Lucene search
K
OracleInternet Directory

8 matches found

CVE
CVE
added 2019/05/01 8:3 p.m.300 views

CVE-2019-0227

The CVE-2019-0227 entry concerns an SSRF in Apache Axis 1.4 (last released in 2006). The connected IBM bulletins confirm Axis 1.x vulnerability details and state Axis 2 is the successor, with 1.7.9 (Axis2) being not vulnerable. Affected Axis 1.x components are legacy; remediation is to upgrade to...

7.5CVSS8.3AI score0.86503EPSS
Web
CVE
CVE
added 2018/08/02 1:0 p.m.257 views

CVE-2018-8032

CVE-2018-8032 affects Apache Axis 1.x (up to 1.4) with a cross-site scripting (XSS) vulnerability in the default servlet/services. This vulnerability is documented in IBM/PM security bulletins linked to Axis, confirming an XSS flaw (CWE-79) in Axis 1.x and indicating broader IBM product exposure....

6.1CVSS5.8AI score0.10554EPSS
CVE
CVE
added 2000/11/29 5:0 a.m.51 views

CVE-2000-0987

CVE-2000-0987 describes a buffer overflow in the Oracle Internet Directory LDAP daemon (oidldapd) shipped with Oracle 8i (Linux, 8.1.6). The vulnerability occurs in oidldapd’s handling of the LDAP “connect” option, allowing a local user to gain the euid of the oidldapd process (typically the orac...

4.6CVSS6.5AI score0.01364EPSS
CVE
CVE
added 2002/02/02 5:0 a.m.50 views

CVE-2001-0974

The CVE-2001-0974 entry concerns Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1, where format string vulnerabilities in the LDAP handling code allow remote attackers to execute arbitrary code as demonstrated by the PROTOS LDAPv3 test suite. The CERT/CC advisory CA-2001-18 documents the...

7.5CVSS7.2AI score0.0631EPSS
CVE
CVE
added 2018/01/18 2:0 a.m.49 views

CVE-2018-2601

CVE-2018-2601 affects Oracle Internet Directory (Oracle Fusion Middleware) subcomponent Oracle Directory Services Manager. Identified affected versions: 11.1.1.7.0, 11.1.1.9.0, 12.2.1.3.0. Root cause not detailed in the provided documents, but the vulnerability is exploitable by a high-privilege ...

8CVSS8AI score0.01729EPSS
CVE
CVE
added 2002/02/02 5:0 a.m.48 views

CVE-2001-0975

The CVE-2001-0975 entry describes buffer overflow vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 that allow remote code execution, demonstrated by the PROTOS LDAPv3 test suite. Supported details show Oracle released Solaris-based patches for these versions (July 2001...

7.5CVSS7.4AI score0.08777EPSS
CVE
CVE
added 2002/05/03 4:0 a.m.46 views

CVE-2001-1321

CVE-2001-1321 affects Oracle Internet Directory Server 2.1.1.x and 3.0.1. The issue permits remote attackers to crash the service and potentially execute arbitrary code via invalid encodings of BER OBJECT-IDENTIFIER values, as demonstrated by the PROTOS LDAPv3 test suite. The root cause is in the...

7.5CVSS7.6AI score0.05796EPSS
CVE
CVE
added 2001/04/04 4:0 a.m.44 views

CVE-2001-0300

The CVE-2001-0300 issue pertains to the Oracle Internet Directory LDAP Daemon (oidldapd) version 2.1.1.1 included with Oracle 8i/8.1.7. The daemon writes logs to a directory (ldaplog) that has world‑writable permissions, enabling a local user to delete logs and, via a symlink attack, overwrite ot...

2.1CVSS5.9AI score0.00614EPSS