Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2002-0843

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-05 Oct, 2002 | 04:00
Updated At-08 Aug, 2024 | 03:03
Rejected At-
Credits

Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:05 Oct, 2002 | 04:00
Updated At:08 Aug, 2024 | 03:03
Rejected At:
▼CVE Numbering Authority (CNA)

Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.debian.org/security/2002/dsa-188
vendor-advisory
x_refsource_DEBIAN
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530
vendor-advisory
x_refsource_CONECTIVA
http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2
x_refsource_CONFIRM
http://www.linuxsecurity.com/advisories/other_advisory-2414.html
vendor-advisory
x_refsource_ENGARDE
http://www.securityfocus.com/bid/5996
vdb-entry
x_refsource_BID
http://www-1.ibm.com/support/search.wss?rs=0&q=IY87070&apar=only
vendor-advisory
x_refsource_AIXAPAR
ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I
vendor-advisory
x_refsource_SGI
http://online.securityfocus.com/advisories/4617
vendor-advisory
x_refsource_HP
http://www.vupen.com/english/advisories/2006/3263
vdb-entry
x_refsource_VUPEN
http://archives.neohapsis.com/archives/bugtraq/2002-10/0229.html
mailing-list
x_refsource_BUGTRAQ
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530
vendor-advisory
x_refsource_CONECTIVA
http://www.debian.org/security/2002/dsa-187
vendor-advisory
x_refsource_DEBIAN
http://www.apacheweek.com/issues/02-10-04
x_refsource_CONFIRM
http://www.securityfocus.com/bid/5887
vdb-entry
x_refsource_BID
http://www.debian.org/security/2002/dsa-195
vendor-advisory
x_refsource_DEBIAN
http://marc.info/?l=bugtraq&m=103376585508776&w=2
mailing-list
x_refsource_BUGTRAQ
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php
vendor-advisory
x_refsource_MANDRAKE
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2871
x_refsource_CONFIRM
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530
vendor-advisory
x_refsource_CONECTIVA
http://secunia.com/advisories/21425
third-party-advisory
x_refsource_SECUNIA
http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html
mailing-list
x_refsource_BUGTRAQ
http://www.securityfocus.com/bid/5995
vdb-entry
x_refsource_BID
http://www.iss.net/security_center/static/10281.php
vdb-entry
x_refsource_XF
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
Hyperlink: http://www.debian.org/security/2002/dsa-188
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530
Resource:
vendor-advisory
x_refsource_CONECTIVA
Hyperlink: http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.linuxsecurity.com/advisories/other_advisory-2414.html
Resource:
vendor-advisory
x_refsource_ENGARDE
Hyperlink: http://www.securityfocus.com/bid/5996
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www-1.ibm.com/support/search.wss?rs=0&q=IY87070&apar=only
Resource:
vendor-advisory
x_refsource_AIXAPAR
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I
Resource:
vendor-advisory
x_refsource_SGI
Hyperlink: http://online.securityfocus.com/advisories/4617
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.vupen.com/english/advisories/2006/3263
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2002-10/0229.html
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530
Resource:
vendor-advisory
x_refsource_CONECTIVA
Hyperlink: http://www.debian.org/security/2002/dsa-187
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.apacheweek.com/issues/02-10-04
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/5887
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.debian.org/security/2002/dsa-195
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://marc.info/?l=bugtraq&m=103376585508776&w=2
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php
Resource:
vendor-advisory
x_refsource_MANDRAKE
Hyperlink: http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2871
Resource:
x_refsource_CONFIRM
Hyperlink: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530
Resource:
vendor-advisory
x_refsource_CONECTIVA
Hyperlink: http://secunia.com/advisories/21425
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html
Resource:
mailing-list
x_refsource_BUGTRAQ
Hyperlink: http://www.securityfocus.com/bid/5995
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.iss.net/security_center/static/10281.php
Resource:
vdb-entry
x_refsource_XF
Hyperlink: https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.debian.org/security/2002/dsa-188
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530
vendor-advisory
x_refsource_CONECTIVA
x_transferred
http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2
x_refsource_CONFIRM
x_transferred
http://www.linuxsecurity.com/advisories/other_advisory-2414.html
vendor-advisory
x_refsource_ENGARDE
x_transferred
http://www.securityfocus.com/bid/5996
vdb-entry
x_refsource_BID
x_transferred
http://www-1.ibm.com/support/search.wss?rs=0&q=IY87070&apar=only
vendor-advisory
x_refsource_AIXAPAR
x_transferred
ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I
vendor-advisory
x_refsource_SGI
x_transferred
http://online.securityfocus.com/advisories/4617
vendor-advisory
x_refsource_HP
x_transferred
http://www.vupen.com/english/advisories/2006/3263
vdb-entry
x_refsource_VUPEN
x_transferred
http://archives.neohapsis.com/archives/bugtraq/2002-10/0229.html
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530
vendor-advisory
x_refsource_CONECTIVA
x_transferred
http://www.debian.org/security/2002/dsa-187
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.apacheweek.com/issues/02-10-04
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/5887
vdb-entry
x_refsource_BID
x_transferred
http://www.debian.org/security/2002/dsa-195
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://marc.info/?l=bugtraq&m=103376585508776&w=2
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php
vendor-advisory
x_refsource_MANDRAKE
x_transferred
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2871
x_refsource_CONFIRM
x_transferred
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530
vendor-advisory
x_refsource_CONECTIVA
x_transferred
http://secunia.com/advisories/21425
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html
mailing-list
x_refsource_BUGTRAQ
x_transferred
http://www.securityfocus.com/bid/5995
vdb-entry
x_refsource_BID
x_transferred
http://www.iss.net/security_center/static/10281.php
vdb-entry
x_refsource_XF
x_transferred
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://www.debian.org/security/2002/dsa-188
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530
Resource:
vendor-advisory
x_refsource_CONECTIVA
x_transferred
Hyperlink: http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.linuxsecurity.com/advisories/other_advisory-2414.html
Resource:
vendor-advisory
x_refsource_ENGARDE
x_transferred
Hyperlink: http://www.securityfocus.com/bid/5996
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www-1.ibm.com/support/search.wss?rs=0&q=IY87070&apar=only
Resource:
vendor-advisory
x_refsource_AIXAPAR
x_transferred
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I
Resource:
vendor-advisory
x_refsource_SGI
x_transferred
Hyperlink: http://online.securityfocus.com/advisories/4617
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2006/3263
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2002-10/0229.html
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530
Resource:
vendor-advisory
x_refsource_CONECTIVA
x_transferred
Hyperlink: http://www.debian.org/security/2002/dsa-187
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.apacheweek.com/issues/02-10-04
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/5887
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.debian.org/security/2002/dsa-195
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=103376585508776&w=2
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php
Resource:
vendor-advisory
x_refsource_MANDRAKE
x_transferred
Hyperlink: http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2871
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530
Resource:
vendor-advisory
x_refsource_CONECTIVA
x_transferred
Hyperlink: http://secunia.com/advisories/21425
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html
Resource:
mailing-list
x_refsource_BUGTRAQ
x_transferred
Hyperlink: http://www.securityfocus.com/bid/5995
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.iss.net/security_center/static/10281.php
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:11 Oct, 2002 | 04:00
Updated At:03 Apr, 2025 | 01:03

Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 7.5
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
The Apache Software Foundation
apache
>>http_server>>1.3
cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.1
cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.3
cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.4
cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.6
cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.9
cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.11
cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.12
cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.14
cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.17
cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.18
cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.19
cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.20
cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.22
cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.23
cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.24
cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.25
cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.26
cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>application_server>>1.0.2
cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>application_server>>1.0.2.1s
cpe:2.3:a:oracle:application_server:1.0.2.1s:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>application_server>>1.0.2.2
cpe:2.3:a:oracle:application_server:1.0.2.2:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>application_server>>9.0.2
cpe:2.3:a:oracle:application_server:9.0.2:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>application_server>>9.0.2
cpe:2.3:a:oracle:application_server:9.0.2:r2:*:*:*:*:*:*
Oracle Corporation
oracle
>>application_server>>9.0.2.1
cpe:2.3:a:oracle:application_server:9.0.2.1:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>database_server>>8.1.7
cpe:2.3:a:oracle:database_server:8.1.7:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>database_server>>9.2.2
cpe:2.3:a:oracle:database_server:9.2.2:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>oracle8i>>8.1.7
cpe:2.3:a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>oracle8i>>8.1.7.0.0_enterprise
cpe:2.3:a:oracle:oracle8i:8.1.7.0.0_enterprise:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>oracle8i>>8.1.7.1
cpe:2.3:a:oracle:oracle8i:8.1.7.1:*:*:*:*:*:*:*
Oracle Corporation
oracle
>>oracle8i>>8.1.7.1.0_enterprise
cpe:2.3:a:oracle:oracle8i:8.1.7.1.0_enterprise:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
Organization : Apache
Last Modified : 2008-07-02T00:00:00

