Vulnerabilities > Oracle > Application Server > 1.0.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2002-07-03 | CVE-2002-0560 | Unspecified vulnerability in Oracle products PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to obtain sensitive information via the OWA_UTIL stored procedures (1) OWA_UTIL.signature, (2) OWA_UTIL.listprint, or (3) OWA_UTIL.show_query_columns. | 5.0 |
2002-07-03 | CVE-2002-0559 | Buffer Overflows vulnerability in Oracle 9iAS Apache PL/SQL Module Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via (1) a long help page request without a dadname, which overflows the resulting HTTP Location header, (2) a long HTTP request to the plsql module, (3) a long password in the HTTP Authorization, (4) a long Access Descriptor (DAD) password in the addadd form, or (5) a long cache directory name. | 7.5 |
2002-02-06 | CVE-2001-1372 | Unspecified vulnerability in Oracle Application Server 1.0.2 Oracle 9i Application Server 1.0.2 allows remote attackers to obtain the physical path of a file under the server root via a request for a non-existent .JSP file, which leaks the pathname in an error message. | 5.0 |
2002-02-06 | CVE-2001-1371 | Permissions, Privileges, and Access Controls vulnerability in Oracle Application Server 1.0.2 The default configuration of Oracle Application Server 9iAS 1.0.2.2 enables SOAP and allows anonymous users to deploy applications by default via urn:soap-service-manager and urn:soap-provider-manager. | 7.5 |
2001-12-21 | CVE-2001-1217 | Directory Traversal vulnerability in Oracle Application Server 1.0.2 Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. | 5.0 |
2001-12-21 | CVE-2001-1216 | Buffer Overflow vulnerability in Oracle Application Server 1.0.2 Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page. | 7.5 |
2001-08-22 | CVE-2001-0591 | Unspecified vulnerability in Oracle Application Server and JSP Directory traversal vulnerability in Oracle JSP 1.0.x through 1.1.1 and Oracle 8.1.7 iAS Release 1.0.2 can allow a remote attacker to read or execute arbitrary .jsp files via a '..' (dot dot) attack. | 7.5 |
2000-12-31 | CVE-2000-1236 | Unspecified vulnerability in Oracle Application Server SQL injection vulnerability in mod_sql in Oracle Internet Application Server (IAS) 3.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the query string of the URL. | 7.5 |
2000-12-31 | CVE-2000-1235 | Unspecified vulnerability in Oracle Application Server The default configurations of (1) the port listener and (2) modplsql in Oracle Internet Application Server (IAS) 3.0.7 and earlier allow remote attackers to view privileged database information via HTTP requests for Database Access Descriptor (DAD) files. | 5.0 |