Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2002-0843

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-05 Oct, 2002 | 04:00
Updated At-08 Aug, 2024 | 03:03
Rejected At-
Credits

Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:05 Oct, 2002 | 04:00
Updated At:08 Aug, 2024 | 03:03
Rejected At:
â–¼CVE Numbering Authority (CNA)

Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.debian.org/security/2002/dsa-188
vendor-advisory
x_refsource_DEBIAN
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530
vendor-advisory
x_refsource_CONECTIVA
http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2
x_refsource_CONFIRM
http://www.linuxsecurity.com/advisories/other_advisory-2414.html
vendor-advisory
x_refsource_ENGARDE
http://www.securityfocus.com/bid/5996
vdb-entry
x_refsource_BID
http://www-1.ibm.com/support/search.wss?rs=0&q=IY87070&apar=only
vendor-advisory
x_refsource_AIXAPAR
ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I
vendor-advisory
x_refsource_SGI
http://online.securityfocus.com/advisories/4617
vendor-advisory
x_refsource_HP
http://www.vupen.com/english/advisories/2006/3263
vdb-entry
x_refsource_VUPEN
http://archives.neohapsis.com/archives/bugtraq/2002-10/0229.html
mailing-list
x_refsource_BUGTRAQ
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530
vendor-advisory
x_refsource_CONECTIVA
http://www.debian.org/security/2002/dsa-187
vendor-advisory
x_refsource_DEBIAN
http://www.apacheweek.com/issues/02-10-04
x_refsource_CONFIRM
http://www.securityfocus.com/bid/5887
vdb-entry
x_refsource_BID
http://www.debian.org/security/2002/dsa-195
vendor-advisory
x_refsource_DEBIAN
http://marc.info/?l=bugtraq&m=103376585508776&w=2
mailing-list
x_refsource_BUGTRAQ
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php
vendor-advisory
x_refsource_MANDRAKE
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2871
x_refsource_CONFIRM
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530
vendor-advisory
x_refsource_CONECTIVA
http://secunia.com/advisories/21425
third-party-advisory
x_refsource_SECUNIA
http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html
mailing-list
x_refsource_BUGTRAQ
http://www.securityfocus.com/bid/5995
vdb-entry
x_refsource_BID
http://www.iss.net/security_center/static/10281.php
vdb-entry
x_refsource_XF
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
Hyperlink: http://www.debian.org/security/2002/dsa-188
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530
Resource:
vendor-advisory
x_refsource_CONECTIVA
Hyperlink: http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.linuxsecurity.com/advisories/other_advisory-2414.html
Resource:
vendor-advisory
x_refsource_ENGARDE
Hyperlink: http://www.securityfocus.com/bid/5996
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www-1.ibm.com/support/search.wss?rs=0&q=IY87070&apar=only
Resource:
vendor-advisory
x_refsource_AIXAPAR
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I
Resource:
vendor-advisory
x_refsource_SGI
Hyperlink: http://online.securityfocus.com/advisories/4617
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.vupen.com/english/advisories/2006/3263
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2002-10/0229.html
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530
Resource:
vendor-advisory
x_refsource_CONECTIVA
Hyperlink: http://www.debian.org/security/2002/dsa-187
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.apacheweek.com/issues/02-10-04
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/5887
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.debian.org/security/2002/dsa-195
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://marc.info/?l=bugtraq&m=103376585508776&w=2
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php
Resource:
vendor-advisory
x_refsource_MANDRAKE
Hyperlink: http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2871
Resource:
x_refsource_CONFIRM
Hyperlink: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530
Resource:
vendor-advisory
x_refsource_CONECTIVA
Hyperlink: http://secunia.com/advisories/21425
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.securityfocus.com/bid/5995
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.iss.net/security_center/static/10281.php
Resource:
vdb-entry
x_refsource_XF
Hyperlink: https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.debian.org/security/2002/dsa-188
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530
vendor-advisory
x_refsource_CONECTIVA
x_transferred
http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2
x_refsource_CONFIRM
x_transferred
http://www.linuxsecurity.com/advisories/other_advisory-2414.html
vendor-advisory
x_refsource_ENGARDE
x_transferred
http://www.securityfocus.com/bid/5996
vdb-entry
x_refsource_BID
x_transferred
http://www-1.ibm.com/support/search.wss?rs=0&q=IY87070&apar=only
vendor-advisory
x_refsource_AIXAPAR
x_transferred
ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I
vendor-advisory
x_refsource_SGI
x_transferred
http://online.securityfocus.com/advisories/4617
vendor-advisory
x_refsource_HP
x_transferred
http://www.vupen.com/english/advisories/2006/3263
vdb-entry
x_refsource_VUPEN
x_transferred
http://archives.neohapsis.com/archives/bugtraq/2002-10/0229.html
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530
vendor-advisory
x_refsource_CONECTIVA
x_transferred
http://www.debian.org/security/2002/dsa-187
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.apacheweek.com/issues/02-10-04
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/5887
vdb-entry
x_refsource_BID
x_transferred
http://www.debian.org/security/2002/dsa-195
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://marc.info/?l=bugtraq&m=103376585508776&w=2
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php
vendor-advisory
x_refsource_MANDRAKE
x_transferred
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2871
x_refsource_CONFIRM
x_transferred
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530
vendor-advisory
x_refsource_CONECTIVA
x_transferred
http://secunia.com/advisories/21425
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.securityfocus.com/bid/5995
vdb-entry
x_refsource_BID
x_transferred
http://www.iss.net/security_center/static/10281.php
vdb-entry
x_refsource_XF
x_transferred
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.debian.org/security/2002/dsa-188
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530
Resource:
vendor-advisory
x_refsource_CONECTIVA
x_transferred
Hyperlink: http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.linuxsecurity.com/advisories/other_advisory-2414.html
Resource:
vendor-advisory
x_refsource_ENGARDE
x_transferred
Hyperlink: http://www.securityfocus.com/bid/5996
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www-1.ibm.com/support/search.wss?rs=0&q=IY87070&apar=only
Resource:
vendor-advisory
x_refsource_AIXAPAR
x_transferred
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I
Resource:
vendor-advisory
x_refsource_SGI
x_transferred
Hyperlink: http://online.securityfocus.com/advisories/4617
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2006/3263
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2002-10/0229.html
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530
Resource:
vendor-advisory
x_refsource_CONECTIVA
x_transferred
Hyperlink: http://www.debian.org/security/2002/dsa-187
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.apacheweek.com/issues/02-10-04
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/5887
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.debian.org/security/2002/dsa-195
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=103376585508776&w=2
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php
Resource:
vendor-advisory
x_refsource_MANDRAKE
x_transferred
Hyperlink: http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2871
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530
Resource:
vendor-advisory
x_refsource_CONECTIVA
x_transferred
Hyperlink: http://secunia.com/advisories/21425
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.securityfocus.com/bid/5995
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.iss.net/security_center/static/10281.php
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:11 Oct, 2002 | 04:00
Updated At:03 Apr, 2025 | 01:03

Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
The Apache Software Foundation
apache
>>http_server>>1.3
cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.1
cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.3
cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.4
cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.6
cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.9
cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.11
cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.12
cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.14
cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.17
cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.18
cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.19
cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.20
cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.22
cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.23
cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.24
cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.25
cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.26
cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>application_server>>1.0.2
cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>application_server>>1.0.2.1s
cpe:2.3:a:oracle:application_server:1.0.2.1s:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>application_server>>1.0.2.2
cpe:2.3:a:oracle:application_server:1.0.2.2:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>application_server>>9.0.2
cpe:2.3:a:oracle:application_server:9.0.2:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>application_server>>9.0.2
cpe:2.3:a:oracle:application_server:9.0.2:r2:*:*:*:*:*:*
Oracle Corporation
oracle
>>application_server>>9.0.2.1
cpe:2.3:a:oracle:application_server:9.0.2.1:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>database_server>>8.1.7
cpe:2.3:a:oracle:database_server:8.1.7:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>database_server>>9.2.2
cpe:2.3:a:oracle:database_server:9.2.2:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>oracle8i>>8.1.7
cpe:2.3:a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>oracle8i>>8.1.7.0.0_enterprise
cpe:2.3:a:oracle:oracle8i:8.1.7.0.0_enterprise:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>oracle8i>>8.1.7.1
cpe:2.3:a:oracle:oracle8i:8.1.7.1:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>oracle8i>>8.1.7.1.0_enterprise
cpe:2.3:a:oracle:oracle8i:8.1.7.1.0_enterprise:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
Organization : Apache
Last Modified : 2008-07-02T00:00:00