Fixed in Apache HTTP Server 1.3.27: http://httpd.apache.org/security/vulnerabilities_13.html

References
HyperlinkSourceResource
ftp://patches.sgi.com/support/free/security/advisories/20021105-01-Icve@mitre.org
N/A
http://archives.neohapsis.com/archives/bugtraq/2002-10/0229.htmlcve@mitre.org
N/A
http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.htmlcve@mitre.org
N/A
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530cve@mitre.org
N/A
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530cve@mitre.org
N/A
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530cve@mitre.org
N/A
http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2cve@mitre.org
N/A
http://marc.info/?l=bugtraq&m=103376585508776&w=2cve@mitre.org
N/A
http://online.securityfocus.com/advisories/4617cve@mitre.org
N/A
http://secunia.com/advisories/21425cve@mitre.org
N/A
http://www-1.ibm.com/support/search.wss?rs=0&q=IY87070&apar=onlycve@mitre.org
N/A
http://www.apacheweek.com/issues/02-10-04cve@mitre.org
Vendor Advisory
http://www.debian.org/security/2002/dsa-187cve@mitre.org
N/A
http://www.debian.org/security/2002/dsa-188cve@mitre.org
N/A
http://www.debian.org/security/2002/dsa-195cve@mitre.org
N/A
http://www.iss.net/security_center/static/10281.phpcve@mitre.org
N/A
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.phpcve@mitre.org
N/A
http://www.linuxsecurity.com/advisories/other_advisory-2414.htmlcve@mitre.org
N/A
http://www.securityfocus.com/bid/5887cve@mitre.org
N/A
http://www.securityfocus.com/bid/5995cve@mitre.org
N/A
http://www.securityfocus.com/bid/5996cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2006/3263cve@mitre.org
N/A
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2871cve@mitre.org
N/A
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3Ecve@mitre.org
N/A
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3Ecve@mitre.org
N/A
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Ecve@mitre.org
N/A
https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3Ecve@mitre.org
N/A
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3Ecve@mitre.org
N/A
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Ecve@mitre.org
N/A
ftp://patches.sgi.com/support/free/security/advisories/20021105-01-Iaf854a3a-2127-422b-91ae-364da2661108
N/A
http://archives.neohapsis.com/archives/bugtraq/2002-10/0229.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530af854a3a-2127-422b-91ae-364da2661108
N/A
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530af854a3a-2127-422b-91ae-364da2661108
N/A
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=103376585508776&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://online.securityfocus.com/advisories/4617af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/21425af854a3a-2127-422b-91ae-364da2661108
N/A
http://www-1.ibm.com/support/search.wss?rs=0&q=IY87070&apar=onlyaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.apacheweek.com/issues/02-10-04af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.debian.org/security/2002/dsa-187af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2002/dsa-188af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2002/dsa-195af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.iss.net/security_center/static/10281.phpaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.phpaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.linuxsecurity.com/advisories/other_advisory-2414.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/5887af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/5995af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/5996af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.vupen.com/english/advisories/2006/3263af854a3a-2127-422b-91ae-364da2661108
N/A
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2871af854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2002-10/0229.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=103376585508776&w=2
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://online.securityfocus.com/advisories/4617
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/21425
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www-1.ibm.com/support/search.wss?rs=0&q=IY87070&apar=only
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.apacheweek.com/issues/02-10-04
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.debian.org/security/2002/dsa-187
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2002/dsa-188
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.debian.org/security/2002/dsa-195
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.iss.net/security_center/static/10281.php
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.linuxsecurity.com/advisories/other_advisory-2414.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/5887
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/5995
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/5996
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2006/3263
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2871
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
Resource: N/A
Hyperlink: ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2002-10/0229.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=103376585508776&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://online.securityfocus.com/advisories/4617
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/21425
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www-1.ibm.com/support/search.wss?rs=0&q=IY87070&apar=only
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.apacheweek.com/issues/02-10-04
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.debian.org/security/2002/dsa-187
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2002/dsa-188
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2002/dsa-195
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.iss.net/security_center/static/10281.php
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.linuxsecurity.com/advisories/other_advisory-2414.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/5887
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/5995
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/5996
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2006/3263
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=2871
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

774Records found
CVE-2002-0571
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.84% / 73.70%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oracle Oracle9i database server 9.0.1.x allows local users to access restricted data via a SQL query using ANSI outer join syntax.

