Vulnerable versions are susceptible to DDoS attacks. DDoS attacks may cause Oracle Coherence to stop responding to requests from clients, resulting in potential outages. Note: In the case of Oracle Coherence version 12.2.1.3.0 and below, there are a few different types of issue that might be exploited by attackers. Following shows a type of issue that can be exploited by attackers. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Vulnerable versions are susceptible to DDoS attacks. DDoS attacks may cause Oracle Coherence to stop responding to requests from clients, resulting in potential outages. Note: In the case of Oracle Coherence version 12.2.1.3.0 and below, there are a few different types of issue that might be exploited by attackers. Following shows a type of issue that can be exploited by attackers. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Vulnerable versions are susceptible to DDoS
Oracle Coherence DDoS Protection
Oracle Coherence DDoS Protection is the first of its kind to offer a DDoS mitigation capability. Oracle Coherence DDoS Protection offers a unified and holistic approach to provide intelligent protection against various types of network attacks. Oracle Coherence DDoS Protection is scalable, enabling you to protect an entire enterprise or an individual server within minutes.
Oracle Coherence DDoS Protection is able to intelligently detect and mitigate against all types of network attacks including SYN floods, application layer (HTTP) floods, TCP SYN flood, UDP flood, ICMP floods, TCP connect flood and more. Oracle Coherence DDoS Protection also provides powerful traffic analysis capabilities that allow you to identify the source IP address of any attack.
Oracle Coherence 12.2.1.3.0: Authentication bypass and SSL usage attacks
Oracle Coherence 12.2.1.3.0 is vulnerable to two major types of attacks that can be exploited by attackers. They can cause unauthorized access and unauthorized usage of SSL connections, which can result in information disclosure and denial of service (DoS) attacks on Oracle Coherence 12.2.1.3.0 and its clients.
References:
- "CVE-2022-21420"
- "Oracle Coherence 12.2.1.3.0 and below are vulnerable to DDoS attacks."
Oracle Coherence Services
Vulnerable versions of Oracle Coherence are susceptible to DDoS attacks. DDoS attacks may cause Oracle Coherence to stop responding to requests from clients, resulting in potential outages. Note: In the case of Oracle Coherence version 12.2.1.3.0 and below, there are a few different types of issue that might be exploited by attackers. Following shows a type of issue that can be exploited by attackers. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Vulnerable versions of Oracle Coherence are susceptible to DDoS attacks. DDoS attacks may cause Oracle Coherence to stop responding to requests from clients, resulting in potential outages
Timeline
Published on: 04/19/2022 21:15:00 UTC
Last modified on: 04/27/2022 17:58:00 UTC