8 matches found
CVE-2019-0227
The CVE-2019-0227 entry concerns an SSRF in Apache Axis 1.4 (last released in 2006). The connected IBM bulletins confirm Axis 1.x vulnerability details and state Axis 2 is the successor, with 1.7.9 (Axis2) being not vulnerable. Affected Axis 1.x components are legacy; remediation is to upgrade to...
CVE-2018-8032
CVE-2018-8032 affects Apache Axis 1.x (up to 1.4) with a cross-site scripting (XSS) vulnerability in the default servlet/services. This vulnerability is documented in IBM/PM security bulletins linked to Axis, confirming an XSS flaw (CWE-79) in Axis 1.x and indicating broader IBM product exposure....
CVE-2000-0987
CVE-2000-0987 describes a buffer overflow in the Oracle Internet Directory LDAP daemon (oidldapd) shipped with Oracle 8i (Linux, 8.1.6). The vulnerability occurs in oidldapd’s handling of the LDAP “connect” option, allowing a local user to gain the euid of the oidldapd process (typically the orac...
CVE-2001-0974
The CVE-2001-0974 entry concerns Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1, where format string vulnerabilities in the LDAP handling code allow remote attackers to execute arbitrary code as demonstrated by the PROTOS LDAPv3 test suite. The CERT/CC advisory CA-2001-18 documents the...
CVE-2018-2601
CVE-2018-2601 affects Oracle Internet Directory (Oracle Fusion Middleware) subcomponent Oracle Directory Services Manager. Identified affected versions: 11.1.1.7.0, 11.1.1.9.0, 12.2.1.3.0. Root cause not detailed in the provided documents, but the vulnerability is exploitable by a high-privilege ...
CVE-2001-0975
The CVE-2001-0975 entry describes buffer overflow vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 that allow remote code execution, demonstrated by the PROTOS LDAPv3 test suite. Supported details show Oracle released Solaris-based patches for these versions (July 2001...
CVE-2001-1321
CVE-2001-1321 affects Oracle Internet Directory Server 2.1.1.x and 3.0.1. The issue permits remote attackers to crash the service and potentially execute arbitrary code via invalid encodings of BER OBJECT-IDENTIFIER values, as demonstrated by the PROTOS LDAPv3 test suite. The root cause is in the...
CVE-2001-0300
The CVE-2001-0300 issue pertains to the Oracle Internet Directory LDAP Daemon (oidldapd) version 2.1.1.1 included with Oracle 8i/8.1.7. The daemon writes logs to a directory (ldaplog) that has world‑writable permissions, enabling a local user to delete logs and, via a symlink attack, overwrite ot...