Lucene search
+L
OracleHttp Server

105 matches found

cve
cve
added 2019/07/02 6:31 p.m.227 views

CVE-2019-5443

Technical details about CVE-2019-5443 are not publicly provided in the provided documents. The available information is a high-level summary; monitor for updates.

7.8CVSS7.5AI score0.00717EPSS
cve
cve
added 2021/08/23 10:0 a.m.200 views

CVE-2021-35940

The connected docs confirm a concrete issue in the Apache Portable Runtime (APR) regarding CVE-2017-12613: an out-of-bounds array read in apr_time_exp*() that was fixed in APR 1.6.3. The APR 1.7.x branch did not carry that fix, and APR 1.7.0 regressed to be vulnerable to the same issue. A patch f...

7.1CVSS7.1AI score0.01185EPSS
cve
cve
added 2021/12/30 12:0 a.m.176 views

CVE-2021-4184

Wireshark CVE-2021-4184 is an infinite-loop DoS in the BitTorrent DHT dissector. Affected: Wireshark 3.6.0 and 3.4.0–3.4.10. Root cause: BitTorrent DHT parser infinite loop leading to application halt/crash via crafted capture files or packet injections. Publicly stated fixes exist in later Wires...

7.5CVSS7.4AI score0.03879EPSS
cve
cve
added 2022/07/11 7:26 p.m.174 views

CVE-2020-35169

CVE-2020-35169 is tied to Dell BSAFE Crypto-C Micro Edition (pre-4.1.5) and Dell BSAFE Micro Edition Suite (pre-4.5.2) with an Improper Input Validation vulnerability. Public sources in the connected documents confirm high-severity impact (CVSS v3.1: 9.8, network access, no authentication, high c...

9.8CVSS9.4AI score0.01037EPSS
cve
cve
added 2021/12/30 12:0 a.m.172 views

CVE-2021-4181

CVE-2021-4181 is a crash in the Wireshark Sysdig Event dissector (affects Wireshark 3.6.0 and 3.4.0–3.4.10) that could cause denial of service via crafted capture files or packet injections. Connected documents confirm a DoS impact with a crash/infinite loop in dissectors. Public details do not s...

7.5CVSS7.4AI score0.03774EPSS
cve
cve
added 2021/12/30 12:0 a.m.165 views

CVE-2021-4185

CVE-2021-4185 affects Wireshark’s RTMPT dissector and enables denial of service via crafted captures or packet injection by triggering an infinite loop. Public details confirm vulnerable versions include Wireshark 3.6.0 and 3.4.0–3.4.10. Advisories note remediation through updates; for example, D...

7.5CVSS7.4AI score0.03879EPSS
cve
cve
added 2021/12/30 12:0 a.m.162 views

CVE-2021-4182

Wireshark CVE-2021-4182 concerns a crash in the RFC 7468 dissector on Wireshark versions 3.6.0 and 3.4.0 up to 3.4.10, allowing denial of service via specially crafted captures or packet injections. The vulnerability is a crash/DoS in parsing (no explicit exploit details provided in the sources)....

7.5CVSS7.4AI score0.03296EPSS
cve
cve
added 2022/01/19 11:26 a.m.142 views

CVE-2022-21375

CVE-2022-21375 affects Oracle Solaris 11 kernel. A local, low-privilege attacker with logon can cause a hang or frequent crash (DoS) on the Solaris host. CVSS 3.1 base score 5.5 (A). References indicate Oracle CPU patches in Jan 2022 (and related advisories) as remediation. No exploitation detail...

5.5CVSS6.2AI score0.00262EPSS
cve
cve
added 2021/12/07 9:8 p.m.129 views

CVE-2021-42717

CVE-2021-42717 affects ModSecurity 3.x up to 3.0.5 (and 2.x up to 2.9.4). The flaw: excessive nesting of JSON objects causes severe resource exhaustion (DoS), with small-ish requests (e.g., ~300 KB) able to tie up workers and consume CPU. Mitigations documented across multiple sources include upg...

7.5CVSS7.3AI score0.03206EPSS
cve
cve
added 2002/07/31 4:0 a.m.110 views

CVE-2002-0655

OpenSSL CVE-2002-0655 affects 0.9.6d and earlier and 0.9.7-beta2 and earlier; on 64-bit platforms it mishandles ASCII representations of integers, enabling denial of service and potentially arbitrary code execution. Public sources in the connected docs corroborate multiple related CVEs (0655, 065...

