Vulnerabilities > Oracle > Http Server

DATE CVE VULNERABILITY TITLE RISK
2019-07-23 CVE-2019-2751 Unspecified vulnerability in Oracle Http Server 12.1.3.0.0/12.2.1.3.0
Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: OHS Config MBeans).
network
high complexity
oracle
5.9
2019-07-02 CVE-2019-5443 Uncontrolled Search Path Element vulnerability in multiple products
A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation.
local
low complexity
haxx oracle netapp CWE-427
7.8
2019-06-24 CVE-2018-20843 XXE vulnerability in multiple products
In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks).
7.5
2019-06-11 CVE-2019-0197 HTTP Request Smuggling vulnerability in multiple products
A vulnerability was found in Apache HTTP Server 2.4.34 to 2.4.38.
4.2
2019-04-08 CVE-2019-0211 Use After Free vulnerability in multiple products
In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard.
7.8
2019-04-08 CVE-2019-0217 Race Condition vulnerability in multiple products
In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.
7.5
2019-02-06 CVE-2019-3823 libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP.
network
low complexity
haxx canonical debian netapp oracle
7.5
2019-02-06 CVE-2019-3822 Out-of-bounds Write vulnerability in multiple products
libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow.
network
low complexity
haxx canonical debian netapp siemens oracle redhat CWE-787
critical
9.8
2019-02-06 CVE-2018-16890 Integer Overflow or Wraparound vulnerability in multiple products
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read.
7.5
2019-01-16 CVE-2019-2414 Unspecified vulnerability in Oracle Http Server 12.2.1.3.0
Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener).
local
low complexity
oracle
7.8