179 matches found
CVE-2019-0327
This CVE affects SAP NetWeaver for Java Application Server Web Container. The vulnerability allows an attacker to upload files (including script files) due to inadequate file format validation in engineapi (versions 7.1, 7.2, 7.3, 7.31, 7.4, 7.5) and servercode (versions 7.2, 7.3, 7.31, 7.4, 7.5)...
The vulnerability of the Web Container sub-component of the Oracle Service Bus component of the Oracle Fusion Middleware software platform allows a attacker to cause a service failure.
The vulnerability of the Web Container sub-component of the Oracle Service Bus component of the Oracle Fusion Middleware software is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to cause service failures using the HTTP protocol...
CVE-2019-2576
Vulnerability in the Oracle Service Bus component of Oracle Fusion Middleware subcomponent: Web Container. Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...
CVE-2019-2576
Vulnerability in the Oracle Service Bus component of Oracle Fusion Middleware subcomponent: Web Container. Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...
Oracle Fusion Middleware Service Bus Access Control Error Vulnerability
Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platform for enterprise and cloud environments from Oracle. The platform provides middleware, software collections, etc. Service Bus is one of the components that supports the interaction between managed services an...
CVE-2018-2504
CVE-2018-2504 affects SAP NetWeaver AS Java Web Container. The issue arises because the HTTP Host header is not validated against a whitelist, enabling potential HTTP Host Header Manipulation and related XSS . Root cause: missing host header whitelisting in the web container. Impact is mitigated ...
Cross site scripting
SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting XSS vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50...
CVE-2018-2504
SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting XSS vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50...
CVE-2018-2504
SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting XSS vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50...
Security Bulletin: Potential Denial of Service in IBM WebSphere Application Server CVE-2014-0050
Summary Apache Commons FileUpload used by IBM WebSphere Application Server may be vulnerable to a denial of service. Vulnerability Details CVEID: CVE-2014-0050 Description: Potential denial of service in Apache Commons FileUpload CVSS Base Score: 5 CVSS Temporal Score: See...
Security Bulletin: WebSphere eXtreme Scale and WebSphere DataPower XC10 Appliance client vulnerability (CVE-2013-6734)
Summary In certain configurations, a security vulnerability exists in WebSphere eXtreme Scale Client, the client that is used with WebSphere eXtreme Scale and WebSphere DataPower XC10 Appliance. WebSphere eXtreme Scale Client might allow cached HTTP session data of one user to be accessed by a...
Unspecified Content Spoofing Vulnerability in SAP NetWeaver Application Server Java Web Container and HTTP Service
SAP NetWeaver is Germany's SAP SAP company's set of service-oriented integrated application platform, the platform can provide development and operation environment for SAP applications. Application Server Java Web Container is one of the Java application running environment; HTTP Service is an...
CVE-2018-2415
SAP NetWeaver Application Server Java Web Container and HTTP Service Engine API, from 7.10 to 7.11, 7.30, 7.31, 7.40, 7.50; J2EE Engine Server Core 7.11, 7.30, 7.31, 7.40, 7.50 do not sufficiently encode user controlled inputs, resulting in a content spoofing vulnerability when error pages are...
CVE-2018-2415
The CVE-2018-2415 issue affects SAP NetWeaver Application Server Java Web Container and HTTP Service (Engine API, 7.10–7.11, 7.30, 7.31, 7.40, 7.50; J2EE Engine Server Core 7.11, 7.30, 7.31, 7.40, 7.50). It arises from insufficient encoding of user-controlled inputs, leading to a content spoofing...
CVE-2017-10385
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware subcomponent: Web Container. Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish...
CVE-2017-10393
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware subcomponent: Web Container. Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish...
CVE-2017-10385
Vulnerability in the Oracle GlassFish Server component of Oracle Fusion Middleware subcomponent: Web Container. Supported versions that are affected are 3.0.1 and 3.1.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle GlassFish...
CVE-2017-10334
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Container. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP t...
CVE-2017-10334
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Container. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP t...
CVE-2017-10152
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: Web Container. Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...