7.5CVSS9.5AI score0.08169EPSS
cve
cve
added 2022/06/01 2:25 p.m.108 views

CVE-2020-26185

Dell BSAFE Micro Edition Suite (Dell) is affected by a Buffer Over-Read Vulnerability in versions prior to 4.5.1. Public docs consistently cite a remote-exploitable issue that can crash an application and cause denial of service. The CVSS data in the sources show a high impact (availability impac...

7.5CVSS7.5AI score0.01031EPSS
cve
cve
added 2002/07/31 4:0 a.m.105 views

CVE-2002-0659

CVE-2002-0659 affects the OpenSSL ASN.1 parser in: OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier. The vulnerability allows remote denial of service via invalid ASN.1 encodings. The OpenSSL family also contains related issues (e.g., CVE-2002-0655 and CVE-2002-0656) that have been exploit...

5CVSS8.2AI score0.36039EPSS
cve
cve
added 2022/07/11 7:25 p.m.95 views

CVE-2020-35166

CVE-2020-35166 affects Dell BSAFE Crypto-C Micro Edition (pre-4.1.5) and Dell BSAFE Micro Edition Suite (pre-4.6) with an Observable Timing Discrepancy Vulnerability. The Initial Description specifies the affected products/versions and that the vulnerability is timing-related, implying potential ...

9.8CVSS7.2AI score0.00741EPSS
cve
cve
added 2022/07/11 7:25 p.m.85 views

CVE-2020-35163

Technical details about CVE-2020-35163 are not publicly available in the provided connected documents. Monitor for updates.

9.8CVSS9.3AI score0.01101EPSS
cve
cve
added 2022/07/11 7:25 p.m.85 views

CVE-2020-35164

Summary (CVE-2020-35164) Dell BSAFE Crypto-C Micro Edition (versions before 4.1.5) and Dell BSAFE Micro Edition Suite (versions before 4.6) have an observable timing discrepancy vulnerability. Connected sources (PT-2022-8918) corroborate affected versions and advise upgrading to 4.1.5+ and 4.6+ r...

8.1CVSS8.8AI score0.00806EPSS
cve
cve
added 2022/07/11 7:25 p.m.82 views

CVE-2020-35168

CVE-2020-35168 affects Dell BSAFE Crypto-C Micro Edition (versions before 4.1.5) and Dell BSAFE Micro Edition Suite (versions before 4.6) with an Observable Timing Discrepancy vulnerability. The initial document provides CVSS metrics indicating high impact (network attack, no user interaction) wi...

9.8CVSS9.3AI score0.00483EPSS
cve
cve
added 2024/04/16 9:25 p.m.81 views

CVE-2024-20991

CVE-2024-20991 affects Oracle HTTP Server (Web Listener) in Oracle Fusion Middleware, specifically version 12.2.1.4.0. The issue, described across multiple sources, enables an unauthenticated attacker with network access via HTTP to read a subset of Oracle HTTP Server data due to insufficient pro...

5.3CVSS6.3AI score0.00574EPSS
cve
cve
added 2012/07/22 4:0 p.m.79 views

CVE-2012-2751

CVE-2012-2751 relates to ModSecurity prior to 2.6.6 when used with PHP. The issue arises in how single quotes in Content-Disposition are handled inside multipart/form-data requests, allowing remote attackers to bypass filtering rules and potentially perform XSS. The vulnerability is noted to exis...

4.3CVSS5.7AI score0.03303EPSS
Web
cve
cve
added 2022/07/11 7:25 p.m.79 views

CVE-2020-29508

CVE-2020-29508 affects Dell BSAFE Crypto-C Micro Edition (versions prior to 4.1.5) and Dell BSAFE Micro Edition Suite (versions prior to 4.6). The root cause is an Improper Input Validation vulnerability. Public references (CNVD/NVD/CVE records and Nessus-related entries) confirm the affected pro...

9.8CVSS9.3AI score0.01202EPSS
cve
cve
added 2020/01/15 4:34 p.m.76 views

CVE-2020-2545

CVE-2020-2545 affects Oracle Fusion Middleware Oracle HTTP Server (OSSL Module). Vulnerable in Oracle HTTP Server versions 11.1.1.9.0, 12.1.3.0.0, and 12.2.1.3.0. An unauthenticated attacker with network access via HTTPS can exploit this to cause partial denial of service (DO S) on Oracle HTTP Se...

