Http Server Security Vulnerabilities and Issues — Page 2 of Http Server CVE List

Lucene search

OracleHttp Server

102 matches found

CVE•added 2022/07/11 8:15 p.m.•154 views

CVE-2020-35169

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Improper Input Validation Vulnerability.

9.8CVSS9.4AI score0.00159EPSS

CVE•added 2021/12/30 10:15 p.m.•142 views

CVE-2021-4184

Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file

7.5CVSS7.4AI score0.00037EPSS

CVE•added 2021/12/30 10:15 p.m.•139 views

CVE-2021-4185

Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file

7.5CVSS7.4AI score0.00037EPSS

CVE•added 2021/12/30 10:15 p.m.•135 views

CVE-2021-4182

Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file

7.5CVSS7.4AI score0.00039EPSS

CVE•added 2021/12/30 10:15 p.m.•134 views

CVE-2021-4181

Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file

7.5CVSS7.4AI score0.00053EPSS

CVE•added 2022/01/19 12:15 p.m.•128 views

CVE-2022-21375

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful at...

5.5CVSS6.2AI score0.00062EPSS

CVE•added 2021/12/07 10:15 p.m.•102 views

CVE-2021-42717

ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate requests. Even a moderately large (e.g., 300KB) HTTP request can occupy one of the limited NGINX worke...

7.5CVSS7.3AI score0.02101EPSS

CVE•added 2002/08/12 4:0 a.m.•88 views

CVE-2002-0659

The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.

5CVSS8.2AI score0.12032EPSS

CVE•added 2002/08/12 4:0 a.m.•84 views

CVE-2002-0655

OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code.

7.5CVSS9.5AI score0.00883EPSS

CVE•added 2022/07/11 8:15 p.m.•80 views

CVE-2020-35166

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.

9.8CVSS7.2AI score0.00366EPSS

CVE•added 2022/07/11 8:15 p.m.•70 views

CVE-2020-35168

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.

9.8CVSS9.3AI score0.0011EPSS

CVE•added 2022/07/11 8:15 p.m.•69 views

CVE-2020-35164

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.

8.1CVSS8.8AI score0.00497EPSS

CVE•added 2022/07/11 8:15 p.m.•67 views

CVE-2020-35163

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain a Use of Insufficiently Random Values Vulnerability.

9.8CVSS9.3AI score0.00638EPSS

CVE•added 2024/04/16 10:15 p.m.•65 views

CVE-2024-20991

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful att...

5.3CVSS6.3AI score0.0035EPSS

CVE•added 2022/07/11 8:15 p.m.•63 views

CVE-2020-29508

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Improper Input Validation Vulnerability.

9.8CVSS9.3AI score0.00202EPSS

CVE•added 2012/07/22 4:55 p.m.•62 views

CVE-2012-2751

ModSecurity before 2.6.6, when used with PHP, does not properly handle single quotes not at the beginning of a request parameter value in the Content-Disposition field of a request with a multipart/form-data Content-Type header, which allows remote attackers to bypass filtering rules and perform ot...

4.3CVSS5.7AI score0.01759EPSS

CVE•added 2007/01/17 2:28 a.m.•60 views

CVE-2007-0279

Multiple unspecified vulnerabilities in Oracle HTTP Server 9.2.0.8 and Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, aka (1) OHS01, (2) OHS02, (3) OHS05, (4) OHS06, and (5) OHS07.

7.5CVSS6.4AI score0.01977EPSS

CVE•added 2020/01/15 5:15 p.m.•57 views

CVE-2020-2545

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: OSSL Module). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle H...

5.3CVSS4.9AI score0.03921EPSS

CVE•added 2020/01/15 5:15 p.m.•56 views

CVE-2020-2530

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle H...

6.1CVSS5.7AI score0.01121EPSS

CVE•added 2007/01/17 2:28 a.m.•55 views

CVE-2007-0282

Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.2 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN02.

3.2CVSS8.6AI score0.00334EPSS

CVE•added 2022/07/11 8:15 p.m.•55 views

CVE-2020-35167

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.

9.8CVSS9.3AI score0.00558EPSS

CVE•added 2019/07/23 11:15 p.m.•54 views

CVE-2019-2751

Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: OHS Config MBeans). Supported versions that are affected are 12.1.3.0.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle ...

5.9CVSS5.5AI score0.01422EPSS

CVE•added 2022/07/11 8:15 p.m.•54 views

CVE-2020-29506

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.

9.8CVSS9.4AI score0.01329EPSS

CVE•added 2020/12/16 4:15 p.m.•54 views

CVE-2020-5360

Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to a Buffer Under-Read Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability resulting in undefined behaviour, or a crash of the affected systems.

7.5CVSS8AI score0.01804EPSS

CVE•added 2007/01/17 2:28 a.m.•53 views

CVE-2007-0280

Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.2, and 10.1.2.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN01. NOTE: as of 20070123,...

7.5CVSS9.1AI score0.02531EPSS

CVE•added 2021/10/20 11:17 a.m.•53 views

CVE-2021-35666

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: OSSL Module). The supported version that is affected is 11.1.1.9.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful a...

7.1CVSS5.6AI score0.01322EPSS

CVE•added 2021/04/22 10:15 p.m.•52 views

CVE-2021-2315

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle H...

5.8CVSS5.2AI score0.00601EPSS

CVE•added 2006/01/26 11:7 a.m.•51 views

CVE-2006-0435

Unspecified vulnerability in Oracle PL/SQL (PLSQL), as used in Database Server DS 9.2.0.7 and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, E-Business Suite and Applications 11.5.10, and Collaboration Suite 10.1.1, 10.1.2.0, 10.1.2.1, and 9.0.4.2, allows att...