Action-Not Available
Vendor-n/aOracle Corporation
Product-oracle9in/a
CVE-2019-0219
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-10.74% / 93.04%
||
7 Day CHG~0.00%
Published-14 Jan, 2020 | 14:18
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A website running in the InAppBrowser webview on Android could execute arbitrary JavaScript in the main application's webview using a specially crafted gap-iab: URI.

Action-Not Available
Vendor-The Apache Software FoundationOracle Corporation
Product-instantis_enterprisetrackretail_xstore_point_of_servicecordova_inappbrowserCordova
CVE-2001-1563
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.98% / 89.28%
||
7 Day CHG~0.00%
Published-14 Jul, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for Linux 1.0 allows attackers to access servlet resources. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this issue is already covered by other CVE identifiers.

Action-Not Available
Vendor-n/aThe Apache Software FoundationHP Inc.
Product-secure_ostomcatn/a
CVE-2002-0493
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.47% / 80.08%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-tomcatn/a
CVE-2002-0564
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.52% / 80.50%
||
7 Day CHG~0.00%
Published-11 Jun, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to bypass authentication for a Database Access Descriptor (DAD) by modifying the URL to reference an alternate DAD that already has valid credentials.

Action-Not Available
Vendor-n/aOracle Corporation
Product-oracle8iapplication_serverapplication_server_web_cacheoracle9in/a
CVE-2002-0392
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-60.12% / 98.19%
||
7 Day CHG~0.00%
Published-02 Apr, 2003 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.

Action-Not Available
Vendor-n/aDebian GNU/LinuxThe Apache Software Foundation
Product-debian_linuxhttp_servern/a
CVE-2002-0655
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.61% / 68.72%
||
7 Day CHG~0.00%
Published-31 Jul, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code.

Action-Not Available
Vendor-n/aOpenSSLOracle CorporationApple Inc.
Product-http_serverapplication_serveropensslcorporate_time_outlook_connectormac_os_xn/a
CVE-2002-0257
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.88% / 87.78%
||
7 Day CHG~0.00%
Published-03 May, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, or (13) PHONE4.

Action-Not Available
Vendor-usanet_creationsn/aThe Apache Software Foundation
Product-makebid_auction_deluxehttp_servern/a
CVE-2016-5841
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-22.99% / 95.69%
||
7 Day CHG~0.00%
Published-13 Dec, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 allows remote attackers to cause a denial of service (segmentation fault) or possibly execute arbitrary code via vectors involving the offset variable.

Action-Not Available
Vendor-n/aImageMagick Studio LLCOracle Corporation
Product-imagemagicksolarisn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2001-1453
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-11.66% / 93.40%
||
7 Day CHG~0.00%
Published-21 Apr, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in libmysqlclient.so in MySQL 3.23.33 and earlier allows remote attackers to execute arbitrary code via a long host parameter.

Action-Not Available
Vendor-n/aOracle Corporation
Product-mysqln/a
CVE-2001-1449
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-5.09% / 89.41%
||
7 Day CHG~0.00%
Published-21 Apr, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.

Action-Not Available
Vendor-n/aThe Apache Software FoundationMandriva (Mandrakesoft)
Product-mandrake_single_network_firewallhttp_servermandrake_linux_corporate_servermandrake_linuxn/a
CVE-2002-0858
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.40% / 59.76%
||
7 Day CHG~0.00%
Published-20 Aug, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a default dbsnmp password, which allows attackers to perform restricted database operations and possibly gain other privileges.

Action-Not Available
Vendor-n/aOracle Corporation
Product-oracle8ioracle9in/a
CVE-2001-1454
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-11.85% / 93.47%
||
7 Day CHG~0.00%
Published-21 Apr, 2005 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in MySQL before 3.23.33 allows remote attackers to execute arbitrary code via a long drop database request.