5.3CVSS4.9AI score0.01489EPSS
cve
cve
added 2007/01/17 2:0 a.m.72 views

CVE-2007-0280

CVE-2007-0280 describes a buffer overflow in Oracle Process Mgmt & Notification (OPMN01) affecting Oracle HTTP Server 9.0.1.5; Application Server 9.0.4.3 and 10.1.2.x; and Collaboration Suite 9.0.4.2 and 10.1.2. Oracle notes in the description that OPMN01 is believed to be the ONS buffer overflow...

7.5CVSS9.1AI score0.03073EPSS
cve
cve
added 2022/07/11 7:25 p.m.72 views

CVE-2020-35167

Technical details for CVE-2020-35167 are not publicly available in the provided documents. Monitor for updates and additional sources.

9.8CVSS9.3AI score0.01045EPSS
cve
cve
added 2021/04/22 9:54 p.m.72 views

CVE-2021-2315

CVE-2021-2315 affects Oracle HTTP Server (Web Listener) in Oracle Fusion Middleware. Affected versions: 11.1.1.9.0, 12.2.1.3.0, 12.2.1.4.0. Description: unauthenticated attackers can access via HTTP and may compromise data, with possible unauthorized update/insert/delete and read access. Exploita...

5.8CVSS5.2AI score0.00959EPSS
cve
cve
added 2007/01/17 2:0 a.m.71 views

CVE-2007-0279

Technical details about CVE-2007-0279 are not publicly available in the provided connected documents; the materials reference Oracle HTTP Server and related components with unspecified vulnerabilities. Monitor for updates for further specifics.

7.5CVSS6.4AI score0.02444EPSS
cve
cve
added 2020/01/15 4:33 p.m.71 views

CVE-2020-2530

CVE-2020-2530 affects Oracle Fusion Middleware Oracle HTTP Server (Web Listener). Connected sources specify affected versions: 11.1.1.9.0, 12.1.3.0.0, and 12.2.1.3.0. The vulnerability is an authentication bypass in the Web Listener, allowing an unauthenticated, network-accessing attacker (via HT...

6.1CVSS5.7AI score0.0109EPSS
cve
cve
added 2007/01/17 2:0 a.m.70 views

CVE-2007-0282

Concrete details exist in connected documents for the Oracle Process Mgmt & Notification (OPMN) component: a format string vulnerability in the OPMN daemon used by Oracle Grid/Enterprise components (e.g., 10.2.0.1) that can be exploited by crafting the URI in an HTTP request to port 6003, enablin...

3.2CVSS8.6AI score0.00407EPSS
cve
cve
added 2022/07/11 7:25 p.m.70 views

CVE-2020-29506

Dell BSAFE Crypto-C Micro Edition (versions before 4.1.5) and Dell BSAFE Micro Edition Suite (versions before 4.5.2) contain an Observable Timing Discrepancy Vulnerability. The issue is documented with concrete vulnerable components and affected versions; upgrading to 4.1.5 and 4.5.2 respectively...

9.8CVSS9.4AI score0.01072EPSS
cve
cve
added 2006/01/26 11:0 a.m.69 views

CVE-2006-0435

The CVE-2006-0435 entry concerns Oracle PL/SQL Gateway/PLSQLExclusion bypass vulnerability (PLSQL01). Public sources (CERT VU and NVD) describe that the Oracle PL/SQL Gateway fails to validate HTTP requests, potentially allowing a remote attacker to bypass access controls and execute SQL commands...

7.5CVSS8.9AI score0.06844EPSS
cve
cve
added 2020/12/16 3:50 p.m.69 views

CVE-2020-5360

CVE-2020-5360 refers to a buffer under-read vulnerability in Dell BSAFE Micro Edition Suite, before version 4.5. The NVD entry notes unauthenticated remote exploitation with network access potentially causing undefined behavior or a crash (availability impact). Corporate context in connected docu...

7.5CVSS8AI score0.02207EPSS
cve
cve
added 2019/07/23 10:31 p.m.68 views

CVE-2019-2751

CVE-2019-2751 affects Oracle Fusion Middleware Oracle HTTP Server (OHS Config MBeans) with affected versions 12.1.3.0.0 and 12.2.1.3.0. The vulnerability allows an unauthenticated attacker with network access via HTTPS to read/modify data, enabling unauthorized access to Oracle HTTP Server data. ...