7.5CVSS8.9AI score0.05447EPSS

CVE•added 2019/01/16 7:30 p.m.•49 views

CVE-2019-2414

Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). The supported version that is affected is 12.2.1.3. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle HTTP Server executes to compr...

7.8CVSS7.8AI score0.00079EPSS

CVE•added 2022/10/18 9:15 p.m.•49 views

CVE-2022-21593

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: OHS Config MBeans). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Ser...

7.1CVSS7.1AI score0.0098EPSS

CVE•added 2006/10/18 1:7 a.m.•48 views

CVE-2006-5350

Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and Oracle E-Business Suite and Applications 11.5.10CU2 has unknown impact and local attack vectors, aka Vuln# OHS08.

7.2CVSS6AI score0.00462EPSS

CVE•added 2022/06/01 3:15 p.m.•48 views

CVE-2020-26185

Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain a Buffer Over-Read Vulnerability.

7.5CVSS7.5AI score0.00463EPSS

CVE•added 2022/07/11 8:15 p.m.•48 views

CVE-2020-29507

Dell BSAFE Crypto-C Micro Edition, versions before 4.1.4, and Dell BSAFE Micro Edition Suite, versions before 4.4, contain an Improper Input Validation Vulnerability.

9.8CVSS9.4AI score0.0085EPSS

CVE•added 2006/10/18 1:7 a.m.•47 views

CVE-2006-5349

Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, when running on HP Tru64 UNIX, has unknown impact and remote attack vectors related to HTTPS and SSL, aka Vuln# OHS07.

10CVSS6AI score0.00958EPSS

CVE•added 2006/10/18 1:7 a.m.•47 views

CVE-2006-5354

Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and 10.1.0.5, Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0, racle Collaboration Suite 9.0.4.2 and 10.1.2, and Oracle E-Business Suite and Applications 11.5.10CU2 has unknown impact and remote attack vectors, aka Vuln# OHS06...

10CVSS9AI score0.00958EPSS

CVE•added 2007/01/17 2:28 a.m.•47 views

CVE-2007-0281

Multiple unspecified vulnerabilities in Oracle HTTP Server 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.1, 10.1.2.0.2, 10.1.2.1, and 10.1.3.0; and Collaboration Suite 9.0.4.2 and 10.1.2; have unknown impact and attack vectors related to the Oracle HTTP ...

5CVSS9AI score0.00626EPSS

CVE•added 2022/06/01 3:15 p.m.•47 views

CVE-2020-26184

Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain an Improper Certificate Validation vulnerability.

7.5CVSS7.6AI score0.0031EPSS

CVE•added 2006/10/18 1:7 a.m.•46 views

CVE-2006-5348

Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, Oracle Collaboration Suite 9.0.4.2, and Oracle E-Business Suite and Applications 11.5.10CU2 has unknown impact and remote attack vectors related to HTTPS and SSL, aka Vuln# OHS05.

10CVSS6AI score0.00958EPSS

CVE•added 2025/01/21 9:15 p.m.•46 views

CVE-2025-21498

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of ...

5.3CVSS4.2AI score0.00054EPSS

CVE•added 2005/05/27 4:0 a.m.•45 views

CVE-2004-2115

Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.

6.8CVSS6.2AI score0.47429EPSS

CVE•added 2018/04/19 2:29 a.m.•45 views

CVE-2018-2760

Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: OSSL Module). Supported versions that are affected are 12.1.3 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server....

5.9CVSS6.1AI score0.01834EPSS

CVE•added 2020/04/15 2:15 p.m.•43 views

CVE-2020-2952

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). The supported version that is affected is 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful att...

6.5CVSS5.8AI score0.01403EPSS

CVE•added 2023/10/17 10:15 p.m.•43 views

CVE-2023-22019

7.5CVSS7.2AI score0.00269EPSS

CVE•added 2021/10/20 11:16 a.m.•42 views

CVE-2021-2480

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). The supported version that is affected is 11.1.1.9.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful a...

4.3CVSS3.6AI score0.00553EPSS

CVE•added 2005/05/10 4:0 a.m.•41 views

CVE-2004-1877

The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password.

2.6CVSS9AI score0.00817EPSS

CVE•added 2016/07/21 10:12 a.m.•41 views

CVE-2016-3482

Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.9 and 12.1.3.0 allows remote attackers to affect confidentiality via vectors related to SSL/TLS Module.

5CVSS4.4AI score0.00366EPSS

CVE•added 2018/01/18 2:29 a.m.•41 views

CVE-2018-2561

Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access vi...

5.3CVSS5.4AI score0.03045EPSS

CVE•added 2001/09/12 4:0 a.m.•40 views

CVE-1999-1068

Oracle Webserver 2.1, when serving PL/SQL stored procedures, allows remote attackers to cause a denial of service via a long HTTP GET request.

5CVSS6.3AI score0.00421EPSS

CVE•added 2006/10/18 1:7 a.m.•40 views

CVE-2006-5346

Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, as used in Oracle Collaboration Suite 9.0.4.2 and Oracle E-Business Suite and Applications 11.5.10CU2, has unknown impact and remote attack vectors related to htdigest, aka Vuln# OHS02.

7.6CVSS6AI score0.00707EPSS

CVE•added 2016/04/21 10:59 a.m.•39 views

CVE-2016-0671

Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 12.1.2.0 allows remote attackers to affect confidentiality via vectors related to OSSL Module.

3.7CVSS4.5AI score0.0043EPSS

Total number of security vulnerabilities102