Total
103 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-2952 | 1 Oracle | 1 Http Server | 2020-04-16 | 6.4 MEDIUM | 6.5 MEDIUM |
| Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). The supported version that is affected is 11.1.1.9.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle HTTP Server accessible data as well as unauthorized read access to a subset of Oracle HTTP Server accessible data. CVSS 3.0 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N). | |||||
| CVE-2018-2760 | 1 Oracle | 1 Http Server | 2019-10-03 | 4.3 MEDIUM | 5.9 MEDIUM |
| Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: OSSL Module). Supported versions that are affected are 12.1.3 and 12.2.1.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle HTTP Server accessible data. CVSS 3.0 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). | |||||
| CVE-2006-0435 | 1 Oracle | 2 Application Server, Http Server | 2018-10-19 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Oracle PL/SQL (PLSQL), as used in Database Server DS 9.2.0.7 and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, E-Business Suite and Applications 11.5.10, and Collaboration Suite 10.1.1, 10.1.2.0, 10.1.2.1, and 9.0.4.2, allows attackers to bypass the PLSQLExclusion list and access excluded packages and procedures, aka Vuln# PLSQL01. | |||||
| CVE-2006-5350 | 1 Oracle | 2 E-business Suite, Http Server | 2018-10-17 | 7.2 HIGH | N/A |
| Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and Oracle E-Business Suite and Applications 11.5.10CU2 has unknown impact and local attack vectors, aka Vuln# OHS08. | |||||
| CVE-2006-5354 | 1 Oracle | 4 Application Server, Collaboration Suite, E-business Suite and 1 more | 2018-10-17 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and 10.1.0.5, Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0, racle Collaboration Suite 9.0.4.2 and 10.1.2, and Oracle E-Business Suite and Applications 11.5.10CU2 has unknown impact and remote attack vectors, aka Vuln# OHS06. | |||||
| CVE-2006-5347 | 1 Oracle | 1 Http Server | 2018-10-17 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and Oracle Collaboration Suite 9.0.4.2 has unknown impact and remote attack vectors related to HTTPS and SSL, aka Vuln# OHS04. | |||||
| CVE-2006-5348 | 1 Oracle | 3 Collaboration Suite, E-business Suite, Http Server | 2018-10-17 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, Oracle Collaboration Suite 9.0.4.2, and Oracle E-Business Suite and Applications 11.5.10CU2 has unknown impact and remote attack vectors related to HTTPS and SSL, aka Vuln# OHS05. | |||||
| CVE-2006-5349 | 1 Oracle | 1 Http Server | 2018-10-17 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, when running on HP Tru64 UNIX, has unknown impact and remote attack vectors related to HTTPS and SSL, aka Vuln# OHS07. | |||||
| CVE-2006-5346 | 1 Oracle | 3 Collaboration Suite, E-business Suite, Http Server | 2018-10-17 | 7.6 HIGH | N/A |
| Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, as used in Oracle Collaboration Suite 9.0.4.2 and Oracle E-Business Suite and Applications 11.5.10CU2, has unknown impact and remote attack vectors related to htdigest, aka Vuln# OHS02. | |||||
| CVE-2018-2561 | 1 Oracle | 1 Http Server | 2018-01-25 | 5.0 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Oracle HTTP Server component of Oracle Fusion Middleware (subcomponent: Web Listener). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle HTTP Server. CVSS 3.0 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). | |||||
| CVE-2016-3482 | 1 Oracle | 1 Http Server | 2017-09-01 | 5.0 MEDIUM | 3.7 LOW |
| Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.9 and 12.1.3.0 allows remote attackers to affect confidentiality via vectors related to SSL/TLS Module. | |||||
| CVE-2007-0281 | 1 Oracle | 3 Application Server, Collaboration Suite, Http Server | 2017-07-29 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Oracle HTTP Server 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.1, 10.1.2.0.2, 10.1.2.1, and 10.1.3.0; and Collaboration Suite 9.0.4.2 and 10.1.2; have unknown impact and attack vectors related to the Oracle HTTP Server, aka (1) OHS03 and (2) OHS04. | |||||
| CVE-2007-0279 | 1 Oracle | 2 E-business Suite, Http Server | 2017-07-29 | 7.5 HIGH | N/A |
| Multiple unspecified vulnerabilities in Oracle HTTP Server 9.2.0.8 and Oracle E-Business Suite and Applications 11.5.10CU2 have unknown impact and attack vectors, aka (1) OHS01, (2) OHS02, (3) OHS05, (4) OHS06, and (5) OHS07. | |||||
| CVE-2007-0282 | 1 Oracle | 3 Application Server, Collaboration Suite, Http Server | 2017-07-29 | 3.2 LOW | N/A |
| Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.2 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN02. | |||||
| CVE-2007-0280 | 1 Oracle | 3 Application Server, Collaboration Suite, Http Server | 2017-07-29 | 7.5 HIGH | N/A |
| Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.2, and 10.1.2.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN01. NOTE: as of 20070123, Oracle has not disputed claims by a reliable researcher that OPMN01 is for a buffer overflow in Oracle Notification Service (ONS). | |||||
| CVE-2004-2115 | 1 Oracle | 1 Http Server | 2017-07-11 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request. | |||||
| CVE-2004-1877 | 1 Oracle | 2 Application Server, Http Server | 2017-07-11 | 2.6 LOW | N/A |
| The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password. | |||||
| CVE-2016-0671 | 1 Oracle | 1 Http Server | 2016-12-03 | 2.6 LOW | 3.7 LOW |
| Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 12.1.2.0 allows remote attackers to affect confidentiality via vectors related to OSSL Module. | |||||
| CVE-1999-1125 | 1 Oracle | 1 Http Server | 2016-10-18 | 10.0 HIGH | N/A |
| Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file. | |||||
| CVE-1999-1068 | 1 Oracle | 1 Http Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| Oracle Webserver 2.1, when serving PL/SQL stored procedures, allows remote attackers to cause a denial of service via a long HTTP GET request. | |||||