VYPR

HTTP Server

by Oracle Corporation

CVEs (65)

  • CVE-2019-5482CriSep 16, 2019
    risk 0.64cvss 9.8epss 0.18

    Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.

  • CVE-2026-34291HigApr 21, 2026
    risk 0.57cvss 8.7epss 0.00

    Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise…

  • CVE-2009-1955HigJun 8, 2009
    risk 0.49cvss 7.5epss 0.53

    The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document…

  • CVE-2013-2566MedMar 15, 2013
    risk 0.48cvss 5.9epss 0.84

    The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis of ciphertext in a large number of sessions that use the same plaintext.

  • CVE-2021-41617HigSep 26, 2021
    risk 0.46cvss 7.0epss 0.02

    sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with…

  • CVE-2018-2760MedApr 19, 2018
    risk 0.39cvss 5.9epss 0.02

    Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: OSSL Module). Supported versions that are affected are 12.1.3 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise…

  • CVE-2020-1971MedDec 8, 2020
    risk 0.38cvss 5.9epss 0.07

    The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This…

  • CVE-2015-3195MedDec 6, 2015
    risk 0.38cvss 5.3epss 0.39

    The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1q, and 1.0.2 before 1.0.2e mishandles errors caused by malformed X509_ATTRIBUTE data, which allows remote attackers to obtain sensitive information…

  • CVE-2018-2561MedJan 18, 2018
    risk 0.35cvss 5.3epss 0.02

    Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker…

  • CVE-2015-2808LowApr 1, 2015
    risk 0.30cvss 3.7epss 0.74

    The RC4 algorithm, as used in the TLS protocol and SSL protocol, does not properly combine state data with key data during the initialization phase, which makes it easier for remote attackers to conduct plaintext-recovery attacks against the initial bytes of a stream by sniffing…

  • CVE-2016-3482LowJul 21, 2016
    risk 0.24cvss 3.7epss 0.02

    Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.9 and 12.1.3.0 allows remote attackers to affect confidentiality via vectors related to SSL/TLS Module.

  • CVE-2016-0671LowApr 21, 2016
    risk 0.24cvss 3.7epss 0.01

    Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 12.1.2.0 allows remote attackers to affect confidentiality via vectors related to OSSL Module.

  • CVE-2014-0226Jul 20, 2014
    risk 0.10cvss epss 0.86

    Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers…

  • CVE-2002-0656Aug 12, 2002
    risk 0.10cvss epss 0.90

    Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3.

  • CVE-2004-2115Dec 31, 2004
    risk 0.08cvss epss 0.58

    Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.

  • CVE-2002-0659Aug 12, 2002
    risk 0.06cvss epss 0.36

    The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.

  • CVE-2013-5704Apr 15, 2014
    risk 0.05cvss epss 0.60

    The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as…

  • CVE-2006-0287Jan 18, 2006
    risk 0.05cvss epss 0.25

    Unspecified vulnerability in the Oracle HTTP Server component of Oracle Database Server 10.1.0.5 and Application Server 10.1.2.0.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# OHS02.

  • CVE-2007-5000Dec 13, 2007
    risk 0.04cvss epss 0.47

    Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or…

  • CVE-2014-0098Mar 18, 2014
    risk 0.02cvss epss 0.26

    The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.

Page 1 of 4