Fixed in Apache HTTP Server 1.3.27: http://httpd.apache.org/security/vulnerabilities_13.html

References
HyperlinkSourceResource
ftp://patches.sgi.com/support/free/security/advisories/20021105-01-Icve@mitre.org
N/A
http://archives.neohapsis.com/archives/bugtraq/2002-10/0229.htmlcve@mitre.org
N/A
http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.htmlcve@mitre.org
N/A
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530cve@mitre.org
N/A
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530cve@mitre.org
N/A
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530cve@mitre.org
N/A
http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2cve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=103376585508776&w=2cve@mitre.org
N/A
http://online.securityfocus.com/advisories/4617cve@mitre.org
N/A
http://secunia.com/advisories/21425cve@mitre.org
N/A
http://www-1.ibm.com/support/search.wss?rs=0&q=IY87070&apar=onlycve@mitre.org
N/A
http://www.apacheweek.com/issues/02-10-04cve@mitre.org
Vendor Advisory
http://www.debian.org/security/2002/dsa-187cve@mitre.org
N/A
http://www.debian.org/security/2002/dsa-188cve@mitre.org
N/A
http://www.debian.org/security/2002/dsa-195cve@mitre.org
N/A
http://www.iss.net/security_center/static/10281.phpcve@mitre.org
N/A
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.phpcve@mitre.org
N/A
http://www.linuxsecurity.com/advisories/other_advisory-2414.htmlcve@mitre.org
N/A
http://www.securityfocus.com/bid/5887cve@mitre.org
N/A
http://www.securityfocus.com/bid/5995cve@mitre.org
N/A
http://www.securityfocus.com/bid/5996cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2006/3263cve@mitre.org
N/A
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2871cve@mitre.org
N/A
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3Ecve@mitre.org
N/A
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3Ecve@mitre.org
N/A
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Ecve@mitre.org
N/A
https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3Ecve@mitre.org
N/A
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3Ecve@mitre.org
N/A
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Ecve@mitre.org
N/A
ftp://patches.sgi.com/support/free/security/advisories/20021105-01-Iaf854a3a-2127-422b-91ae-364da2661108
N/A
http://archives.neohapsis.com/archives/bugtraq/2002-10/0229.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530af854a3a-2127-422b-91ae-364da2661108
N/A
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530af854a3a-2127-422b-91ae-364da2661108
N/A
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=103376585508776&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://online.securityfocus.com/advisories/4617af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/21425af854a3a-2127-422b-91ae-364da2661108
N/A
http://www-1.ibm.com/support/search.wss?rs=0&q=IY87070&apar=onlyaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.apacheweek.com/issues/02-10-04af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.debian.org/security/2002/dsa-187af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2002/dsa-188af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2002/dsa-195af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.iss.net/security_center/static/10281.phpaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.phpaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.linuxsecurity.com/advisories/other_advisory-2414.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/5887af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/5995af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/5996af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2006/3263af854a3a-2127-422b-91ae-364da2661108
N/A
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2871af854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2002-10/0229.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=103376585508776&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://online.securityfocus.com/advisories/4617
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/21425
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www-1.ibm.com/support/search.wss?rs=0&q=IY87070&apar=only
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.apacheweek.com/issues/02-10-04
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.debian.org/security/2002/dsa-187
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2002/dsa-188
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2002/dsa-195
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.iss.net/security_center/static/10281.php
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.linuxsecurity.com/advisories/other_advisory-2414.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/5887
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/5995
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/5996
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2006/3263
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2871
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
Resource: N/A
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2002-10/0229.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=103376585508776&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://online.securityfocus.com/advisories/4617
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/21425
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www-1.ibm.com/support/search.wss?rs=0&q=IY87070&apar=only
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.apacheweek.com/issues/02-10-04
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.debian.org/security/2002/dsa-187
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2002/dsa-188
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2002/dsa-195
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.iss.net/security_center/static/10281.php
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.linuxsecurity.com/advisories/other_advisory-2414.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/5887
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/5995
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/5996
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2006/3263
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2871
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

