Lucene search

K
OracleHttp Server

7 matches found

CVE
CVE
added 2014/07/20 11:12 a.m.2036 views

CVE-2014-0226

Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard h...

6.8CVSS7AI score0.90264EPSS
CVE
CVE
added 2020/09/04 12:15 a.m.424 views

CVE-2020-24977

GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e.

6.5CVSS6.9AI score0.00481EPSS
CVE
CVE
added 2022/02/18 5:15 a.m.242 views

CVE-2022-25313

In Expat (aka libexpat) before 2.4.5, an attacker can trigger stack exhaustion in build_model via a large nesting depth in the DTD element.

6.5CVSS7.9AI score0.00124EPSS
CVE
CVE
added 2019/11/08 3:15 p.m.238 views

CVE-2019-10219

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.

6.5CVSS6AI score0.01864EPSS
CVE
CVE
added 2020/01/15 5:15 p.m.56 views

CVE-2020-2530

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle H...

6.1CVSS5.7AI score0.01121EPSS
CVE
CVE
added 2005/05/27 4:0 a.m.45 views

CVE-2004-2115

Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.

6.8CVSS6.2AI score0.47429EPSS
CVE
CVE
added 2020/04/15 2:15 p.m.43 views

CVE-2020-2952

Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). The supported version that is affected is 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful att...

6.5CVSS5.8AI score0.01403EPSS