VYPR

Application Server

by Oracle Corporation

CVEs (200)

  • CVE-2002-0562Jul 3, 2002
    risk 0.01cvss epss 0.07

    The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa.

  • CVE-2002-0559Jul 3, 2002
    risk 0.01cvss epss 0.13

    Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via (1) a long help page request without a dadname, which overflows the resulting HTTP Location header, (2) a long…

  • CVE-2001-1371Feb 6, 2002
    risk 0.01cvss epss 0.12

    The default configuration of Oracle Application Server 9iAS 1.0.2.2 enables SOAP and allows anonymous users to deploy applications by default via urn:soap-service-manager and urn:soap-provider-manager.

  • CVE-2001-1216Dec 21, 2001
    risk 0.01cvss epss 0.09

    Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.

  • CVE-2010-0070Jan 13, 2010
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 10.1.2.3 and 10.1.3.4 allows remote attackers to affect integrity via unknown vectors.

  • CVE-2010-0067Jan 13, 2010
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 10.1.2.3 and 10.1.3.4 allows remote attackers to affect confidentiality via unknown vectors.

  • CVE-2010-0066Jan 13, 2010
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the Access Manager Identity Server component in Oracle Application Server 7.0.4.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors.

  • CVE-2009-3412Jan 13, 2010
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the Unzip component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5; and Oracle Application Server 10.1.2.3; allows local users to affect confidentiality via unknown vectors.

  • CVE-2009-3407Oct 22, 2009
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2009-0974 and CVE-2009-0983.

  • CVE-2009-1999Oct 22, 2009
    risk 0.00cvss epss 0.02

    Unspecified vulnerability in the Business Intelligence Enterprise Edition component in unspecified Oracle Application Server versions allows remote attackers to affect integrity via unknown vectors.

  • CVE-2009-1990Oct 22, 2009
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the Business Intelligence Enterprise Edition component in Oracle Application Server 10.1.3.4.1 allows local users to affect confidentiality via unknown vectors.

  • CVE-2008-7237Sep 14, 2009
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in the Oracle Internet Directory component in Oracle Application Server 9.0.4.3 and 10.1.2.2 allows remote authenticated users to affect confidentiality via unknown vectors, aka AS06.

  • CVE-2008-7236Sep 14, 2009
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in the Oracle JDeveloper component in Oracle Application Server 10.1.2.2 and 10.1.3.1 allows remote attackers to affect integrity via unknown vectors, aka AS05.

  • CVE-2008-7235Sep 14, 2009
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in the Oracle Forms component in Oracle Application Server 10.1.2.2 and E-Business Suite 12.0.3 allows remote attackers to affect integrity via unknown vectors, aka AS04.

  • CVE-2008-7234Sep 14, 2009
    risk 0.00cvss epss 0.06

    Unspecified vulnerability in the Oracle BPEL Worklist Application component in Oracle Application Server 10.1.2.2 and 10.1.3.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, aka AS03.

  • CVE-2008-7233Sep 14, 2009
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in the E-Business Application client, as used in Oracle Application Server 1.1.8.26 and E-Business Suite 11.5.10.2, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Oracle Jinitiator…

  • CVE-2009-1976Jul 14, 2009
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the HTTP Server component in Oracle Application Server 10.1.2.3 allows remote attackers to affect integrity via unknown vectors.

  • CVE-2009-0217Jul 14, 2009
    risk 0.00cvss epss 0.06

    The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA…

  • CVE-2009-1017Apr 15, 2009
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the BI Publisher component in Oracle Application Server 5.6.2, 10.1.3.2.1, 10.1.3.3.3, and 10.1.3.4 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2009-0994.

  • CVE-2009-1011Apr 15, 2009
    risk 0.00cvss epss 0.00

    Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML. NOTE: the previous information was obtained from the April 2009 CPU. Oracle…

Page 3 of 10