774Records found
CVE-2015-6420
Matching Score-8
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-8
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-18.17% / 95.03%
||
7 Day CHG~0.00%
Published-15 Dec, 2015 | 02:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-commons_collectionsn/a
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2001-0836
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-22.77% / 95.75%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Oracle9iAS Web Cache 2.0.0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request.

Action-Not Available
Vendor-n/aOracle Corporation
Product-application_server_web_cachen/a
CVE-2001-1454
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-11.85% / 93.57%
||
7 Day CHG~0.00%
Published-21 Apr, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in MySQL before 3.23.33 allows remote attackers to execute arbitrary code via a long drop database request.

Action-Not Available
Vendor-n/aOracle Corporation
Product-mysqln/a
CVE-2015-5344
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-4.97% / 89.46%
||
7 Day CHG~0.00%
Published-03 Feb, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-cameln/a
CVE-2001-1321
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.95% / 86.17%
||
7 Day CHG~0.00%
Published-03 May, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oracle Internet Directory Server 2.1.1.x and 3.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid encodings of BER OBJECT-IDENTIFIER values, as demonstrated by the PROTOS LDAPv3 test suite.

Action-Not Available
Vendor-n/aOracle Corporation
Product-internet_directoryn/a
CVE-2022-32533
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-11.55% / 93.48%
||
7 Day CHG~0.00%
Published-06 Jul, 2022 | 09:40
Updated-03 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Portals Jetspeed XSS, CSRF, SSRF, and XXE issues

Apache Jetspeed-2 does not sufficiently filter untrusted user input by default leading to a number of issues including XSS, CSRF, XXE, and SSRF. Setting the configuration option "xss.filter.post = true" may mitigate these issues. NOTE: Apache Jetspeed is a dormant project of Apache Portals and no updates will be provided for this issue

Action-Not Available
Vendor-The Apache Software Foundation
Product-jetspeedApache Portalsportals_jetspeed
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2001-1371
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.43% / 88.80%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default configuration of Oracle Application Server 9iAS 1.0.2.2 enables SOAP and allows anonymous users to deploy applications by default via urn:soap-service-manager and urn:soap-provider-manager.

Action-Not Available
Vendor-n/aOracle Corporation
Product-application_servern/a
CVE-2001-1216
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.70% / 89.13%
||
7 Day CHG~0.00%
Published-15 Mar, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.

Action-Not Available
Vendor-n/aOracle Corporation
Product-application_servern/a
CVE-2001-1453
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-11.66% / 93.52%
||
7 Day CHG~0.00%
Published-21 Apr, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in libmysqlclient.so in MySQL 3.23.33 and earlier allows remote attackers to execute arbitrary code via a long host parameter.

Action-Not Available
Vendor-n/aOracle Corporation
Product-mysqln/a
CVE-2015-5207
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 34.64%
||
7 Day CHG~0.00%
Published-09 May, 2016 | 20:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Cordova iOS before 4.0.0 might allow attackers to bypass a URL whitelist protection mechanism in an app and load arbitrary resources by leveraging unspecified methods.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-cordovan/a
CWE ID-CWE-284
Improper Access Control
CVE-2015-4795
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.69% / 71.27%
||
7 Day CHG~0.00%
Published-21 Oct, 2015 | 21:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Utilities Work and Asset Management component in Oracle Industry Applications 1.9.1.1.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Add-On Applications.

