The versions of HTTP Server installed on the remote host are affected by multiple vulnerabilities as referenced in the July 2024 CPU advisory:

  - Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (zlib)). The     supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker     with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result     in takeover of Oracle HTTP Server. (CVE-2023-45853)

  - Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (LibExpat)). The     supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker     with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result     in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle HTTP Server.
    (CVE-2023-52425)

  - Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: SSL Module (libxml2)). The     supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker     with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result     in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle HTTP Server.
    (CVE-2024-25062)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Detections

Analytics

Oracle HTTP Server (July 2024 CPU)

critical Nessus Plugin ID 202723

Version 1.3

Version 1.2

Version 1.1

Version 1.3 Oct 18, 2024, 8:22 PM IAVM reference STIG Severity Plugin Feed: 202410182022
Version 1.2 Jul 22, 2024, 12:05 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Exploit attributes ("Exploit available" set to "True") Exploit attributes ("Exploitability ease" set to "Exploits are available") Plugin Feed: 202407221205
Version 1.1 Jul 19, 2024, 11:40 PM New Plugin Feed: 202407192340