SB2020052539 - Information disclosure in Oracle HTTP Server
Published: May 25, 2020
Security Bulletin ID
SB2020052539
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Information disclosure (CVE-ID: CVE-2015-3195)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists in the ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL. A remote attacker can gain unauthorized access to sensitive information from process memory by triggering a decoding failure in a PKCS#7 or CMS application.
Remediation
Install update from vendor's website.