Action-Not Available
Vendor-n/aOracle Corporation
Product-industry_applicationsn/a
CVE-2015-4492
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-2.31% / 84.46%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the XMLHttpRequest::Open implementation in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 might allow remote attackers to execute arbitrary code via a SharedWorker object that makes recursive calls to the open method of an XMLHttpRequest object.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSEOracle CorporationCanonical Ltd.
Product-firefoxopensuseubuntu_linuxsolarisn/a
CVE-2015-4489
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-2.20% / 84.13%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The nsTArray_Impl class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging a self assignment.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSEOracle CorporationCanonical Ltd.
Product-solarisfirefoxopensuseubuntu_linuxfirefox_osn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-4852
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.8||CRITICAL
EPSS-92.85% / 99.76%
||
7 Day CHG~0.00%
Published-18 Nov, 2015 | 15:00
Updated-22 Oct, 2025 | 00:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-05-03||Apply updates per vendor instructions.

The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to oracle_common/modules/com.bea.core.apache.commons.collections.jar. NOTE: the scope of this CVE is limited to the WebLogic Server product.

Action-Not Available
Vendor-n/aOracle Corporation
Product-storagetek_tape_analytics_sw_toolweblogic_servervirtual_desktop_infrastructuren/aWebLogic Server
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2014-6491
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-2.26% / 84.32%
||
7 Day CHG~0.00%
Published-15 Oct, 2014 | 22:03
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier and 5.6.20 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to SERVER:SSL:yaSSL, a different vulnerability than CVE-2014-6500.

Action-Not Available
Vendor-n/aJuniper Networks, Inc.Oracle CorporationMariaDB Foundation
Product-junos_spacemariadbmysqlsolarisn/a
CVE-2015-4727
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.63% / 69.87%
||
7 Day CHG~0.00%
Published-16 Jul, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Virtualization Sun Ray Software before 5.4.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web Console.

Action-Not Available
Vendor-n/aOracle Corporation
Product-virtualization_sun_rayn/a
CVE-2001-0591
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.92% / 75.57%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in Oracle JSP 1.0.x through 1.1.1 and Oracle 8.1.7 iAS Release 1.0.2 can allow a remote attacker to read or execute arbitrary .jsp files via a '..' (dot dot) attack.

Action-Not Available
Vendor-n/aOracle Corporation
Product-application_serverjspn/a
CVE-2015-4643
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-8.66% / 92.27%
||
7 Day CHG~0.00%
Published-16 May, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 allows remote FTP servers to execute arbitrary code via a long reply to a LIST command, leading to a heap-based buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-4022.

Action-Not Available
Vendor-n/aRed Hat, Inc.The PHP GroupDebian GNU/LinuxOracle Corporation
Product-enterprise_linux_serverenterprise_linux_server_ausenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_server_tusenterprise_linux_workstationphpdebian_linuxlinuxn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-4488
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-1.90% / 82.93%
||
7 Day CHG~0.00%
Published-16 Aug, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the StyleAnimationValue class in Mozilla Firefox before 40.0, Firefox ESR 38.x before 38.2, and Firefox OS before 2.2 allows remote attackers to have an unspecified impact by leveraging a StyleAnimationValue::operator self assignment.

Action-Not Available
Vendor-n/aMozilla CorporationopenSUSEOracle CorporationCanonical Ltd.
Product-solarisfirefoxopensuseubuntu_linuxfirefox_osn/a
CVE-2001-0766
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-11.43% / 93.42%
||
7 Day CHG~0.00%
Published-12 Oct, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.

Action-Not Available
Vendor-n/aThe Apache Software FoundationApple Inc.
Product-mac_os_xhttp_servern/a
CWE ID-CWE-178
Improper Handling of Case Sensitivity
CVE-2015-5254
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-80.11% / 99.08%
||
7 Day CHG~0.00%
Published-08 Jan, 2016 | 19:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that can be serialized in the broker, which allows remote attackers to execute arbitrary code via a crafted serialized Java Message Service (JMS) ObjectMessage object.

Action-Not Available
Vendor-n/aThe Apache Software FoundationRed Hat, Inc.Fedora Project
Product-openshiftfedoraactivemqn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2015-4745
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.77% / 73.18%
||
7 Day CHG~0.00%
Published-16 Jul, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than CVE-2015-2602, CVE-2015-2603, CVE-2015-2604, CVE-2015-2605, and CVE-2015-2606.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2015-3329
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-28.15% / 96.38%
||
7 Day CHG~0.00%
Published-09 Jun, 2015 | 18:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple stack-based buffer overflows in the phar_set_inode function in phar_internal.h in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 allow remote attackers to execute arbitrary code via a crafted length value in a (1) tar, (2) phar, or (3) ZIP archive.

