HTTP Server
CVEs (65)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-0435 | 0.00 | — | 0.06 | Jan 26, 2006 | Unspecified vulnerability in Oracle PL/SQL (PLSQL), as used in Database Server DS 9.2.0.7 and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, E-Business Suite and Applications 11.5.10, and Collaboration Suite 10.1.1, 10.1.2.0, 10.1.2.1, and… | |||
| CVE-2006-0286 | 0.00 | — | 0.05 | Jan 18, 2006 | Unspecified vulnerability in the Oracle HTTP Server component of Oracle Database Server 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, and 10.1.0.5, and Application Server 1.0.2.2, 9.0.4.2, and 10.1.2.0.2, has unspecified impact and attack vectors, as identified by Oracle Vuln# OHS01. | |||
| CVE-2004-1877 | 0.00 | — | 0.03 | Mar 30, 2004 | The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and… | |||
| CVE-1999-1125 | 0.00 | — | 0.04 | Sep 19, 1997 | Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file. | |||
| CVE-1999-1068 | 0.00 | — | 0.02 | Jul 23, 1997 | Oracle Webserver 2.1, when serving PL/SQL stored procedures, allows remote attackers to cause a denial of service via a long HTTP GET request. |
- CVE-2006-0435Jan 26, 2006risk 0.00cvss —epss 0.06
Unspecified vulnerability in Oracle PL/SQL (PLSQL), as used in Database Server DS 9.2.0.7 and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, E-Business Suite and Applications 11.5.10, and Collaboration Suite 10.1.1, 10.1.2.0, 10.1.2.1, and…
- CVE-2006-0286Jan 18, 2006risk 0.00cvss —epss 0.05
Unspecified vulnerability in the Oracle HTTP Server component of Oracle Database Server 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, and 10.1.0.5, and Application Server 1.0.2.2, 9.0.4.2, and 10.1.2.0.2, has unspecified impact and attack vectors, as identified by Oracle Vuln# OHS01.
- CVE-2004-1877Mar 30, 2004risk 0.00cvss —epss 0.03
The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and…
- CVE-1999-1125Sep 19, 1997risk 0.00cvss —epss 0.04
Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file.
- CVE-1999-1068Jul 23, 1997risk 0.00cvss —epss 0.02
Oracle Webserver 2.1, when serving PL/SQL stored procedures, allows remote attackers to cause a denial of service via a long HTTP GET request.
Page 4 of 4