Text Form of Oracle Security Alert - CVE-2011-3192 Risk Matrix



This document provides the text form of the CVE-2011-3192 Advisory Risk Matrix. Please note that the CVE number in this document correspond to the same CVE number in the CVE-2011-3192 Advisory

This page contains the following text format Risk Matrix:

 

Text Form of Risk Matrix for Oracle Fusion Middleware


This table provides the text form of the Risk Matrix for Oracle Fusion Middleware.

CVE IdentifierDescription
CVE-2011-3192Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware. Supported versions that are affected are 10.1.2.3 (Companion CD), 10.1.3.5 (Companion CD), 11.1.1.3, 11.1.1.4 and 11.1.1.5. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle HTTP Server.

Note: The National Vulnerability Database has reported a CVSS Base Score for this vulnerability of 7.8 indicating a complete Operating System denial of service (DOS); however a complete Operating System denial of service is not possible on any platform supported by Oracle, and as a result, Oracle has given the vulnerability a CVSS Base Score of 5.0 indicating a complete denial of service of the Oracle HTTP Server but not the Operating System.

CVSS Base Score 5.0 (Availability impacts). CVSS V2 Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P). (legend) [Advisory]