Application Server
CVEs (200)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2002-0562 | 0.01 | — | 0.07 | Jul 3, 2002 | The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa. | |||
| CVE-2002-0559 | 0.01 | — | 0.13 | Jul 3, 2002 | Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via (1) a long help page request without a dadname, which overflows the resulting HTTP Location header, (2) a long… | |||
| CVE-2001-1371 | 0.01 | — | 0.12 | Feb 6, 2002 | The default configuration of Oracle Application Server 9iAS 1.0.2.2 enables SOAP and allows anonymous users to deploy applications by default via urn:soap-service-manager and urn:soap-provider-manager. | |||
| CVE-2001-1216 | 0.01 | — | 0.09 | Dec 21, 2001 | Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page. | |||
| CVE-2010-0070 | 0.00 | — | 0.02 | Jan 13, 2010 | Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 10.1.2.3 and 10.1.3.4 allows remote attackers to affect integrity via unknown vectors. | |||
| CVE-2010-0067 | 0.00 | — | 0.03 | Jan 13, 2010 | Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 10.1.2.3 and 10.1.3.4 allows remote attackers to affect confidentiality via unknown vectors. | |||
| CVE-2010-0066 | 0.00 | — | 0.03 | Jan 13, 2010 | Unspecified vulnerability in the Access Manager Identity Server component in Oracle Application Server 7.0.4.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors. | |||
| CVE-2009-3412 | 0.00 | — | 0.00 | Jan 13, 2010 | Unspecified vulnerability in the Unzip component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5; and Oracle Application Server 10.1.2.3; allows local users to affect confidentiality via unknown vectors. | |||
| CVE-2009-3407 | 0.00 | — | 0.03 | Oct 22, 2009 | Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2009-0974 and CVE-2009-0983. | |||
| CVE-2009-1999 | 0.00 | — | 0.02 | Oct 22, 2009 | Unspecified vulnerability in the Business Intelligence Enterprise Edition component in unspecified Oracle Application Server versions allows remote attackers to affect integrity via unknown vectors. | |||
| CVE-2009-1990 | 0.00 | — | 0.00 | Oct 22, 2009 | Unspecified vulnerability in the Business Intelligence Enterprise Edition component in Oracle Application Server 10.1.3.4.1 allows local users to affect confidentiality via unknown vectors. | |||
| CVE-2008-7237 | 0.00 | — | 0.04 | Sep 14, 2009 | Unspecified vulnerability in the Oracle Internet Directory component in Oracle Application Server 9.0.4.3 and 10.1.2.2 allows remote authenticated users to affect confidentiality via unknown vectors, aka AS06. | |||
| CVE-2008-7236 | 0.00 | — | 0.04 | Sep 14, 2009 | Unspecified vulnerability in the Oracle JDeveloper component in Oracle Application Server 10.1.2.2 and 10.1.3.1 allows remote attackers to affect integrity via unknown vectors, aka AS05. | |||
| CVE-2008-7235 | 0.00 | — | 0.05 | Sep 14, 2009 | Unspecified vulnerability in the Oracle Forms component in Oracle Application Server 10.1.2.2 and E-Business Suite 12.0.3 allows remote attackers to affect integrity via unknown vectors, aka AS04. | |||
| CVE-2008-7234 | 0.00 | — | 0.06 | Sep 14, 2009 | Unspecified vulnerability in the Oracle BPEL Worklist Application component in Oracle Application Server 10.1.2.2 and 10.1.3.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, aka AS03. | |||
| CVE-2008-7233 | 0.00 | — | 0.04 | Sep 14, 2009 | Unspecified vulnerability in the E-Business Application client, as used in Oracle Application Server 1.1.8.26 and E-Business Suite 11.5.10.2, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Oracle Jinitiator… | |||
| CVE-2009-1976 | 0.00 | — | 0.01 | Jul 14, 2009 | Unspecified vulnerability in the HTTP Server component in Oracle Application Server 10.1.2.3 allows remote attackers to affect integrity via unknown vectors. | |||
| CVE-2009-0217 | 0.00 | — | 0.06 | Jul 14, 2009 | The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA… | |||
| CVE-2009-1017 | 0.00 | — | 0.03 | Apr 15, 2009 | Unspecified vulnerability in the BI Publisher component in Oracle Application Server 5.6.2, 10.1.3.2.1, 10.1.3.3.3, and 10.1.3.4 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2009-0994. | |||
| CVE-2009-1011 | 0.00 | — | 0.00 | Apr 15, 2009 | Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML. NOTE: the previous information was obtained from the April 2009 CPU. Oracle… |
- CVE-2002-0562Jul 3, 2002risk 0.01cvss —epss 0.07
The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa.