Action-Not Available
Vendor-n/aRed Hat, Inc.The PHP GroupApple Inc.Oracle Corporation
Product-enterprise_linuxenterprise_linux_serversolarisenterprise_linux_hpc_nodeenterprise_linux_desktopenterprise_linux_server_eusenterprise_linux_workstationphpenterprise_linux_hpc_node_euslinuxmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-3145
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-63.70% / 98.37%
||
7 Day CHG~0.00%
Published-24 Apr, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.

Action-Not Available
Vendor-n/aopenSUSEFedora ProjectApple Inc.HP Inc.Debian GNU/LinuxOracle CorporationCanonical Ltd.CURL
Product-solarislibcurlsystem_management_homepagefedoraopensuseubuntu_linuxcurldebian_linuxmac_os_xn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2015-3253
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-66.03% / 98.47%
||
7 Day CHG~0.00%
Published-13 Aug, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The MethodClosure class in runtime/MethodClosure.java in Apache Groovy 1.7.0 through 2.4.3 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted serialized object.

Action-Not Available
Vendor-n/aThe Apache Software FoundationOracle Corporation
Product-retail_order_broker_cloud_serviceretail_service_backbonehealth_sciences_clinical_development_centerretail_store_inventory_managementgroovywebcenter_sitesn/a
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2015-2743
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-1.07% / 77.41%
||
7 Day CHG~0.00%
Published-06 Jul, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass.

Action-Not Available
Vendor-n/aMozilla CorporationOracle CorporationNovell
Product-solarisfirefoxfirefox_esrsuse_linux_enterprise_serversuse_linux_enterprise_desktopsuse_linux_enterprise_software_development_kitn/a
CVE-2001-0419
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-18.35% / 95.07%
||
7 Day CHG~0.00%
Published-24 May, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in shared library ndwfn4.so for iPlanet Web Server (iWS) 4.1, when used as a web listener for Oracle application server 4.0.8.2, allows remote attackers to execute arbitrary commands via a long HTTP request that is passed to the application server, such as /jsp/.

Action-Not Available
Vendor-n/aOracle Corporation
Product-application_servern/a
CVE-2001-0126
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.83% / 74.12%
||
7 Day CHG~0.00%
Published-07 May, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oracle XSQL servlet 1.0.3.0 and earlier allows remote attackers to execute arbitrary Java code by redirecting the XSQL server to another source via the xml-stylesheet parameter in the xslt stylesheet.

Action-Not Available
Vendor-n/aOracle Corporation
Product-oracle8in/a
CVE-2001-0326
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.52% / 80.98%
||
7 Day CHG~0.00%
Published-07 May, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oracle Java Virtual Machine (JVM ) for Oracle 8.1.7 and Oracle Application Server 9iAS Release 1.0.2.0.1 allows remote attackers to read arbitrary files via the .jsp and .sqljsp file extensions when the server is configured to use the <<ALL FILES>> FilePermission.

Action-Not Available
Vendor-n/aOracle Corporation
Product-oracle8iapplication_servern/a
CVE-2015-2155
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.98% / 89.47%
||
7 Day CHG~0.00%
Published-24 Mar, 2015 | 17:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The force printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.

Action-Not Available
Vendor-n/aDebian GNU/LinuxFedora ProjectOracle Corporationtcpdump & libpcapopenSUSE
Product-tcpdumpsolarisfedoraopensusedebian_linuxn/a
CVE-2015-2602
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.72% / 72.15%
||
7 Day CHG~0.00%
Published-16 Jul, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than CVE-2015-2603, CVE-2015-2604, CVE-2015-2605, CVE-2015-2606, and CVE-2015-4745.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2015-2328
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.13% / 89.64%
||
7 Day CHG~0.00%
Published-02 Dec, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.

