CVE-2002-0564

PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to bypass authentication for a Database Access Descriptor DAD by modifying the URL to reference an alternate DAD that already has valid credentials...

CVE-2002-0560

PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to obtain sensitive information via the OWAUTIL stored procedures 1 OWAUTIL.signature, 2 OWAUTIL.listprint, or 3 OWAUTIL.showquerycolumns...

CVE-2002-0566

PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to cause a denial of service crash via an HTTP Authorization header without an authentication type...

CVE-2002-0568

CVE-2002-0568 concerns Oracle 9i Application Server where XSQLConfig.xml and soapConfig.xml configuration files are stored insecurely and may be retrieved via a virtual directory. This allows local users to obtain sensitive information, including usernames and passwords, as described in the OpenV...

CVE-2002-0561

CVE-2002-0561 affects Oracle 9i Application Server's PL/SQL Gateway web administration interface. The default configuration uses null authentication, allowing remote attackers to bypass access controls and modify DAD/settings via the PL/SQL gateway administration pages. Details in connected advis...

CVE-2002-0568

Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting 1 XSQLConfig.xml or 2 soapConfig.xml through a virtual directory...

CVE-2002-0564

CVE-2002-0564 affects Oracle 9i Application Server 1.0.2.x via PL/SQL module 3.0.9.8.2. An attacker can bypass authentication for a Database Access Descriptor (DAD) by altering the URL to reference a different DAD that already has valid credentials, enabling unauthorized access. The description n...

CVE-2002-0560

Oracle 9i Application Server 1.0.2.x with PL/SQL module 3.0.9.8.2 exposes OWA_UTIL procedures (signature, listprint, show_query_columns) to remote attackers, enabling information disclosure. Affected component is the PL/SQL gateway (modplsql) in Oracle 9iAS; exploitation involves unauthenticated ...

CVE-2002-0566

CVE-2002-0566 affects Oracle 9i Application Server (iAS) with the PL/SQL module 3.0.9.8.2. The vulnerability allows an unauthenticated remote attacker to crash the Apache-based PL/SQL service by sending a malformed HTTP Authorization header (no auth type). Impact is denial of service (partial ava...

CVE-2002-0562

CVE-2002-0562 affects Oracle 9i Application Server 1.0.2.x when running Oracle JSP or SQLJSP. The default configuration stores globals.jsa under the web root, enabling a remote attacker to obtain sensitive data (e.g., usernames and passwords) by directly requesting globals.jsa via HTTP. The vulne...

CVE-2002-0562

The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa...

CVE-2002-0559

The CVE-2002-0559 entry concerns a buffer overflow in Oracle9i Application Server’s Apache PL/SQL module exposed via the PL/SQL gateway (mod_plsql). The vulnerability arises from processing long inputs (e.g., long HTTP requests, long DAD passwords, long Authorization headers, or long cache direct...

CVE-2002-0563

CVE-2002-0563 describes a vulnerability in Oracle 9i Application Server 1.0.2.x where the default configuration allows remote anonymous access to sensitive services without authentication. Affected components include Dynamic Monitoring Services (dms0, dms/DMSDump, servlet/DMSDump, servlet/Spy, so...

Oracle Application Server contains format string vulnerability

Overview The CERT/CC is aware of a report about a "remotely exploitable format string vulnerability in Oracle Application Server" that could allow an unauthenticated, remote attacker to execute arbitrary code on a vulnerable system. Description Oracle Application Server uses the Apache HTTP Serve...

CVE-2002-1641

Multiple buffer overflows in Oracle Web Cache for Oracle 9i Application Server 9iAS allow remote attackers to execute arbitrary code via unknown vectors...

CVE-2001-1189

IBM Websphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, which allows local users to obtain the passwords via a JSP script...

CVE-2001-1216

Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page...

CVE-2001-1217

Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. dot dot sequences...

CVE-2001-1189

IBM WebSphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, enabling local users to retrieve passwords via a JSP script. Affected software: IBM WebSphere Application Server prior to 3.5.3. Root cause: credentials stored in cleartext. Impact: loc...

Oracle9i Application Server PL/SQL Gateway web administration interface uses null authentication by default

Overview A vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle 9i Application Server iAS. In its default configuration, the PL/SQL module grants unauthenticated access to the PL/SQL gateway web-based administration interface. Description...