5.9CVSS5.5AI score0.01422EPSS
cve
cve
added 2021/10/20 10:51 a.m.68 views

CVE-2021-35666

CVE-2021-35666 affects the Oracle HTTP Server (OSSL Module) in Oracle Fusion Middleware, specifically version 11.1.1.9.0. The vulnerability allows an unauthenticated, network-accessible attacker over HTTPS to compromise Oracle HTTP Server, potentially gaining unauthorized access to data. Multiple...

7.1CVSS5.6AI score0.01204EPSS
cve
cve
added 2019/01/16 7:0 p.m.67 views

CVE-2019-2414

CVE-2019-2414 affects Oracle Fusion Middleware's Oracle HTTP Server Web Listener. Affected version shown as 12.2.1.3 (NVD). A Nessus plugin references 12.1.2.3 in the January 2019 CPU. The vulnerability is exploitable by a low-privilege user with valid logon, potentially enabling takeover of the ...

7.8CVSS7.8AI score0.00452EPSS
cve
cve
added 2025/01/21 8:52 p.m.67 views

CVE-2025-21498

CVE-2025-21498 affects Oracle HTTP Server (Oracle Fusion Middleware Core) with 12.2.1.4.0. The vulnerability allows an unauthenticated attacker over HTTP to read a subset of Oracle HTTP Server data. CVSS 3.1 base score is 5.3 (Confidentiality only), with network attack vector and no user interact...

5.3CVSS4.2AI score0.00495EPSS
cve
cve
added 2022/07/11 7:25 p.m.65 views

CVE-2020-29507

CVE-2020-29507 affects Dell BSAFE Crypto-C Micro Edition (before 4.1.4) and Dell BSAFE Micro Edition Suite (before 4.4). The vulnerability is described as an Improper Input Validation issue. Public references in the connected documents confirm affected versions and provide remediation guidance: u...

9.8CVSS9.4AI score0.01019EPSS
cve
cve
added 2022/10/18 12:0 a.m.64 views

CVE-2022-21593

Oracle Fusion Middleware’s Oracle HTTP Server (OHS Config MBeans) is affected for versions 12.2.1.3.0 and 12.2.1.4.0. The CVE-2022-21593 vulnerability enables an unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server, potentially gaining unauthorized access to data...

7.1CVSS7.1AI score0.00631EPSS
cve
cve
added 2022/06/01 2:25 p.m.63 views

CVE-2020-26184

CVE-2020-26184 affects Dell BSAFE Micro Edition Suite prior to 4.5.1. The vulnerability is improper certificate validation in the library/component, with a CVSSv3 base score of 7.5 (HIGH) and network vector with no privileges required. Affected versions must be updated to 4.5.1 or later to resolv...

7.5CVSS7.6AI score0.00639EPSS
cve
cve
added 2006/10/18 1:0 a.m.61 views

CVE-2006-5348

Technical details for CVE-2006-5348 are not publicly provided in the supplied documents. Available records reference the vulnerability but do not specify affected products, root cause, or fixes. Monitor for updates.

10CVSS6AI score0.0231EPSS
cve
cve
added 2006/10/18 1:0 a.m.61 views

CVE-2006-5354

Technical details for CVE-2006-5354 are not publicly provided in the supplied documents. No affected products, impact, or remediation are specified here; monitor for updates and additional technical disclosures.

10CVSS9AI score0.0231EPSS
cve
cve
added 2020/04/15 1:29 p.m.61 views

CVE-2020-2952

CVE-2020-2952 affects Oracle Fusion Middleware’s Oracle HTTP Server (Web Listener) version 11.1.1.9.0. The vulnerability enables an unauthenticated, network-accessible attacker over HTTP to modify or delete data and to read data from the Oracle HTTP Server, as indicated by the CVSS 3.0 base metri...

6.5CVSS5.8AI score0.0121EPSS
cve
cve
added 2023/10/17 9:2 p.m.61 views

CVE-2023-22019

CVE-2023-22019 affects Oracle HTTP Server (Web Listener) within Oracle Fusion Middleware, specifically version 12.2.1.4.0. The vulnerability enables an unauthenticated attacker with network access via HTTP to compromise the server and potentially access all Oracle HTTP Server data. CVSS 3.1 base ...