Action-Not Available
Vendor-pcren/aOracle Corporation
Product-linuxpcren/a
CVE-2015-1831
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-6.00% / 90.49%
||
7 Day CHG~0.00%
Published-16 Jul, 2015 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default exclude patterns (excludeParams) in Apache Struts 2.3.20 allow remote attackers to "compromise internal state of an application" via unspecified vectors.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-strutsn/a
CVE-2015-2728
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-7.5||HIGH
EPSS-1.07% / 77.39%
||
7 Day CHG~0.00%
Published-06 Jul, 2015 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The IndexedDatabaseManager class in the IndexedDB implementation in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 misinterprets an unspecified IDBDatabase field as a pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unspecified vectors, related to a "type confusion" issue.

Action-Not Available
Vendor-n/aMozilla CorporationOracle CorporationNovell
Product-solarisfirefoxfirefox_esrsuse_linux_enterprise_serversuse_linux_enterprise_desktopn/a
CVE-2008-5440
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-1.95% / 83.17%
||
7 Day CHG~0.00%
Published-14 Jan, 2009 | 01:00
Updated-07 Aug, 2024 | 10:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the TimesTen Data Server component in Oracle Database 7.0.5.0.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this is a format string vulnerability via the msg parameter in the evtdump CGI module.

Action-Not Available
Vendor-n/aOracle Corporation
Product-timesten_in-memory_databasen/a
CVE-2015-2606
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.72% / 72.15%
||
7 Day CHG~0.00%
Published-16 Jul, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than CVE-2015-2602, CVE-2015-2603, CVE-2015-2604, CVE-2015-2605, and CVE-2015-4745.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2015-2603
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.72% / 72.15%
||
7 Day CHG~0.00%
Published-16 Jul, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than CVE-2015-2602, CVE-2015-2604, CVE-2015-2605, CVE-2015-2606, and CVE-2015-4745.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2015-2604
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.72% / 72.15%
||
7 Day CHG~0.00%
Published-16 Jul, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than CVE-2015-2602, CVE-2015-2603, CVE-2015-2605, CVE-2015-2606, and CVE-2015-4745.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2015-2605
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.72% / 72.15%
||
7 Day CHG~0.00%
Published-16 Jul, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Endeca Information Discovery Studio component in Oracle Fusion Middleware 2.2.2, 2.3, 2.4, 3.0, and 3.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Integrator, a different vulnerability than CVE-2015-2602, CVE-2015-2603, CVE-2015-2604, CVE-2015-2606, and CVE-2015-4745.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2000-1236
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.97% / 76.28%
||
7 Day CHG~0.00%
Published-14 Jul, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in mod_sql in Oracle Internet Application Server (IAS) 3.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the query string of the URL.

Action-Not Available
Vendor-n/aOracle Corporation
Product-application_servern/a
CVE-2000-0169
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-19.27% / 95.22%
||
7 Day CHG~0.00%
Published-02 Jun, 2000 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Batch files in the Oracle web listener ows-bin directory allow remote attackers to execute commands via a malformed URL that includes '?&'.

Action-Not Available
Vendor-n/aOracle Corporation
Product-application_servern/a
CVE-2015-2636
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.69% / 71.27%
||
7 Day CHG~0.00%
Published-16 Jul, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Data Integrator component in Oracle Fusion Middleware 11.1.1.3.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Data Quality based on Trillium, a different vulnerability than CVE-2015-0443, CVE-2015-0444, CVE-2015-0445, CVE-2015-0446, CVE-2015-2634, CVE-2015-2635, CVE-2015-4758, and CVE-2015-4759.

Action-Not Available
Vendor-n/aOracle Corporation
Product-fusion_middlewaren/a
CVE-2018-1295
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-5.58% / 90.10%
||
7 Day CHG~0.00%
Published-02 Apr, 2018 | 17:00
Updated-17 Sep, 2024 | 01:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Apache Ignite 2.3 or earlier, the serialization mechanism does not have a list of classes allowed for serialization/deserialization, which makes it possible to run arbitrary code when 3-rd party vulnerable classes are present in Ignite classpath. The vulnerability can be exploited if the one sends a specially prepared form of a serialized object to one of the deserialization endpoints of some Ignite components - discovery SPI, Ignite persistence, Memcached endpoint, socket steamer.