Action-Not Available
Vendor-n/aOracle Corporation
Product-mysqln/a
CVE-2002-0559
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-26.41% / 96.12%
||
7 Day CHG~0.00%
Published-11 Jun, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via (1) a long help page request without a dadname, which overflows the resulting HTTP Location header, (2) a long HTTP request to the plsql module, (3) a long password in the HTTP Authorization, (4) a long Access Descriptor (DAD) password in the addadd form, or (5) a long cache directory name.

Action-Not Available
Vendor-n/aOracle Corporation
Product-oracle8iapplication_serverapplication_server_web_cacheoracle9in/a
CVE-2002-0661
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-86.27% / 99.36%
||
7 Day CHG~0.00%
Published-10 Aug, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-http_servern/a
CVE-2002-0561
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-6.96% / 91.06%
||
7 Day CHG~0.00%
Published-11 Jun, 2002 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings.

Action-Not Available
Vendor-n/aOracle Corporation
Product-oracle8iapplication_serverapplication_server_web_cacheoracle9in/a
CVE-2001-0419
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-14.52% / 94.19%
||
7 Day CHG~0.00%
Published-24 May, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in shared library ndwfn4.so for iPlanet Web Server (iWS) 4.1, when used as a web listener for Oracle application server 4.0.8.2, allows remote attackers to execute arbitrary commands via a long HTTP request that is passed to the application server, such as /jsp/.

Action-Not Available
Vendor-n/aOracle Corporation
Product-application_servern/a
CVE-2016-5254
Matching Score-8
Assigner-Mozilla Corporation
ShareView Details
Matching Score-8
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.89% / 74.61%
||
7 Day CHG~0.00%
Published-05 Aug, 2016 | 01:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows attackers to execute arbitrary code or cause a denial of service (heap memory corruption and application crash) by leveraging keyboard access to use the Alt key during selection of top-level menu items.

Action-Not Available
Vendor-n/aMozilla CorporationOracle Corporation
Product-firefoxlinuxn/a
CWE ID-CWE-416
Use After Free
CVE-2011-3556
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-89.14% / 99.51%
||
7 Day CHG~0.00%
Published-19 Oct, 2011 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to RMI, a different vulnerability than CVE-2011-3557.

Action-Not Available
Vendor-n/aOracle CorporationSun Microsystems (Oracle Corporation)
Product-jdkjrejrockitn/a
CVE-2011-3190
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.87% / 74.28%
||
7 Day CHG~0.00%
Published-31 Aug, 2011 | 23:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 through 7.0.20, 6.0.0 through 6.0.33, 5.5.0 through 5.5.33, and possibly other versions allow remote attackers to spoof AJP requests, bypass authentication, and obtain sensitive information by causing the connector to interpret a request body as a new request.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-tomcatn/a
CVE-2019-0189
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-30.51% / 96.55%
||
7 Day CHG~0.00%
Published-11 Sep, 2019 | 20:29
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is exposed by the "webtools/control/httpService" URL, and uses Java deserialization to perform code execution. In the HttpEngine, the value of the request parameter "serviceContext" is passed to the "deserialize" method of "XmlSerializer". Apache Ofbiz is affected via two different dependencies: "commons-beanutils" and an out-dated version of "commons-fileupload" Mitigation: Upgrade to 16.11.06 or manually apply the commits from OFBIZ-10770 and OFBIZ-10837 on branch 16

Action-Not Available
Vendor-The Apache Software Foundation
Product-ofbizOFBiz
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2001-0766
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-13.81% / 94.03%
||
7 Day CHG~0.00%
Published-12 Oct, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache on MacOS X Client 10.0.3 with the HFS+ file system allows remote attackers to bypass access restrictions via a URL that contains some characters whose case is not matched by Apache's filters.

Action-Not Available
Vendor-n/aThe Apache Software FoundationApple Inc.
Product-mac_os_xhttp_servern/a
CWE ID-CWE-178
Improper Handling of Case Sensitivity
CVE-2019-0230
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-93.84% / 99.86%
||
7 Day CHG~0.00%
Published-14 Sep, 2020 | 16:41
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.