- CVE-2002-0559Jul 3, 2002risk 0.01cvss —epss 0.13
Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via (1) a long help page request without a dadname, which overflows the resulting HTTP Location header, (2) a long…
- CVE-2001-1371Feb 6, 2002risk 0.01cvss —epss 0.12
The default configuration of Oracle Application Server 9iAS 1.0.2.2 enables SOAP and allows anonymous users to deploy applications by default via urn:soap-service-manager and urn:soap-provider-manager.
- CVE-2001-1216Dec 21, 2001risk 0.01cvss —epss 0.09
Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.
- CVE-2010-0070Jan 13, 2010risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 10.1.2.3 and 10.1.3.4 allows remote attackers to affect integrity via unknown vectors.
- CVE-2010-0067Jan 13, 2010risk 0.00cvss —epss 0.03
Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 10.1.2.3 and 10.1.3.4 allows remote attackers to affect confidentiality via unknown vectors.
- CVE-2010-0066Jan 13, 2010risk 0.00cvss —epss 0.03
Unspecified vulnerability in the Access Manager Identity Server component in Oracle Application Server 7.0.4.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors.
- CVE-2009-3412Jan 13, 2010risk 0.00cvss —epss 0.00
Unspecified vulnerability in the Unzip component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5; and Oracle Application Server 10.1.2.3; allows local users to affect confidentiality via unknown vectors.
- CVE-2009-3407Oct 22, 2009risk 0.00cvss —epss 0.03
Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2009-0974 and CVE-2009-0983.
- CVE-2009-1999Oct 22, 2009risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Business Intelligence Enterprise Edition component in unspecified Oracle Application Server versions allows remote attackers to affect integrity via unknown vectors.
- CVE-2009-1990Oct 22, 2009risk 0.00cvss —epss 0.00
Unspecified vulnerability in the Business Intelligence Enterprise Edition component in Oracle Application Server 10.1.3.4.1 allows local users to affect confidentiality via unknown vectors.
- CVE-2008-7237Sep 14, 2009risk 0.00cvss —epss 0.04
Unspecified vulnerability in the Oracle Internet Directory component in Oracle Application Server 9.0.4.3 and 10.1.2.2 allows remote authenticated users to affect confidentiality via unknown vectors, aka AS06.
- CVE-2008-7236Sep 14, 2009risk 0.00cvss —epss 0.04
Unspecified vulnerability in the Oracle JDeveloper component in Oracle Application Server 10.1.2.2 and 10.1.3.1 allows remote attackers to affect integrity via unknown vectors, aka AS05.
- CVE-2008-7235Sep 14, 2009risk 0.00cvss —epss 0.05
Unspecified vulnerability in the Oracle Forms component in Oracle Application Server 10.1.2.2 and E-Business Suite 12.0.3 allows remote attackers to affect integrity via unknown vectors, aka AS04.
- CVE-2008-7234Sep 14, 2009risk 0.00cvss —epss 0.06
Unspecified vulnerability in the Oracle BPEL Worklist Application component in Oracle Application Server 10.1.2.2 and 10.1.3.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, aka AS03.
- CVE-2008-7233Sep 14, 2009risk 0.00cvss —epss 0.04
Unspecified vulnerability in the E-Business Application client, as used in Oracle Application Server 1.1.8.26 and E-Business Suite 11.5.10.2, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Oracle Jinitiator…
- CVE-2009-1976Jul 14, 2009risk 0.00cvss —epss 0.01
Unspecified vulnerability in the HTTP Server component in Oracle Application Server 10.1.2.3 allows remote attackers to affect integrity via unknown vectors.
- CVE-2009-0217Jul 14, 2009risk 0.00cvss —epss 0.06
The design of the W3C XML Signature Syntax and Processing (XMLDsig) recommendation, as implemented in products including (1) the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; (2) the WebLogic Server component in BEA…
- CVE-2009-1017Apr 15, 2009risk 0.00cvss —epss 0.03
Unspecified vulnerability in the BI Publisher component in Oracle Application Server 5.6.2, 10.1.3.2.1, 10.1.3.3.3, and 10.1.3.4 allows remote authenticated users to affect confidentiality via unknown vectors, a different vulnerability than CVE-2009-0994.
- CVE-2009-1011Apr 15, 2009risk 0.00cvss —epss 0.00
Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML. NOTE: the previous information was obtained from the April 2009 CPU. Oracle…
Page 3 of 10