Vulnerabilities > Oracle > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2002-12-31 | CVE-2002-1635 | Unspecified vulnerability in Oracle Application Server The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin. | 5.0 |
| 2002-12-31 | CVE-2002-1632 | Information Disclosure vulnerability in Oracle 9i Application Server Sample Scripts Oracle 9i Application Server (9iAS) installs multiple sample pages that allow remote attackers to obtain environment variables and other sensitive information via (1) info.jsp, (2) printenv, (3) echo, or (4) echo2. | 6.4 |
| 2002-12-23 | CVE-2002-1373 | Unspecified vulnerability in Oracle Mysql Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call. | 5.0 |
| 2002-11-04 | CVE-2002-0386 | Denial Of Service vulnerability in Oracle Application Server 9.0.2 The administration module for Oracle Web Cache in Oracle9iAS (9i Application Suite) 9.0.2 allows remote attackers to cause a denial of service (crash) via (1) an HTTP GET request containing a ".." (dot dot) sequence, or (2) a malformed HTTP GET request with a chunked Transfer-Encoding with missing data. | 5.0 |
| 2002-10-28 | CVE-2002-1118 | Remote Denial Of Service vulnerability in Oracle TNS Listener Service_CurLoad TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and Oracle 8i 8.1.x, allows remote attackers to cause a denial of service (hang or crash) via a SERVICE_CURLOAD command. | 5.0 |
| 2002-10-04 | CVE-2002-1089 | Information Disclosure vulnerability in Oracle Application Server and Reports rwcgi60 CGI program in Oracle Reports Server, by design, provides sensitive information such as the full pathname, which could enable remote attackers to use the information in additional attacks. | 5.0 |
| 2002-09-05 | CVE-2002-0856 | Denial Of Service vulnerability in Oracle Listener Malformed Debugging Command SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote attackers to cause a denial of service (crash) via certain debug requests that are not properly handled by the debugging feature. | 5.0 |
| 2002-08-12 | CVE-2002-0659 | Denial Of Service vulnerability in OpenSSL ASN.1 Parsing Error The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings. | 5.0 |
| 2002-08-12 | CVE-2002-0509 | Denial of Service vulnerability in Oracle 9i TNS Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a single malformed TCP packet to port 1521. | 5.0 |
| 2002-07-03 | CVE-2002-0566 | Denial of Service vulnerability in Oracle 9iAS Apache PL/SQL Module PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to cause a denial of service (crash) via an HTTP Authorization header without an authentication type. | 5.0 |