Application Server
by Orionserver
CVEs (26)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2009-4493 | 0.03 | — | 0.07 | Jan 13, 2010 | Orion Application Server 2.0.7 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a… | |||
| CVE-2008-7235 | 0.01 | — | 0.05 | Sep 14, 2009 | Unspecified vulnerability in the Oracle Forms component in Oracle Application Server 10.1.2.2 and E-Business Suite 12.0.3 allows remote attackers to affect integrity via unknown vectors, aka AS04. | |||
| CVE-2008-7233 | 0.01 | — | 0.04 | Sep 14, 2009 | Unspecified vulnerability in the E-Business Application client, as used in Oracle Application Server 1.1.8.26 and E-Business Suite 11.5.10.2, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Oracle Jinitiator… | |||
| CVE-2002-2153 | 0.01 | — | 0.07 | Dec 31, 2002 | Format string vulnerability in the administrative pages of the PL/SQL module for Oracle Application Server 4.0.8 and 4.0.8 2 allows remote attackers to execute arbitrary code. | |||
| CVE-2010-0067 | 0.00 | — | 0.03 | Jan 13, 2010 | Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 10.1.2.3 and 10.1.3.4 allows remote attackers to affect confidentiality via unknown vectors. | |||
| CVE-2010-0066 | 0.00 | — | 0.03 | Jan 13, 2010 | Unspecified vulnerability in the Access Manager Identity Server component in Oracle Application Server 7.0.4.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors. | |||
| CVE-2009-3412 | 0.00 | — | 0.00 | Jan 13, 2010 | Unspecified vulnerability in the Unzip component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5; and Oracle Application Server 10.1.2.3; allows local users to affect confidentiality via unknown vectors. | |||
| CVE-2009-1010 | 0.00 | — | 0.00 | Apr 15, 2009 | Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML, a different vulnerability than CVE-2009-1008. | |||
| CVE-2009-0996 | 0.00 | — | 0.03 | Apr 15, 2009 | Unspecified vulnerability in the BI Publisher component in Oracle Application Server 10.1.3.2.1, 10.1.3.3.3, and 10.1.3.4 allows remote authenticated users to affect confidentiality via unknown vectors. | |||
| CVE-2008-4017 | 0.00 | — | 0.01 | Jan 14, 2009 | Unspecified vulnerability in the OC4J component in Oracle Application Server 10.1.2.3 allows remote attackers to affect confidentiality via unknown vectors. | |||
| CVE-2008-3986 | 0.00 | — | 0.00 | Oct 14, 2008 | Unspecified vulnerability in the Oracle Discoverer Administrator component in Oracle Application Server 9.0.4.3 and 10.1.2.2 allows local users to affect confidentiality via unknown vectors. | |||
| CVE-2008-2619 | 0.00 | — | 0.01 | Oct 14, 2008 | Unspecified vulnerability in the Oracle Reports Developer component in Oracle Application Server 1.0.2.2, 9.0.4.3, and 10.1.2.2, and E-Business Suite 11.5.10.2, allows remote authenticated users to affect availability via unknown vectors. | |||
| CVE-2008-2583 | 0.00 | — | 0.01 | Jul 15, 2008 | Unspecified vulnerability in the sample Discussion Forum Portlet for the Oracle Portal component in Oracle Application Server, as available from OTN before 20080715, has unknown impact and remote attack vectors. | |||
| CVE-2008-1824 | 0.00 | — | 0.03 | Apr 16, 2008 | Unspecified vulnerability in the Oracle Dynamic Monitoring Service component in Oracle Application Server 9.0.4.3, 10.1.2.2, and 10.1.3.3 has unknown impact and remote attack vectors, aka AS02. | |||
| CVE-2008-0346 | 0.00 | — | 0.03 | Jan 17, 2008 | Unspecified vulnerability in the Oracle Jinitiator component in Oracle Application Server 1.3.1.27 and E-Business Suite 11.5.10.2 has unknown impact and remote attack vectors, aka AS01. | |||
| CVE-2007-5521 | 0.00 | — | 0.02 | Oct 17, 2007 | Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.2, and 10.1.3.3, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS06. | |||
| CVE-2007-2121 | 0.00 | — | 0.02 | Apr 18, 2007 | Unspecified vulnerability in the COREid Access component in Oracle Application Server 7.0.4.4 has unknown impact and attack vectors, aka AS02. | |||
| CVE-2007-2123 | 0.00 | — | 0.02 | Apr 18, 2007 | Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.3 up to 10.1.3.2.0, 10.1.2 up to 10.1.2.2.0, and 9.0.4.3 has unknown impact and attack vectors, aka AS04. | |||
| CVE-2007-1609 | 0.00 | — | 0.01 | Mar 22, 2007 | Cross-site scripting (XSS) vulnerability in servlet/Spy in Dynamic Monitoring Services (DMS) in Oracle Application Server (OAS) 10g 10.1.2.0.0 allows remote attackers to inject arbitrary web script or HTML via the table parameter. NOTE: This may be related to CVE-2002-0563. | |||
| CVE-2007-0284 | 0.00 | — | 0.02 | Jan 17, 2007 | Multiple unspecified vulnerabilities in Oracle Application Server 9.0.4.3 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2, have unknown impact and attack vectors related to Oracle Containers for J2EE, aka (1) OC4J03 and (2) OC4J04. |
- CVE-2009-4493Jan 13, 2010risk 0.03cvss —epss 0.07
Orion Application Server 2.0.7 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a…
- CVE-2008-7235Sep 14, 2009risk 0.01cvss —epss 0.05
Unspecified vulnerability in the Oracle Forms component in Oracle Application Server 10.1.2.2 and E-Business Suite 12.0.3 allows remote attackers to affect integrity via unknown vectors, aka AS04.
