. Interface manipulation based on the injected images could also disrupt administrative operations. These attacks might also obscure malicious alterations in the system configuration, leading to further security breaches.

REFERENCES

• https://wwws.nightwatchcybersecurity.com/2020/05/10/two-vulnerabilities-in-oracles-iplanet-web-server-cve-2020-9315-and-cve-2020-9314/
• http://seclists.org/fulldisclosure/2020/May/31
• https://nvd.nist.gov/vuln/detail/CVE-2020-9314