Action-Not Available
Vendor-n/aThe Apache Software FoundationOracle Corporation
Product-financial_services_data_integration_hubstrutsmysql_enterprise_monitorfinancial_services_market_risk_measurement_and_managementcommunications_policy_managementApache Struts
CWE ID-CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CVE-2016-5535
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.8||CRITICAL
EPSS-3.55% / 87.23%
||
7 Day CHG~0.00%
Published-25 Oct, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, 12.2.1.0, and 12.2.1.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-weblogic_servern/a
CVE-2001-1216
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-4.70% / 88.93%
||
7 Day CHG~0.00%
Published-15 Mar, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page.

Action-Not Available
Vendor-n/aOracle Corporation
Product-application_servern/a
CVE-2019-0192
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-93.43% / 99.81%
||
7 Day CHG~0.00%
Published-07 Mar, 2019 | 21:00
Updated-16 Sep, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Apache Solr versions 5.0.0 to 5.5.5 and 6.0.0 to 6.6.5, the Config API allows to configure the JMX server via an HTTP POST request. By pointing it to a malicious RMI server, an attacker could take advantage of Solr's unsafe deserialization to trigger remote code execution on the Solr side.

Action-Not Available
Vendor-NetApp, Inc.The Apache Software Foundation
Product-solrstorage_automation_storeApache Solr
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2001-0836
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-21.19% / 95.45%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in Oracle9iAS Web Cache 2.0.0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request.

Action-Not Available
Vendor-n/aOracle Corporation
Product-application_server_web_cachen/a
CVE-2019-0228
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-7.83% / 91.62%
||
7 Day CHG~0.00%
Published-17 Apr, 2019 | 14:07
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity (XXE) attacks via a crafted XFDF.

Action-Not Available
Vendor-n/aThe Apache Software FoundationFedora ProjectOracle Corporation
Product-banking_trade_finance_process_managementpeoplesoft_enterprise_peopletoolsbanking_supply_chain_financepdfboxcommunications_messaging_serverhyperion_financial_reportingfedoraretail_xstore_point_of_servicejamesbanking_corporate_lending_process_managementcommunications_session_report_managerwebcenter_sitesbanking_credit_facilities_process_managementbanking_virtual_account_managementApache PDFBox
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2016-4460
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.09% / 26.12%
||
7 Day CHG~0.00%
Published-22 Aug, 2017 | 18:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Pony Mail 0.6c through 0.8b allows remote attackers to bypass authentication.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-pony_mailn/a
CWE ID-CWE-287
Improper Authentication
CVE-2018-8013
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-0.98% / 75.82%
||
7 Day CHG~0.00%
Published-24 May, 2018 | 16:00
Updated-16 Sep, 2024 | 23:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.

Action-Not Available
Vendor-Canonical Ltd.The Apache Software FoundationDebian GNU/LinuxOracle Corporation
Product-communications_diameter_signaling_routerubuntu_linuxcommunications_metasolv_solutionretail_central_officeenterprise_repositoryretail_back_officebusiness_intelligenceretail_integration_busretail_returns_managementbatikretail_point-of-servicecommunications_webrtc_session_controllerdebian_linuxinsurance_policy_administration_j2eeretail_order_brokerfinancial_services_analytical_applications_infrastructureinstantis_enterprisetrackfusion_middleware_mapviewerinsurance_calculation_enginejd_edwards_enterpriseone_toolsdata_integratorApache Batik
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2010-2076
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-7.83% / 91.61%
||
7 Day CHG~0.00%
Published-19 Aug, 2010 | 17:43
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before 2.2.9, as used in Apache ServiceMix, Apache Camel, Apache Chemistry, Apache jUDDI, Apache Geronimo, and other products, does not properly reject DTDs in SOAP messages, which allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via a crafted DTD, as demonstrated by an entity declaration in a request to samples/wsdl_first_pure_xml, a similar issue to CVE-2010-1632.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-cxfn/a
CWE ID-CWE-829
Inclusion of Functionality from Untrusted Control Sphere
CVE-2018-8088
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.84% / 73.69%
||
7 Day CHG~0.00%
Published-20 Mar, 2018 | 00:00
Updated-05 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before 1.8.0-beta2 allows remote attackers to bypass intended access restrictions via crafted data. EventData in the slf4j-ext module in QOS.CH SLF4J, has been fixed in SLF4J versions 1.7.26 later and in the 2.0.x series.

