Oracle

Application Server

198 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8

CVE-2002-0840

  • EPSS 91.95%
  • Veröffentlicht 11.10.2002 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web pag...

7.5

CVE-2002-0843

  • EPSS 3.78%
  • Veröffentlicht 11.10.2002 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.

7.5

CVE-2002-0947

  • EPSS 8.59%
  • Veröffentlicht 04.10.2002 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Buffer overflow in rwcgi60 CGI program for Oracle Reports Server 6.0.8.18.0 and earlier, as used in Oracle9iAS and other products, allows remote attackers to execute arbitrary code via a long database name parameter.

5

CVE-2002-1089

  • EPSS 10.41%
  • Veröffentlicht 04.10.2002 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

rwcgi60 CGI program in Oracle Reports Server, by design, provides sensitive information such as the full pathname, which could enable remote attackers to use the information in additional attacks.

7.5

CVE-2002-0655

  • EPSS 0.88%
  • Veröffentlicht 12.08.2002 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code.

7.5

CVE-2002-0656

  • EPSS 89.06%
  • Veröffentlicht 12.08.2002 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3.

5

CVE-2002-0659

  • EPSS 13.5%
  • Veröffentlicht 12.08.2002 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.

7.5

CVE-2002-0559

  • EPSS 26.41%
  • Veröffentlicht 03.07.2002 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via (1) a long help page request without a dadname, which overflows the resulting HTTP L...

5

CVE-2002-0560

  • EPSS 7.51%
  • Veröffentlicht 03.07.2002 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to obtain sensitive information via the OWA_UTIL stored procedures (1) OWA_UTIL.signature, (2) OWA_UTIL.listprint, or (3) OWA_UTIL.show_query_columns.

7.5

CVE-2002-0561

  • EPSS 6.96%
  • Veröffentlicht 03.07.2002 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings.