Application Server@1.0.2 Security Vulnerabilities and Issues — Application Server@1.0.2 CVE List

Lucene search

OracleApplication Server1.0.2

29 matches found

CVE•added 2003/04/02 5:0 a.m.•283 views

CVE-2001-1371

The default configuration of Oracle Application Server 9iAS 1.0.2.2 enables SOAP and allows anonymous users to deploy applications by default via urn:soap-service-manager and urn:soap-provider-manager.

7.5CVSS9AI score0.04432EPSS

CVE•added 2002/08/12 4:0 a.m.•181 views

CVE-2002-0656

Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3.

7.5CVSS9.6AI score0.82491EPSS

CVE•added 2004/09/01 4:0 a.m.•131 views

CVE-2002-0840

Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vuln...

6.8CVSS8.4AI score0.88769EPSS

CVE•added 2002/07/03 4:0 a.m.•128 views

CVE-2002-0562

The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa.

5CVSS9.1AI score0.02916EPSS

CVE•added 2002/07/03 4:0 a.m.•117 views

CVE-2002-0561

The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings.

7.5CVSS9.1AI score0.06961EPSS

CVE•added 2003/04/02 5:0 a.m.•105 views

CVE-2001-1372

Oracle 9i Application Server 1.0.2 allows remote attackers to obtain the physical path of a file under the server root via a request for a non-existent .JSP file, which leaks the pathname in an error message.

5CVSS8.8AI score0.0821EPSS

CVE•added 2002/07/03 4:0 a.m.•105 views

CVE-2002-0563

The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without authentication, including Dynamic Monitoring Services (1) dms0, (2) dms/DMSDump, (3) servlet/DMSDump, (4) servlet/Spy, (5) soap/servlet/Spy, and (6) dms/AggreSpy; and...

5CVSS9AI score0.30847EPSS

CVE•added 2002/07/03 4:0 a.m.•96 views

CVE-2002-0560

PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to obtain sensitive information via the OWA_UTIL stored procedures (1) OWA_UTIL.signature, (2) OWA_UTIL.listprint, or (3) OWA_UTIL.show_query_columns.

5CVSS8.6AI score0.07505EPSS

CVE•added 2002/10/11 4:0 a.m.•93 views

CVE-2002-0843

Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.

7.5CVSS9.5AI score0.02528EPSS

CVE•added 2002/08/12 4:0 a.m.•88 views

CVE-2002-0659

The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.

5CVSS8.2AI score0.08448EPSS

CVE•added 2002/08/12 4:0 a.m.•84 views

CVE-2002-0655

OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code.

7.5CVSS9.5AI score0.00608EPSS

CVE•added 2002/07/03 4:0 a.m.•70 views

CVE-2002-0568

Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory.

2.1CVSS8.4AI score0.04804EPSS

CVE•added 2009/01/14 2:30 a.m.•64 views

CVE-2008-4014

Unspecified vulnerability in the Oracle BPEL Process Manager component in Oracle Application Server allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

5.5CVSS7.7AI score0.00262EPSS

CVE•added 2002/03/15 5:0 a.m.•56 views

CVE-2001-1216

Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.

7.5CVSS9.4AI score0.04701EPSS

CVE•added 2005/03/26 5:0 a.m.•55 views

CVE-2002-1632

Oracle 9i Application Server (9iAS) installs multiple sample pages that allow remote attackers to obtain environment variables and other sensitive information via (1) info.jsp, (2) printenv, (3) echo, or (4) echo2.

6.4CVSS9AI score0.01444EPSS

CVE•added 2002/07/03 4:0 a.m.•54 views

CVE-2002-0559

Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via (1) a long help page request without a dadname, which overflows the resulting HTTP Location header, (2) a long HTTP request to the pl...

7.5CVSS9.4AI score0.26406EPSS

CVE•added 2005/02/26 5:0 a.m.•52 views

CVE-2004-1707

The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0.

7.2CVSS9.2AI score0.12298EPSS

CVE•added 2005/03/26 5:0 a.m.•51 views

CVE-2002-1631

SQL injection vulnerability in the query.xsql sample page in Oracle 9i Application Server (9iAS) allows remote attackers to execute arbitrary code via the sql parameter.

7.5CVSS9.4AI score0.05943EPSS

CVE•added 2006/01/26 11:7 a.m.•51 views

CVE-2006-0435

Unspecified vulnerability in Oracle PL/SQL (PLSQL), as used in Database Server DS 9.2.0.7 and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, E-Business Suite and Applications 11.5.10, and Collaboration Suite 10.1.1, 10.1.2.0, 10.1.2.1, and 9.0.4.2, allows att...

7.5CVSS8.9AI score0.05447EPSS

CVE•added 2002/03/15 5:0 a.m.•50 views

CVE-2001-1217

Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.

5CVSS8.7AI score0.06551EPSS

CVE•added 2005/03/28 5:0 a.m.•50 views

CVE-2002-1636

Cross-site scripting (XSS) vulnerability in the htp PL/SQL package for Oracle 9i Application Server (9iAS) allows remote attackers to inject arbitrary web script or HTML via the cbuf parameter to htp.print.

4.3CVSS7.7AI score0.00294EPSS

CVE•added 2005/03/26 5:0 a.m.•48 views

CVE-2002-1630

The sendmail.jsp sample page in Oracle 9i Application Server (9iAS) allows remote attackers to send arbitrary emails.

7.5CVSS8.9AI score0.0472EPSS

CVE•added 2002/03/09 5:0 a.m.•46 views

CVE-2001-0591

Directory traversal vulnerability in Oracle JSP 1.0.x through 1.1.1 and Oracle 8.1.7 iAS Release 1.0.2 can allow a remote attacker to read or execute arbitrary .jsp files via a '..' (dot dot) attack.

7.5CVSS9AI score0.00918EPSS

CVE•added 2002/07/03 4:0 a.m.•45 views

CVE-2002-0564

PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to bypass authentication for a Database Access Descriptor (DAD) by modifying the URL to reference an alternate DAD that already has valid credentials.

7.5CVSS9.2AI score0.0152EPSS

CVE•added 2002/07/03 4:0 a.m.•44 views

CVE-2002-0566

PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to cause a denial of service (crash) via an HTTP Authorization header without an authentication type.

5CVSS8.8AI score0.01547EPSS

CVE•added 2003/04/02 5:0 a.m.•44 views

CVE-2002-0569

Oracle 9i Application Server allows remote attackers to bypass access restrictions for configuration files via a direct request to the XSQL Servlet (XSQLServlet).

7.5CVSS9.1AI score0.02177EPSS

CVE•added 2002/07/03 4:0 a.m.•42 views

CVE-2002-0565

Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with world-readable permissions under the web root, which allows remote attackers to obtain sensitive information derived from the JSP code, including usernames and passwords, via a direct HTTP request to _pages.

5CVSS8.8AI score0.05915EPSS

CVE•added 2005/05/10 4:0 a.m.•41 views

CVE-2004-1877

The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password.

2.6CVSS9AI score0.00817EPSS

CVE•added 2007/10/29 7:0 p.m.•35 views

CVE-2002-2347

Cross-site scripting (XSS) vulnerability in Oracle Java Server Page (OJSP) demo files (1) hellouser.jsp, (2) welcomeuser.jsp and (3) usebean.jsp in Oracle 9i Application Server 9.0.2, 1.0.2.2, 1.0.2.1s and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the text entry field...

4.3CVSS7.4AI score0.00285EPSS