Security News > 2020 > May > Unpatched Bugs in Oracle iPlanet Open Door to Info-Disclosure, Injection
A pair of vulnerabilities in Oracle's iPlanet Web Server have been disclosed that can lead to sensitive data exposure and image injections onto web pages if exploited.
The bugs are specifically found in the web administration console of iPlanet version 7, which has reached end-of-life and is no longer supported - hence no patches.
Oracle pointed the researchers to its EOL statement when the bug report was submitted.
"Thank you for your report regarding Oracle iPlanet Web Server 7.0.x, which is no longer supported by Oracle," said the vendor.
"Since Oracle no longer supports Oracle iPlanet Web Server 7.0.x, the policy is that there is no coordinated disclosure involving Oracle. Reporters who discover security vulnerabilities in products that Oracle no longer supports are free to disclose vulnerability details without Oracle participation."
News URL
https://threatpost.com/unpatched-bugs-oracle-iplanet/155639/