Action-Not Available
Vendor-qosn/aOracle CorporationRed Hat, Inc.
Product-enterprise_linux_servervirtualizationenterprise_linux_server_ausenterprise_linux_workstationenterprise_linuxvirtualization_hostslf4jgoldengate_stream_analyticsenterprise_linux_eusgoldengate_application_adaptersenterprise_linux_server_tusjboss_enterprise_application_platformenterprise_linux_desktoputilities_frameworkn/a
CVE-2011-2299
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.66% / 70.10%
||
7 Day CHG~0.00%
Published-21 Jul, 2011 | 00:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Oracle SPARC Enterprise M3000, M4000, M5000, M8000, and M9000 XCP 1101 and earlier allows remote attackers to affect confidentiality, integrity, and availability, related to XSCF Control Package (XCP).

Action-Not Available
Vendor-n/aOracle Corporation
Product-xcpsparc_enterprise_m8000_serversparc_enterprise_m5000_serversparc_enterprise_m9000_serversparc_enterprise_m3000_serversparc_enterprise_m4000_servern/a
CVE-1999-1547
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.55% / 66.75%
||
7 Day CHG~0.00%
Published-12 Sep, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Oracle Web Listener 2.1 allows remote attackers to bypass access restrictions by replacing a character in the URL with its HTTP-encoded (hex) equivalent.

Action-Not Available
Vendor-n/aOracle Corporation
Product-web_listenern/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-24112
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-94.34% / 99.95%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 12:20
Updated-30 Jul, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-09-15||Apply updates per vendor instructions.
apisix/batch-requests plugin allows overwriting the X-REAL-IP header

An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of Admin API. A default configuration of Apache APISIX (with default API key) is vulnerable to remote code execution. When the admin key was changed or the port of Admin API was changed to a port different from the data panel, the impact is lower. But there is still a risk to bypass the IP restriction of Apache APISIX's data panel. There is a check in the batch-requests plugin which overrides the client IP with its real remote IP. But due to a bug in the code, this check can be bypassed.

Action-Not Available
Vendor-The Apache Software Foundation
Product-apisixApache APISIXAPISIX
CWE ID-CWE-290
Authentication Bypass by Spoofing
CVE-2016-4436
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-6.12% / 90.42%
||
7 Day CHG~0.00%
Published-03 Oct, 2016 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers to have unspecified impact via vectors related to improper action name clean up.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-strutsn/a
CVE-2000-0148
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.44% / 62.41%
||
7 Day CHG~0.00%
Published-22 Mar, 2000 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MySQL 3.22 allows remote attackers to bypass password authentication and access a database via a short check string.

Action-Not Available
Vendor-n/aOracle Corporation
Product-mysqln/a
CVE-2018-8014
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-53.87% / 97.91%
||
7 Day CHG~0.00%
Published-16 May, 2018 | 16:00
Updated-05 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The defaults settings for the CORS filter provided in Apache Tomcat 9.0.0.M1 to 9.0.8, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, 7.0.41 to 7.0.88 are insecure and enable 'supportsCredentials' for all origins. It is expected that users of the CORS filter will have configured it appropriately for their environment rather than using it in the default configuration. Therefore, it is expected that most users will not be impacted by this issue.

Action-Not Available
Vendor-Canonical Ltd.The Apache Software FoundationNetApp, Inc.Microsoft CorporationDebian GNU/Linux
Product-ubuntu_linuxdebian_linuxsnapcenter_serverstorage_automation_storewindowstomcatoncommand_workflow_automationoncommand_unified_manageroncommand_insightApache Tomcat
CWE ID-CWE-1188
Initialization of a Resource with an Insecure Default
CVE-2018-8027
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-2.97% / 85.96%
||
7 Day CHG~0.00%
Published-31 Jul, 2018 | 13:00
Updated-16 Sep, 2024 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Camel 2.20.0 to 2.20.3 and 2.21.0 Core is vulnerable to XXE in XSD validation processor.

Action-Not Available
Vendor-The Apache Software Foundation
Product-camelApache Camel
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2018-9019
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-2.00% / 82.88%
||
7 Day CHG~0.00%
Published-22 May, 2018 | 20:00
Updated-05 Aug, 2024 | 07:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to /accountancy/admin/accountmodel.php, /accountancy/admin/categories_list.php, /accountancy/admin/journals_list.php, /admin/dict.php, /admin/mails_templates.php, or /admin/website.php.