7.5CVSS7.2AI score0.0051EPSS
cve
cve
added 2006/10/18 1:0 a.m.60 views

CVE-2006-5349

Technical details for CVE-2006-5349 are not publicly available in the provided documents; the entries describe an unspecified vulnerability affecting Oracle HTTP Server 9.2.0.7 on HP Tru64 UNIX without concrete details. Monitor for updates.

10CVSS6AI score0.0231EPSS
cve
cve
added 2006/10/18 1:0 a.m.60 views

CVE-2006-5350

CVE-2006-5350 affects Oracle HTTP Server 9.2.0.7 and Oracle E-Business Suite/Applications 11.5.10CU2; the vulnerability impact is unspecified in the provided documents, with local attack vectors indicated. No concrete root-cause, exploit details, or remediation are given in the connected sources....

7.2CVSS6AI score0.0043EPSS
cve
cve
added 2007/01/17 2:0 a.m.60 views

CVE-2007-0281

Public documents provided do not include concrete technical details (affected product, root cause, exploit vectors, or remediation) for CVE-2007-0281; monitor for updates.

5CVSS9AI score0.01631EPSS
cve
cve
added 2005/05/27 4:0 a.m.58 views

CVE-2004-2115

Oracle HTTP Server 1.3.22 (based on Apache) is affected by CVE-2004-2115, a cross-site scripting (XSS) vulnerability in which remote attackers can inject and execute arbitrary script as other users via the isqlplus request’s (action, username, or password) parameters. The CVE entry cites this as ...

6.8CVSS6.2AI score0.58352EPSS
cve
cve
added 2018/04/19 2:0 a.m.58 views

CVE-2018-2760

The CVE-2018-2760 entry concerns Oracle Fusion Middleware’s Oracle HTTP Server, specifically the OSSL Module subcomponent. Affected versions are 12.1.3 and 12.2.1.2. The vulnerability is described as difficult to exploit and allows an unauthenticated attacker who can reach the server over HTTPS t...

5.9CVSS6.1AI score0.02093EPSS
cve
cve
added 2001/09/12 4:0 a.m.57 views

CVE-1999-1068

Oracle Webserver 2.1 is affected when serving PL/SQL stored procedures. A long HTTP GET request can trigger a denial-of-service by crashing the remote web server, via the cgi /ews-bin/fnord pathway. The vulnerability is documented in CVE-1999-1068 and is reflected in the Nessus plugin OWS_OVERFLO...

5CVSS6.3AI score0.0212EPSS
cve
cve
added 2006/10/18 1:0 a.m.56 views

CVE-2006-5346

The CVE-2006-5346 entry describes an unspecified vulnerability in Oracle HTTP Server 9.2.0.7 (used in Oracle Collaboration Suite 9.0.4.2 and Oracle E-Business Suite/Applications 11.5.10CU2) with unknown impact and remote attack vectors related to htdigest (aka OHS02). The connected documents corr...

7.6CVSS6AI score0.01867EPSS
cve
cve
added 2006/10/18 1:0 a.m.56 views

CVE-2006-5347

CVE-2006-5347 affects Oracle HTTP Server 9.2.0.7 and Oracle Collaboration Suite 9.0.4.2. The vulnerability is described as unspecified with unknown impact and remote attack vectors related to HTTPS/SSL (aka Vuln# OHS04); no remediation details are provided in the connected documents.

10CVSS6AI score0.0231EPSS
cve
cve
added 2018/01/18 2:0 a.m.56 views

CVE-2018-2561

CVE-2018-2561 affects the Oracle HTTP Server component of Oracle Fusion Middleware (Web Listener). Affected supported versions are 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. The vulnerability is exploitable by an unauthenticated, network-accessing attacker over HTTP and can le...

5.3CVSS5.4AI score0.01974EPSS
cve
cve
added 2021/10/20 10:49 a.m.56 views

CVE-2021-2480

CVE-2021-2480 affects Oracle HTTP Server (Web Listener) within Oracle Fusion Middleware. Affected: 11.1.1.9.0. Description indicates an unauthenticated attacker with network access via HTTP can compromise Oracle HTTP Server, with potential unauthorized update/insert/delete of accessible data. The...

4.3CVSS3.6AI score0.00802EPSS
Total number of security vulnerabilities105