Lucene search
K

179 matches found

CVE
CVE
added 2019/07/10 7:9 p.m.166 views

CVE-2019-0327

This CVE affects SAP NetWeaver for Java Application Server Web Container. The vulnerability allows an attacker to upload files (including script files) due to inadequate file format validation in engineapi (versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5) and servercode (versions 7.2, 7.3, 7.31, 7.4, 7.5)...

7.2CVSS7AI score0.02098EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/04/30 12:0 a.m.6 views

The vulnerability of the Web Container sub-component of the Oracle Service Bus component of the Oracle Fusion Middleware software platform allows a attacker to cause a service failure.

The vulnerability of the Web Container sub-component of the Oracle Service Bus component of the Oracle Fusion Middleware software is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to cause service failures using the HTTP protocol...

5.3CVSS6.3AI score0.0152EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2019/04/23 7:32 p.m.5 views

CVE-2019-2576

Vulnerability in the Oracle Service Bus component of Oracle Fusion Middleware subcomponent: Web Container. Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

5.3CVSS6.3AI score0.0152EPSS
Exploits0References1
NVD
NVD
added 2019/04/23 7:32 p.m.20 views

CVE-2019-2576

Vulnerability in the Oracle Service Bus component of Oracle Fusion Middleware subcomponent: Web Container. Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

5.3CVSS4.3AI score0.0152EPSS
Exploits0References1
CNVD
CNVD
added 2019/04/17 12:0 a.m.3 views

Oracle Fusion Middleware Service Bus Access Control Error Vulnerability

Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platform for enterprise and cloud environments from Oracle. The platform provides middleware, software collections, etc. Service Bus is one of the components that supports the interaction between managed services an...

5.3CVSS6.6AI score0.0152EPSS
Exploits0References1
CVE
CVE
added 2018/12/11 11:0 p.m.62 views

CVE-2018-2504

CVE-2018-2504 affects SAP NetWeaver AS Java Web Container. The issue arises because the HTTP Host header is not validated against a whitelist, enabling potential HTTP Host Header Manipulation and related XSS . Root cause: missing host header whitelisting in the web container. Impact is mitigated ...

6.1CVSS5.9AI score0.01064EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2018/12/11 10:29 p.m.20 views

Cross site scripting

SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting XSS vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50...

4.3CVSS6AI score0.01064EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2018/12/11 10:29 p.m.28 views

CVE-2018-2504

SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting XSS vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50...

6.1CVSS6AI score0.01064EPSS
Exploits0References3
OSV
OSV
added 2018/12/11 10:29 p.m.3 views

CVE-2018-2504

SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting XSS vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50...

6.1CVSS5.8AI score0.01064EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 6:59 a.m.26 views

Security Bulletin: Potential Denial of Service in IBM WebSphere Application Server CVE-2014-0050

Summary Apache Commons FileUpload used by IBM WebSphere Application Server may be vulnerable to a denial of service. Vulnerability Details CVEID: CVE-2014-0050 Description: Potential denial of service in Apache Commons FileUpload CVSS Base Score: 5 CVSS Temporal Score: See...

7.5CVSS6.8AI score0.83175EPSS
Exploits8Affected Software4
IBM Security Bulletins
IBM Security Bulletins
added 2018/06/15 6:59 a.m.17 views

Security Bulletin: WebSphere eXtreme Scale and WebSphere DataPower XC10 Appliance client vulnerability (CVE-2013-6734)

Summary In certain configurations, a security vulnerability exists in WebSphere eXtreme Scale Client, the client that is used with WebSphere eXtreme Scale and WebSphere DataPower XC10 Appliance. WebSphere eXtreme Scale Client might allow cached HTTP session data of one user to be accessed by a...

3.5CVSS1.1AI score0.00951EPSS
Exploits0Affected Software2
CNVD
CNVD
added 2018/05/22 12:0 a.m.4 views

Unspecified Content Spoofing Vulnerability in SAP NetWeaver Application Server Java Web Container and HTTP Service

SAP NetWeaver is Germany's SAP SAP company's set of service-oriented integrated application platform, the platform can provide development and operation environment for SAP applications. Application Server Java Web Container is one of the Java application running environment; HTTP Service is an...

4.7CVSS5AI score0.01165EPSS
Exploits0References1
OSV
OSV
added 2018/05/09 8:29 p.m.5 views

CVE-2018-2415

SAP NetWeaver Application Server Java Web Container and HTTP Service Engine API, from 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; J2EE Engine Server Core 7.11, 7.30, 7.31, 7.40, 7.50 do not sufficiently encode user controlled inputs, resulting in a content spoofing vulnerability when error pages are...

4.7CVSS5.8AI score0.01165EPSS
Exploits0References3
CVE
CVE
added 2018/05/09 8:0 p.m.52 views

CVE-2018-2415

The CVE-2018-2415 issue affects SAP NetWeaver Application Server Java Web Container and HTTP Service (Engine API, 7.10–7.11, 7.30, 7.31, 7.40, 7.50; J2EE Engine Server Core 7.11, 7.30, 7.31, 7.40, 7.50). It arises from insufficient encoding of user-controlled inputs, leading to a content spoofing...

4.7CVSS4.7AI score0.01165EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2017/10/19 5:29 p.m.23 views

CVE-2017-10385

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware subcomponent: Web Container. Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish...

6.8CVSS5.6AI score0.0121EPSS
Exploits0References3
OSV
OSV
added 2017/10/19 5:29 p.m.4 views

CVE-2017-10393

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware subcomponent: Web Container. Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish...

6.3CVSS7.3AI score0.0121EPSS
Exploits0References3
OSV
OSV
added 2017/10/19 5:29 p.m.5 views

CVE-2017-10385

Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware subcomponent: Web Container. Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish...

6.3CVSS7.3AI score0.0121EPSS
Exploits0References3
OSV
OSV
added 2017/10/19 5:29 p.m.3 views

CVE-2017-10334

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Container. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP t...

4.3CVSS7.3AI score0.01053EPSS
Exploits0References2
NVD
NVD
added 2017/10/19 5:29 p.m.29 views

CVE-2017-10334

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Container. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP t...

4.3CVSS2.8AI score0.01053EPSS
Exploits0References2
OSV
OSV
added 2017/10/19 5:29 p.m.3 views

CVE-2017-10152

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Container. Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

6.5CVSS7.3AI score0.01914EPSS
Exploits0References3
Rows per page
Query Builder