Portal
CVEs (16)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-1181 | Hig | 0.47 | 8.1 | 0.13 | Jul 4, 2016 | ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to… | ||
| CVE-2006-6697 | 0.04 | — | 0.10 | Dec 22, 2006 | CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter. | |||
| CVE-2007-1506 | 0.03 | — | 0.02 | Mar 19, 2007 | Cross-site scripting (XSS) vulnerability in PORTAL.wwv_main.render_warning_screen in the Oracle Portal 10g allows remote attackers to inject arbitrary web script or HTML via the (1) p_oldurl and (2) p_newurl parameters. | |||
| CVE-2006-6703 | 0.03 | — | 0.02 | Dec 23, 2006 | Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal 9i and 10g allow remote attackers to inject arbitrary JavaScript via the tc parameter in webapp/jsp/container_tabs.jsp, and other unspecified vectors. | |||
| CVE-2009-0974 | 0.00 | — | 0.03 | Apr 15, 2009 | Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2009-0983 and CVE-2009-3407. | |||
| CVE-2008-5438 | 0.00 | — | 0.02 | Jan 14, 2009 | Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors. | |||
| CVE-2008-3977 | 0.00 | — | 0.02 | Oct 14, 2008 | Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 and 10.1.2.3 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2008-3975. | |||
| CVE-2008-3975 | 0.00 | — | 0.02 | Oct 14, 2008 | Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 and 10.1.2.3 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2008-3977. | |||
| CVE-2008-2583 | 0.00 | — | 0.01 | Jul 15, 2008 | Unspecified vulnerability in the sample Discussion Forum Portlet for the Oracle Portal component in Oracle Application Server, as available from OTN before 20080715, has unknown impact and remote attack vectors. | |||
| CVE-2008-2594 | 0.00 | — | 0.02 | Jul 15, 2008 | Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-2593. | |||
| CVE-2008-2593 | 0.00 | — | 0.02 | Jul 15, 2008 | Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-2594. | |||
| CVE-2008-2609 | 0.00 | — | 0.01 | Jul 15, 2008 | Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3, 10.1.2.3, and 10.1.4.2 has unknown impact and remote attack vectors. | |||
| CVE-2008-2589 | 0.00 | — | 0.01 | Jul 15, 2008 | Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3, 10.1.2.2, and 10.1.4.1 has unknown impact and remote attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable… | |||
| CVE-2008-1825 | 0.00 | — | 0.02 | Apr 16, 2008 | Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 has unknown impact and remote attack vectors, aka AS03. | |||
| CVE-2007-5517 | 0.00 | — | 0.02 | Oct 17, 2007 | Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.0.2 and 10.1.4.1, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS02. | |||
| CVE-2006-6699 | 0.00 | — | 0.01 | Dec 23, 2006 | Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and possibly other versions allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter to (1) calendarDialog.jsp or (2) fred.jsp. … |
- risk 0.47cvss 8.1epss 0.13
ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to…
- CVE-2006-6697Dec 22, 2006risk 0.04cvss —epss 0.10
CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter.
- CVE-2007-1506Mar 19, 2007risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in PORTAL.wwv_main.render_warning_screen in the Oracle Portal 10g allows remote attackers to inject arbitrary web script or HTML via the (1) p_oldurl and (2) p_newurl parameters.
- CVE-2006-6703Dec 23, 2006risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal 9i and 10g allow remote attackers to inject arbitrary JavaScript via the tc parameter in webapp/jsp/container_tabs.jsp, and other unspecified vectors.
- CVE-2009-0974Apr 15, 2009risk 0.00cvss —epss 0.03
Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2009-0983 and CVE-2009-3407.
- CVE-2008-5438Jan 14, 2009risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors.
- CVE-2008-3977Oct 14, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 and 10.1.2.3 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2008-3975.
- CVE-2008-3975Oct 14, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 and 10.1.2.3 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2008-3977.
- CVE-2008-2583Jul 15, 2008risk 0.00cvss —epss 0.01
Unspecified vulnerability in the sample Discussion Forum Portlet for the Oracle Portal component in Oracle Application Server, as available from OTN before 20080715, has unknown impact and remote attack vectors.
- CVE-2008-2594Jul 15, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-2593.
- CVE-2008-2593Jul 15, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-2594.
- CVE-2008-2609Jul 15, 2008risk 0.00cvss —epss 0.01
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3, 10.1.2.3, and 10.1.4.2 has unknown impact and remote attack vectors.
- CVE-2008-2589Jul 15, 2008risk 0.00cvss —epss 0.01
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3, 10.1.2.2, and 10.1.4.1 has unknown impact and remote attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable…
- CVE-2008-1825Apr 16, 2008risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 has unknown impact and remote attack vectors, aka AS03.
- CVE-2007-5517Oct 17, 2007risk 0.00cvss —epss 0.02
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.0.2 and 10.1.4.1, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS02.
- CVE-2006-6699Dec 23, 2006risk 0.00cvss —epss 0.01
Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and possibly other versions allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter to (1) calendarDialog.jsp or (2) fred.jsp. …