- CVE-2008-7233Sep 14, 2009risk 0.01cvss —epss 0.04
Unspecified vulnerability in the E-Business Application client, as used in Oracle Application Server 1.1.8.26 and E-Business Suite 11.5.10.2, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Oracle Jinitiator…
- CVE-2002-2153Dec 31, 2002risk 0.01cvss —epss 0.07
Format string vulnerability in the administrative pages of the PL/SQL module for Oracle Application Server 4.0.8 and 4.0.8 2 allows remote attackers to execute arbitrary code.
- CVE-2010-0067Jan 13, 2010risk 0.00cvss —epss 0.03
Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 10.1.2.3 and 10.1.3.4 allows remote attackers to affect confidentiality via unknown vectors.
- CVE-2010-0066Jan 13, 2010risk 0.00cvss —epss 0.03
Unspecified vulnerability in the Access Manager Identity Server component in Oracle Application Server 7.0.4.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors.
- CVE-2009-3412Jan 13, 2010risk 0.00cvss —epss 0.00
Unspecified vulnerability in the Unzip component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5; and Oracle Application Server 10.1.2.3; allows local users to affect confidentiality via unknown vectors.
- CVE-2009-1010Apr 15, 2009risk 0.00cvss —epss 0.00
Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML, a different vulnerability than CVE-2009-1008.
- CVE-2009-0996Apr 15, 2009risk 0.00cvss —epss 0.03
Unspecified vulnerability in the BI Publisher component in Oracle Application Server 10.1.3.2.1, 10.1.3.3.3, and 10.1.3.4 allows remote authenticated users to affect confidentiality via unknown vectors.
- CVE-2008-4017Jan 14, 2009risk 0.00cvss —epss 0.01
Unspecified vulnerability in the OC4J component in Oracle Application Server 10.1.2.3 allows remote attackers to affect confidentiality via unknown vectors.
- CVE-2008-3986Oct 14, 2008risk 0.00cvss —epss 0.00
Unspecified vulnerability in the Oracle Discoverer Administrator component in Oracle Application Server 9.0.4.3 and 10.1.2.2 allows local users to affect confidentiality via unknown vectors.
- CVE-2008-2619Oct 14, 2008risk 0.00cvss —epss 0.01
Unspecified vulnerability in the Oracle Reports Developer component in Oracle Application Server 1.0.2.2, 9.0.4.3, and 10.1.2.2, and E-Business Suite 11.5.10.2, allows remote authenticated users to affect availability via unknown vectors.
- CVE-2008-2583Jul 15, 2008risk 0.00cvss —epss 0.01
Unspecified vulnerability in the sample Discussion Forum Portlet for the Oracle Portal component in Oracle Application Server, as available from OTN before 20080715, has unknown impact and remote attack vectors.
- CVE-2008-1824Apr 16, 2008risk 0.00cvss —epss 0.03
Unspecified vulnerability in the Oracle Dynamic Monitoring Service component in Oracle Application Server 9.0.4.3, 10.1.2.2, and 10.1.3.3 has unknown impact and remote attack vectors, aka AS02.
- CVE-2008-0346Jan 17, 2008risk 0.00cvss —epss 0.03
Unspecified vulnerability in the Oracle Jinitiator component in Oracle Application Server 1.3.1.27 and E-Business Suite 11.5.10.2 has unknown impact and remote attack vectors, aka AS01.
- CVE-2007-5521Oct 17, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.2, and 10.1.3.3, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS06.
- CVE-2007-2121Apr 18, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in the COREid Access component in Oracle Application Server 7.0.4.4 has unknown impact and attack vectors, aka AS02.
- CVE-2007-2123Apr 18, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.3 up to 10.1.3.2.0, 10.1.2 up to 10.1.2.2.0, and 9.0.4.3 has unknown impact and attack vectors, aka AS04.
- CVE-2007-1609Mar 22, 2007risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in servlet/Spy in Dynamic Monitoring Services (DMS) in Oracle Application Server (OAS) 10g 10.1.2.0.0 allows remote attackers to inject arbitrary web script or HTML via the table parameter. NOTE: This may be related to CVE-2002-0563.
- CVE-2007-0284Jan 17, 2007risk 0.00cvss —epss 0.02
Multiple unspecified vulnerabilities in Oracle Application Server 9.0.4.3 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2, have unknown impact and attack vectors related to Oracle Containers for J2EE, aka (1) OC4J03 and (2) OC4J04.
Page 1 of 2