Action-Not Available
Vendor-n/aDolibarr ERP & CRMOracle Corporation
Product-dolibarrdata_integratorn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2018-8021
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-78.27% / 98.98%
||
7 Day CHG~0.00%
Published-07 Nov, 2018 | 14:00
Updated-05 Aug, 2024 | 06:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Versions of Superset prior to 0.23 used an unsafe load method from the pickle library to deserialize data leading to possible remote code execution. Note Superset 0.23 was released prior to any Superset release under the Apache Software Foundation.

Action-Not Available
Vendor-unspecifiedThe Apache Software Foundation
Product-supersetSuperset
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-1999-1053
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-86.23% / 99.36%
||
7 Day CHG~0.00%
Published-12 Sep, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".

Action-Not Available
Vendor-matt_wrightn/aThe Apache Software Foundation
Product-matt_wright_guestbookhttp_servern/a
CVE-2010-2390
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-1.01% / 76.13%
||
7 Day CHG~0.00%
Published-13 Oct, 2010 | 22:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Database Control component in EM Console in Oracle Database Server 10.1.0.5 and 10.2.0.3, Oracle Fusion Middleware 10.1.2.3 and 10.1.4.3, and Enterprise Manager Grid Control allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.

Action-Not Available
Vendor-n/aOracle Corporation
Product-database_serverenterprise_manager_grid_controlfusion_middlewaren/a
CVE-2016-3504
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.8||CRITICAL
EPSS-0.91% / 74.87%
||
7 Day CHG~0.00%
Published-21 Jul, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to ADF Faces.

Action-Not Available
Vendor-n/aOracle Corporation
Product-jdevelopern/a
CVE-2010-0840
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-9.8||CRITICAL
EPSS-92.55% / 99.73%
||
7 Day CHG~0.00%
Published-01 Apr, 2010 | 16:00
Updated-30 Jul, 2025 | 01:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-06-15||Apply updates per vendor instructions.

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) "a similar trust issue with interfaces," aka "Trusted Methods Chaining Remote Code Execution Vulnerability."

Action-Not Available
Vendor-n/aopenSUSEOracle CorporationCanonical Ltd.
Product-ubuntu_linuxopensusejren/aJava Runtime Environment (JRE)
CVE-2016-3446
Matching Score-8
Assigner-Oracle
ShareView Details
Matching Score-8
Assigner-Oracle
CVSS Score-8.3||HIGH
EPSS-0.56% / 67.13%
||
7 Day CHG~0.00%
Published-21 Jul, 2016 | 10:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in the Oracle Business Intelligence Enterprise Edition component in Oracle Fusion Middleware 11.1.1.7.0 and 11.1.1.9.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Analytics Web Administration.

Action-Not Available
Vendor-n/aOracle Corporation
Product-business_intelligencen/a
CVE-1999-0071
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.15% / 83.56%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-http_servern/a
CVE-2016-2170
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-9.8||CRITICAL
EPSS-14.91% / 94.28%
||
7 Day CHG~0.00%
Published-12 Apr, 2016 | 14:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache OFBiz 12.04.x before 12.04.06 and 13.07.x before 13.07.03 allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-ofbizn/a
CWE ID-CWE-20
Improper Input Validation
CVE-1999-0045
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-9.80% / 92.66%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

List of arbitrary files on Web host via nph-test-cgi script.

Action-Not Available
Vendor-n/aNetscape (Yahoo Inc.)The Apache Software Foundation
Product-communications_servercommerce_serverenterprise_serverhttp_servern/a
CVE-2018-8016
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-0.64% / 69.65%
||
7 Day CHG~0.00%
Published-28 Jun, 2018 | 16:00
Updated-16 Sep, 2024 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. This issue is a regression of CVE-2015-0225. The regression was introduced in https://issues.apache.org/jira/browse/CASSANDRA-12109. The fix for the regression is implemented in https://issues.apache.org/jira/browse/CASSANDRA-14173. This fix is contained in the 3.11.2 release of Apache Cassandra.

Action-Not Available
Vendor-The Apache Software Foundation
Product-cassandraApache Cassandra
CWE ID-CWE-306
Missing Authentication for Critical Function
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 15
  • 16
  • Next
Details not found