A pair of vulnerabilities in Oracle s iPlanet Web Server have been disclosed that can lead to sensitive data exposure and image injections onto web pages if exploited. The bugs are specifically found in the web administration console of iPlanet version 7, which has reached end-of-life and is no longer supported. No patch is forthcoming for either flaw; all is not lost: Users can implement other controls to mitigate the problem and reduce risk. Oracle pointed the researchers to its EOL statement when the bug report was submitted.
Source: https://threatpost.com/unpatched-bugs-oracle-iplanet/155639/