Application Server Security Vulnerabilities and Issues — Application Server CVE List

Lucene search

OracleApplication Server

4 matches found

CVE•added 2005/07/14 4:0 a.m.•48 views

CVE-2000-1236

SQL injection vulnerability in mod_sql in Oracle Internet Application Server (IAS) 3.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the query string of the URL.

7.5CVSS9.5AI score0.00972EPSS

CVE•added 2005/07/14 4:0 a.m.•45 views

CVE-2000-1235

The default configurations of (1) the port listener and (2) modplsql in Oracle Internet Application Server (IAS) 3.0.7 and earlier allow remote attackers to view privileged database information via HTTP requests for Database Access Descriptor (DAD) files.

5CVSS8.7AI score0.00973EPSS

CVE•added 2005/07/05 4:0 a.m.•41 views

CVE-2005-2093

Oracle 9i Application Server (Oracle9iAS) 9.0.2 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Application Server to in...

4.3CVSS8.9AI score0.02589EPSS

CVE•added 2005/07/17 4:0 a.m.•37 views

CVE-2004-2244

The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and 9.0.3.1, 9.0.2.3 and earlier, and Release 1 1.0.2.2 and 1.0.2.2.2, and Database Server Release 2 9.2.0.1 and later, allows remote attackers to cause a denial of service (CPU and memory consumption) via a SOAP message containing a ...

5CVSS8.5AI score0.00847EPSS