Vulnerabilities > Oracle > Http Server
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-10-18 | CVE-2006-5348 | Multiple vulnerability in Oracle Collaboration Suite, E-Business Suite and Http Server Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, Oracle Collaboration Suite 9.0.4.2, and Oracle E-Business Suite and Applications 11.5.10CU2 has unknown impact and remote attack vectors related to HTTPS and SSL, aka Vuln# OHS05. | 10.0 |
| 2006-10-18 | CVE-2006-5347 | Multiple vulnerability in Oracle Http Server 9.2.0.7 Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and Oracle Collaboration Suite 9.0.4.2 has unknown impact and remote attack vectors related to HTTPS and SSL, aka Vuln# OHS04. | 10.0 |
| 2006-10-18 | CVE-2006-5346 | Multiple vulnerability in Oracle Collaboration Suite, E-Business Suite and Http Server Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, as used in Oracle Collaboration Suite 9.0.4.2 and Oracle E-Business Suite and Applications 11.5.10CU2, has unknown impact and remote attack vectors related to htdigest, aka Vuln# OHS02. | 7.6 |
| 2006-01-26 | CVE-2006-0435 | Unspecified vulnerability in Oracle Application Server and Http Server Unspecified vulnerability in Oracle PL/SQL (PLSQL), as used in Database Server DS 9.2.0.7 and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, E-Business Suite and Applications 11.5.10, and Collaboration Suite 10.1.1, 10.1.2.0, 10.1.2.1, and 9.0.4.2, allows attackers to bypass the PLSQLExclusion list and access excluded packages and procedures, aka Vuln# PLSQL01. | 7.5 |
| 2004-12-31 | CVE-2004-2115 | Cross-Site Scripting vulnerability in Oracle Http Server 8.1.7/9.0.1/9.2.0 Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request. network oracle | 6.8 |
| 2004-03-30 | CVE-2004-1877 | Authentication Credential Disclosure vulnerability in Oracle Application Server and Http Server The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password. | 2.6 |
| 2002-08-12 | CVE-2002-0659 | Denial Of Service vulnerability in OpenSSL ASN.1 Parsing Error The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings. | 5.0 |
| 2002-08-12 | CVE-2002-0656 | Buffer Overflow vulnerability in OpenSSL SSLv3 Session ID Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3. | 7.5 |
| 2002-08-12 | CVE-2002-0655 | Buffer Overflow vulnerability in OpenSSL ASCII Representation Of Integers OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code. | 7.5 |
| 1997-09-19 | CVE-1999-1125 | Unspecified vulnerability in Oracle Http Server Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file. | 10.0 |