Action-Not Available
Vendor-The Apache Software Foundation
Product-igniteApache Ignite
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2020-11989
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-83.79% / 99.27%
||
7 Day CHG+6.01%
Published-22 Jun, 2020 | 18:06
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass.

Action-Not Available
Vendor-The Apache Software Foundation
Product-shiroApache Shiro
CVE-2014-2423
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-4.32% / 88.66%
||
7 Day CHG~0.00%
Published-16 Apr, 2014 | 02:05
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and Java SE Embedded 7u51, allows remote attackers to affect confidentiality, integrity, and availability via vectors related to JAX-WS, a different vulnerability than CVE-2014-0452 and CVE-2014-0458.

Action-Not Available
Vendor-n/aDebian GNU/LinuxOracle CorporationCanonical Ltd.
Product-debian_linuxjreubuntu_linuxjdkn/a
CVE-2015-1351
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-19.13% / 95.20%
||
7 Day CHG~0.00%
Published-30 Mar, 2015 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the _zend_shared_memdup function in zend_shared_alloc.c in the OPcache extension in PHP through 5.6.7 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Action-Not Available
Vendor-n/aThe PHP GroupApple Inc.Oracle Corporation
Product-solarisphplinuxmac_os_xsecure_backupn/a
CWE ID-CWE-416
Use After Free
CVE-2015-0973
Matching Score-8
Assigner-CERT/CC
ShareView Details
Matching Score-8
Assigner-CERT/CC
CVSS Score-8.8||HIGH
EPSS-2.01% / 83.39%
||
7 Day CHG~0.00%
Published-18 Jan, 2015 | 18:00
Updated-09 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in the png_read_IDAT_data function in pngrutil.c in libpng before 1.5.21 and 1.6.x before 1.6.16 allows context-dependent attackers to execute arbitrary code via IDAT data with a large width, a different vulnerability than CVE-2014-9495.

Action-Not Available
Vendor-libpngn/aOracle CorporationApple Inc.
Product-mac_os_xsolarislibpngn/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2018-11236
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.89% / 75.20%
||
7 Day CHG~0.00%
Published-18 May, 2018 | 16:00
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 and earlier, when processing very long pathname arguments to the realpath function, could encounter an integer overflow on 32-bit architectures, leading to a stack-based buffer overflow and, potentially, arbitrary code execution.

Action-Not Available
Vendor-n/aRed Hat, Inc.NetApp, Inc.GNUOracle Corporation
Product-enterprise_linux_serverelement_software_managemententerprise_linux_workstationvirtualization_hostdata_ontap_edgeglibccommunications_session_border_controllerenterprise_linux_desktopenterprise_communications_brokern/a
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2014-9660
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.85% / 89.32%
||
7 Day CHG~0.00%
Published-08 Feb, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before 2.5.4 does not properly handle a missing ENDCHAR record, which allows remote attackers to cause a denial of service (NULL pointer dereference) or possibly have unspecified other impact via a crafted BDF font.

Action-Not Available
Vendor-freetypen/aopenSUSERed Hat, Inc.Fedora ProjectDebian GNU/LinuxOracle CorporationCanonical Ltd.
Product-enterprise_linux_serversolarisenterprise_linux_hpc_nodefedoraopensuseenterprise_linux_hpc_node_eusubuntu_linuxenterprise_linux_desktopenterprise_linux_server_eusfreetypeenterprise_linux_workstationdebian_linuxn/a
CWE ID-CWE-476
NULL Pointer Dereference
CVE-2014-9659
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.87% / 85.98%
||
7 Day CHG~0.00%
Published-08 Feb, 2015 | 11:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cff/cf2intrp.c in the CFF CharString interpreter in FreeType before 2.5.4 proceeds with additional hints after the hint mask has been computed, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted OpenType font. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2240.

Action-Not Available
Vendor-freetypen/aopenSUSEFedora ProjectOracle CorporationCanonical Ltd.
Product-solarisfedoraopensuseubuntu_linuxfreetypen/a
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 15
  • 16
  • Next
Details not found