CVEs and Security Vulnerabilities CVEs and Security Vulnerabilities

Filtered by vendor Oracle Subscriptions

Filtered by product Application Server Subscriptions

Total 199 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2006-5361	1 Oracle	2 Application Server, Collaboration Suite	2025-04-09	N/A
Unspecified vulnerability in Oracle Containers for J2EE in Oracle Application Server 9.0.4.3, 10.1.2.0.0, and 10.1.2.0.1, and Oracle Collaboration Suite 9.0.4.2 and 10.1.2, has unknown impact and remote attack vectors, aka Vuln# OC4J03.
CVE-2006-5362	1 Oracle	1 Application Server	2025-04-09	N/A
Unspecified vulnerability in Oracle Containers for J2EE component in Oracle Application Server 10.1.3.0.0 has unknown impact and remote attack vectors, aka Vuln# OC4J04.
CVE-2002-0563	1 Oracle	4 Application Server, Application Server Web Cache, Oracle8i and 1 more	2025-04-03	N/A
The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without authentication, including Dynamic Monitoring Services (1) dms0, (2) dms/DMSDump, (3) servlet/DMSDump, (4) servlet/Spy, (5) soap/servlet/Spy, and (6) dms/AggreSpy; and Oracle Java Process Manager (7) oprocmgr-status and (8) oprocmgr-service, which can be used to control Java processes.
CVE-2006-3706	1 Oracle	1 Application Server	2025-04-03	N/A
Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3 has unknown impact and attack vectors, aka Oracle Vuln# AS01.
CVE-2006-3707	1 Oracle	1 Application Server	2025-04-03	N/A
Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3 and 9.0.3.1 has unknown impact and attack vectors, aka Oracle Vuln# AS02.
CVE-2006-3711	1 Oracle	1 Application Server	2025-04-03	N/A
Unspecified vulnerability in OC4J for Oracle Application Server 9.0.2.3, 9.0.3.1, and 9.0.4.1 has unknown impact and attack vectors, aka Oracle Vuln# AS06.
CVE-2002-1631	1 Oracle	1 Application Server	2025-04-03	N/A
SQL injection vulnerability in the query.xsql sample page in Oracle 9i Application Server (9iAS) allows remote attackers to execute arbitrary code via the sql parameter.
CVE-2002-1632	1 Oracle	1 Application Server	2025-04-03	N/A
Oracle 9i Application Server (9iAS) installs multiple sample pages that allow remote attackers to obtain environment variables and other sensitive information via (1) info.jsp, (2) printenv, (3) echo, or (4) echo2.
CVE-2002-1635	1 Oracle	1 Application Server	2025-04-03	N/A
The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
CVE-2006-3714	1 Oracle	1 Application Server	2025-04-03	N/A
Unspecified vulnerability in OC4J for Oracle Application Server 10.1.2.0.2 and 10.1.2.1 has unknown impact and attack vectors, aka Oracle Vuln# AS10.
CVE-2001-0419	1 Oracle	1 Application Server	2025-04-03	N/A
Buffer overflow in shared library ndwfn4.so for iPlanet Web Server (iWS) 4.1, when used as a web listener for Oracle application server 4.0.8.2, allows remote attackers to execute arbitrary commands via a long HTTP request that is passed to the application server, such as /jsp/.
CVE-2002-0842	1 Oracle	1 Application Server	2025-04-03	N/A
Format string vulnerability in certain third party modifications to mod_dav for logging bad gateway messages (e.g. Oracle9i Application Server 9.0.2) allows remote attackers to execute arbitrary code via a destination URI that forces a "502 Bad Gateway" response, which causes the format string specifiers to be returned from dav_lookup_uri() in mod_dav.c, which is then used in a call to ap_log_rerror().
CVE-2002-0566	1 Oracle	4 Application Server, Application Server Web Cache, Oracle8i and 1 more	2025-04-03	N/A
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to cause a denial of service (crash) via an HTTP Authorization header without an authentication type.
CVE-2002-1630	1 Oracle	1 Application Server	2025-04-03	N/A
The sendmail.jsp sample page in Oracle 9i Application Server (9iAS) allows remote attackers to send arbitrary emails.
CVE-2005-3446	1 Oracle	2 Application Server, Database Server	2025-04-03	N/A
Unspecified vulnerability in Internet Directory in Oracle Database Server 9i up to 9.2.0.6 and Application Server 9.0.2.3 up to 10.1.2.0 has unknown impact and attack vectors, aka Oracle Vuln# DB32 and AS06.
CVE-2005-3448	1 Oracle	1 Application Server	2025-04-03	N/A
Unspecified vulnerability in the OC4J Module in Oracle Application Server 9.0 up to 10.1.2.0.2 has unknown impact and attack vectors, as identified by Oracle Vuln# AS01.
CVE-2005-3449	1 Oracle	1 Application Server	2025-04-03	N/A
Multiple unspecified vulnerabilities in Oracle Application Server 9.0 up to 10.1.2.0 have unknown impact and attack vectors, as identified by Oracle Vuln# (1) AS02 in Containers for J2EE, (2) AS07 in Internet Directory, (3) AS09 in Report Server, and (4) AS11 in Web Cache.
CVE-2005-3451	1 Oracle	1 Application Server	2025-04-03	N/A
Unspecified vulnerability in SQL*ReportWriter in Oracle Application Server 9.0 up to 9.0.2.1 has unknown impact and attack vectors, as identified by Oracle Vuln# AS10.
CVE-2005-3453	1 Oracle	1 Application Server	2025-04-03	N/A
Multiple unspecified vulnerabilities in Web Cache in Oracle Application Server 1.0 up to 10.1.2.0 has unknown impact and attack vectors, as identified by Oracle Vuln# (1) AS12 and (2) AS14.
CVE-2005-3445	1 Oracle	2 Application Server, Database Server	2025-04-03	N/A
Multiple unspecified vulnerabilities in HTTP Server in Oracle Database Server 8i up to 10.1.0.4.2 and Application Server 1.0.2.2 up to 10.1.2.0 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB30 and AS03 or (2) DB31 and AS05.

« first previous Page 6 of 10. next last »