Volerion logoVolerion
Volerion logoVolerion

Oracle HTTP Server and WebLogic Server Proxy Plug-in Vulnerability Allowing Unauthenticated Data Access and Modification

Vulnerability

A vulnerability exists in Oracle HTTP Server and the Oracle WebLogic Server Proxy Plug-in for Apache HTTP Server and IIS, specifically in versions 12.2.1.4.0, 14.1.1.0.0, and 14.1.2.0.0. This easily exploitable vulnerability allows an unauthenticated attacker with network access via HTTP to compromise the affected server. While the vulnerability originates in Oracle HTTP Server, the impact extends to additional products, leading to unauthorized creation, deletion, or modification of critical data. It also allows unauthorized access to critical data or complete access to all data accessible through the affected Oracle HTTP Server or WebLogic Server Proxy Plug-in.

Impact

Exploitation of this vulnerability could result in unauthorized access to, and modification of, critical data, or all data accessible through the affected Oracle HTTP Server or WebLogic Server Proxy Plug-in.

Added: Jan 20, 2026, 10:56 PM
Updated: Jan 20, 2026, 10:56 PM

Vulnerability Rating

Custom Algorithm
spread
6.4
impact
1.7
exploitability
7.2
remediation
0.0
relevance
2.3
threat
0.0
urgency
2.9
incentive
4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.