Oracle

Application Server

198 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.8

CVE-2002-0840

  • EPSS 91.95%
  • Published 11.10.2002 04:00:00
  • Last modified 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web pag...

7.5

CVE-2002-0843

  • EPSS 3.78%
  • Published 11.10.2002 04:00:00
  • Last modified 03.04.2025 01:03:51

Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.

7.5

CVE-2002-0947

  • EPSS 8.59%
  • Published 04.10.2002 04:00:00
  • Last modified 03.04.2025 01:03:51

Buffer overflow in rwcgi60 CGI program for Oracle Reports Server 6.0.8.18.0 and earlier, as used in Oracle9iAS and other products, allows remote attackers to execute arbitrary code via a long database name parameter.

5

CVE-2002-1089

  • EPSS 10.41%
  • Published 04.10.2002 04:00:00
  • Last modified 03.04.2025 01:03:51

rwcgi60 CGI program in Oracle Reports Server, by design, provides sensitive information such as the full pathname, which could enable remote attackers to use the information in additional attacks.

7.5

CVE-2002-0655

  • EPSS 0.88%
  • Published 12.08.2002 04:00:00
  • Last modified 03.04.2025 01:03:51

OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code.

7.5

CVE-2002-0656

  • EPSS 89.06%
  • Published 12.08.2002 04:00:00
  • Last modified 03.04.2025 01:03:51

Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3.

5

CVE-2002-0659

  • EPSS 13.5%
  • Published 12.08.2002 04:00:00
  • Last modified 03.04.2025 01:03:51

The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.

7.5

CVE-2002-0559

  • EPSS 26.41%
  • Published 03.07.2002 04:00:00
  • Last modified 03.04.2025 01:03:51

Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via (1) a long help page request without a dadname, which overflows the resulting HTTP L...

5

CVE-2002-0560

  • EPSS 7.51%
  • Published 03.07.2002 04:00:00
  • Last modified 03.04.2025 01:03:51

PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to obtain sensitive information via the OWA_UTIL stored procedures (1) OWA_UTIL.signature, (2) OWA_UTIL.listprint, or (3) OWA_UTIL.show_query_columns.

7.5

CVE-2002-0561

  • EPSS 6.96%
  • Published 03.07.2002 04:00:00
  • Last modified 03.04.2025 01:03:51

The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings.