Search criteria
18 vulnerabilities found for application_server_portal by oracle
FKIE_CVE-2008-2138
Vulnerability from fkie_nvd - Published: 2008-05-12 16:20 - Updated: 2025-04-09 00:30
Severity ?
Summary
Oracle Application Server (OracleAS) Portal 10g allows remote attackers to bypass intended access restrictions and read the contents of /dav_portal/portal/ by sending a request containing a trailing "%0A" (encoded line feed), then using the session ID that is generated from that request. NOTE: as of 20080512, Oracle has not commented on the accuracy of this report.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | application_server_portal | 10g |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server_portal:10g:*:*:*:*:*:*:*",
"matchCriteriaId": "AA321251-DA7D-4D75-97FB-08EB405152AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Oracle Application Server (OracleAS) Portal 10g allows remote attackers to bypass intended access restrictions and read the contents of /dav_portal/portal/ by sending a request containing a trailing \"%0A\" (encoded line feed), then using the session ID that is generated from that request. NOTE: as of 20080512, Oracle has not commented on the accuracy of this report."
},
{
"lang": "es",
"value": "Oracle Application Server (OracleAS) Portal 10g permite a atacantes remotos evitar las restricciones de acceso previstas y leer los contenidos de /dav_portal/portal/ mediante una petici\u00f3n que contiene un rastro \"%0A\" (avance de l\u00ednea codificado) y utilizando a continuaci\u00f3n el ID de sesi\u00f3n que se genera de esa petici\u00f3n. NOTA: a fecha del 12-05-2008, Oracle no ha comentado la exactitud de este repote"
}
],
"id": "CVE-2008-2138",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-05-12T16:20:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30140"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3867"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/491865/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/29119"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020034"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42302"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30140"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/491865/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/29119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42302"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-1506
Vulnerability from fkie_nvd - Published: 2007-03-19 22:19 - Updated: 2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in PORTAL.wwv_main.render_warning_screen in the Oracle Portal 10g allows remote attackers to inject arbitrary web script or HTML via the (1) p_oldurl and (2) p_newurl parameters.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | application_server_portal | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server_portal:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6A5BDCC2-A803-473F-A1A7-3E54FE0CA786",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in PORTAL.wwv_main.render_warning_screen in the Oracle Portal 10g allows remote attackers to inject arbitrary web script or HTML via the (1) p_oldurl and (2) p_newurl parameters."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en PORTAL.wwv_main.render_warning_screen en Oracle Portal 10g permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n a trav\u00e9s de los par\u00e1metros (1) p_oldurl y (2) p_newurl."
}
],
"id": "CVE-2007-1506",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-03-19T22:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/34299"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2463"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/463012/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/22999"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/34299"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2463"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/463012/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/22999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33028"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-6699
Vulnerability from fkie_nvd - Published: 2006-12-23 01:28 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and possibly other versions allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter to (1) calendarDialog.jsp or (2) fred.jsp. NOTE: the calendar.jsp vector is covered by CVE-2006-6697.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | application_server_portal | 9.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server_portal:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "15B503FB-F1E6-4A2D-BD4C-1BEE89DE1B53",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and possibly other versions allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter to (1) calendarDialog.jsp or (2) fred.jsp. NOTE: the calendar.jsp vector is covered by CVE-2006-6697."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SRLF en Oracle Portal 9.0.2 y posiblemente otras versiones permiten a un atacante remoto inyectar cabeceras HTTP de su elecci\u00f3n y conducir respuestas HTTP diviendo los ataques a trav\u00e9s de secuencias CRLF en el par\u00e1metro enc a (1) calendarDialog.jsp o (2) fred.jsp. NOTA: el vector calendar.jsp est\u00e1 cubierto por CVE-2006-6697."
}
],
"id": "CVE-2006-6699",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-23T01:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/455106/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/455106/100/0/threaded"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2006-6697
Vulnerability from fkie_nvd - Published: 2006-12-22 02:28 - Updated: 2025-04-09 00:30
Severity ?
Summary
CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | application_server_portal | 9.0.2 | |
| oracle | application_server_portal | 10g |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server_portal:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "15B503FB-F1E6-4A2D-BD4C-1BEE89DE1B53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_portal:10g:*:*:*:*:*:*:*",
"matchCriteriaId": "AA321251-DA7D-4D75-97FB-08EB405152AE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n de CRLF en webapp/jsp/calendar.jsp en Oracle Portal 10g y anteriores, incluyendo 9.0.2, permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques de fragmentaci\u00f3n de respuestas HTTP mediante secuencias CRLF en el par\u00e1metro enc, posiblemente involucrando codificaci\u00f3n iso-8859-1."
}
],
"id": "CVE-2006-6697",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-22T02:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=full-disclosure\u0026m=116664018702238\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=full-disclosure\u0026m=116666155824901\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23461"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/2057"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/454945/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/454965/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/455106/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/21686"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/5124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=full-disclosure\u0026m=116664018702238\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=full-disclosure\u0026m=116666155824901\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/2057"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/454945/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/454965/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/455106/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/21686"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/5124"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2004-1707
Vulnerability from fkie_nvd - Published: 2004-07-30 04:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD38E99A-864A-4E99-B6A5-12AACDA822E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC62E1B2-6964-4459-A1EF-A6A087C2960F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.2.1s:*:*:*:*:*:*:*",
"matchCriteriaId": "6A6F28FD-6EAD-4EDD-B9A1-0B120D0F0919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4ED2EB-1E90-4E99-AAD6-5D838800F9B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C0160E00-D722-40CE-976C-77CB91C1B94D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFAE1E8A-644B-42FD-B149-89AD420BD7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8075E330-5819-4105-9BB7-4DCC3C0EAEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB346764-EDF2-4BE1-A273-C2CE9A173CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E59B89D9-AAF9-40CB-931C-EB4958491B99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C64888FB-133F-4930-8368-1BD2A4FB11A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "87DEB7BD-FB71-4C22-A0FF-89923B263DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BAAD1A33-4333-4AFB-8D49-1274AE345BA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "852BF209-3C6F-403B-920D-50C46D37515B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_portal:3.0.9.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB7896F-B5E6-4182-85F0-11A04A16F961",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_portal:9.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFEBABBB-DC11-4A8B-8C8A-A05D144F11A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_portal:9.0.2.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "5C5E7916-B077-4EE8-AD9E-FA118019E035",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_portal:9.0.2.3b:*:*:*:*:*:*:*",
"matchCriteriaId": "F03E1EB3-EB24-4A18-9DA1-AB6243C48221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server_lite:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E33A069-8301-4AD5-BDD3-8371DA394EE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server_lite:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C87F621-3405-4754-8112-87078CDC2554",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server_lite:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC67B4E-CCFE-4ACB-B3FF-7A6133219F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.5_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D96A60B5-7B83-4E94-AF2B-AF3DF28EE1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5C8D47-953E-41DF-9852-955611F6D387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6_.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4798CAE-9AAA-4623-85B2-309DB46DD28A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "121CF7A1-1710-4DA1-B7B6-028557D3FA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "616AD7A7-C8F3-4125-8E26-64109EA40730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7365AA-ACDA-461A-A84C-6B4FF04F295F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42C22E50-FDB8-4314-9F36-70D0130EAA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C65AC14-2AA0-4475-9932-E4AEA410CBCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA730ABB-F315-4F7F-B820-33C5558B05DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CE4E08-4892-419D-AC51-68DD42073092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C65C2671-2FFE-4461-A570-72E3BBC312D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6_.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA59E72F-ACC1-44F3-AE63-B42F1EB83F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CB4061-855C-4DAA-BDAD-AA1E68EFC1E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07F81AC9-DEBD-4B04-8753-C68BAE509B13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0785C55D-183D-42D8-A9F9-DBD297FE7F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8086BBDC-76BE-47C0-8F11-CEC57A23FC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.1:*:*:*:*:*:*:*",
"matchCriteriaId": "72BAAEF7-74CA-4C4F-8D52-AC4D5DE2E0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EECAE774-22F3-4872-9E05-A14376F3883D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:client_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAA7E8B-263B-40A2-B6D8-8A303A7D4358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:client_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "085FF0CB-B426-4DCB-9411-017A45280A60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2201796B-013B-4440-B366-1F2966AA86FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "43C6FFA8-18A6-4EE1-BE10-A1B7F3C1A47E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F90F6C4F-CEF5-4172-97FC-617B71EAA636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FFA2A5C-B289-4505-85F5-7F6F0222B552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E876825-D6E5-4958-B737-4CE43A32BEC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E07567-754A-40C0-9428-D151880EE6F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6233345D-5100-404A-9B61-524D9679D9E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB739C3-A9BD-433F-8547-12BC615DB18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D7A3CB-54CC-4CD9-9672-366233BF0CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58DB0B6B-EB97-448A-B63E-E5997382DD45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DA77BC6D-661F-46E9-B144-1587C1192B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "16F9C7F3-8140-4FEF-8319-64CE51B830AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68286D06-9EBA-4FBD-AB0B-D80993895416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C059683-E0A1-4E97-B393-CB6B0EACF7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5675664-7036-48D0-9524-0350F626D4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA9F3EE8-DA8B-4605-B70B-CFCA25B07C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0DE0FB4-3C1A-460D-B48E-11D7AF415A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E46FE2E-CA1A-4970-81FF-0BFFF2CF6849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE7A2B1-A161-4A20-9EEC-B1EF7F2E387C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D65D66A0-23F7-4110-AF71-05CBFB3F92F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F207CBC6-D186-418D-8F11-3E623530E00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB2708A-58D1-4F17-8504-3748D6667788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E83B1C7A-287A-405F-B44E-85F891183D2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34FC1E19-8F20-4215-8D90-E42EF7126BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CB172848-A873-4137-A335-AD034806A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B78BD7D2-7B48-438C-8C24-01C4007C1A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDCC0D1-32AD-4902-8383-2AA169C3F3BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2D4D70A8-A6FE-4F82-82F1-AB1E9C28FB35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7F64908D-FDAA-499B-8060-8A6EC2443418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "99255D3E-41FF-4D2F-A11B-9563997F4110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0."
}
],
"id": "CVE-2004-1707",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-07-30T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109147677214087\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12205"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10829"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109147677214087\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10829"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16839"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2003-1193
Vulnerability from fkie_nvd - Published: 2003-11-03 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | application_server_portal | 3.0.9.8.5 | |
| oracle | application_server_portal | 9.0.2.3 | |
| oracle | application_server_portal | 9.0.2.3a | |
| oracle | application_server_portal | 9.0.2.3b | |
| oracle | oracle9i | 9.0.2 | |
| oracle | oracle9i | 9.0.2.0.0 | |
| oracle | oracle9i | 9.0.2.0.1 | |
| oracle | oracle9i | 9.0.2.1 | |
| oracle | oracle9i | 9.0.2.2 | |
| oracle | oracle9i | 9.0.2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server_portal:3.0.9.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB7896F-B5E6-4182-85F0-11A04A16F961",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_portal:9.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFEBABBB-DC11-4A8B-8C8A-A05D144F11A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_portal:9.0.2.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "5C5E7916-B077-4EE8-AD9E-FA118019E035",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_portal:9.0.2.3b:*:*:*:*:*:*:*",
"matchCriteriaId": "F03E1EB3-EB24-4A18-9DA1-AB6243C48221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "330BE6F7-144F-4188-84A4-6597AED71024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ED7598BA-C4F9-46C7-A90D-F80697EA9E4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D52D7F1A-7ADF-439B-9FF6-BF0D18CEF3A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BBAA75E1-6ED1-400E-9BBE-1890D7D0FA28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0D24685E-293E-4292-A7FC-E463723FFA9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0A1207BD-F50A-4E5E-89E8-E016AF356149",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL."
}
],
"id": "CVE-2003-1193",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-11-03T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert61.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/343520"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/8966"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13593"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert61.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/343520"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/8966"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13593"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2008-2138 (GCVE-0-2008-2138)
Vulnerability from cvelistv5 – Published: 2008-05-12 16:00 – Updated: 2024-08-07 08:49
VLAI?
Summary
Oracle Application Server (OracleAS) Portal 10g allows remote attackers to bypass intended access restrictions and read the contents of /dav_portal/portal/ by sending a request containing a trailing "%0A" (encoded line feed), then using the session ID that is generated from that request. NOTE: as of 20080512, Oracle has not commented on the accuracy of this report.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:49:58.493Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3867",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3867"
},
{
"name": "oracle-aps-cookie-auth-bypass(42302)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42302"
},
{
"name": "20080509 Oracle Application Server 10G ORA_DAV Basic Authentication Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/491865/100/0/threaded"
},
{
"name": "1020034",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020034"
},
{
"name": "30140",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30140"
},
{
"name": "29119",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29119"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Oracle Application Server (OracleAS) Portal 10g allows remote attackers to bypass intended access restrictions and read the contents of /dav_portal/portal/ by sending a request containing a trailing \"%0A\" (encoded line feed), then using the session ID that is generated from that request. NOTE: as of 20080512, Oracle has not commented on the accuracy of this report."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3867",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3867"
},
{
"name": "oracle-aps-cookie-auth-bypass(42302)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42302"
},
{
"name": "20080509 Oracle Application Server 10G ORA_DAV Basic Authentication Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/491865/100/0/threaded"
},
{
"name": "1020034",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020034"
},
{
"name": "30140",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30140"
},
{
"name": "29119",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29119"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Oracle Application Server (OracleAS) Portal 10g allows remote attackers to bypass intended access restrictions and read the contents of /dav_portal/portal/ by sending a request containing a trailing \"%0A\" (encoded line feed), then using the session ID that is generated from that request. NOTE: as of 20080512, Oracle has not commented on the accuracy of this report."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3867",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3867"
},
{
"name": "oracle-aps-cookie-auth-bypass(42302)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42302"
},
{
"name": "20080509 Oracle Application Server 10G ORA_DAV Basic Authentication Bypass Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/491865/100/0/threaded"
},
{
"name": "1020034",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020034"
},
{
"name": "30140",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30140"
},
{
"name": "29119",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29119"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2138",
"datePublished": "2008-05-12T16:00:00",
"dateReserved": "2008-05-12T00:00:00",
"dateUpdated": "2024-08-07T08:49:58.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1506 (GCVE-0-2007-1506)
Vulnerability from cvelistv5 – Published: 2007-03-19 22:00 – Updated: 2024-08-07 12:59
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in PORTAL.wwv_main.render_warning_screen in the Oracle Portal 10g allows remote attackers to inject arbitrary web script or HTML via the (1) p_oldurl and (2) p_newurl parameters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070316 Oracle Portal PORTAL.wwv_main.render_warning_screen XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/463012/100/0/threaded"
},
{
"name": "2463",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2463"
},
{
"name": "oracleportal-portalwarning-xss(33028)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33028"
},
{
"name": "34299",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34299"
},
{
"name": "22999",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22999"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in PORTAL.wwv_main.render_warning_screen in the Oracle Portal 10g allows remote attackers to inject arbitrary web script or HTML via the (1) p_oldurl and (2) p_newurl parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070316 Oracle Portal PORTAL.wwv_main.render_warning_screen XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/463012/100/0/threaded"
},
{
"name": "2463",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2463"
},
{
"name": "oracleportal-portalwarning-xss(33028)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33028"
},
{
"name": "34299",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34299"
},
{
"name": "22999",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22999"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in PORTAL.wwv_main.render_warning_screen in the Oracle Portal 10g allows remote attackers to inject arbitrary web script or HTML via the (1) p_oldurl and (2) p_newurl parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070316 Oracle Portal PORTAL.wwv_main.render_warning_screen XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/463012/100/0/threaded"
},
{
"name": "2463",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2463"
},
{
"name": "oracleportal-portalwarning-xss(33028)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33028"
},
{
"name": "34299",
"refsource": "OSVDB",
"url": "http://osvdb.org/34299"
},
{
"name": "22999",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22999"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1506",
"datePublished": "2007-03-19T22:00:00",
"dateReserved": "2007-03-19T00:00:00",
"dateUpdated": "2024-08-07T12:59:08.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6699 (GCVE-0-2006-6699)
Vulnerability from cvelistv5 – Published: 2006-12-23 01:00 – Updated: 2024-08-07 20:33
VLAI?
Summary
Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and possibly other versions allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter to (1) calendarDialog.jsp or (2) fred.jsp. NOTE: the calendar.jsp vector is covered by CVE-2006-6697.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:33:59.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20061221 Re: Oracle Portal 10g HTTP Response Splitting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/455106/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and possibly other versions allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter to (1) calendarDialog.jsp or (2) fred.jsp. NOTE: the calendar.jsp vector is covered by CVE-2006-6697."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20061221 Re: Oracle Portal 10g HTTP Response Splitting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/455106/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6699",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and possibly other versions allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter to (1) calendarDialog.jsp or (2) fred.jsp. NOTE: the calendar.jsp vector is covered by CVE-2006-6697."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061221 Re: Oracle Portal 10g HTTP Response Splitting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/455106/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6699",
"datePublished": "2006-12-23T01:00:00",
"dateReserved": "2006-12-22T00:00:00",
"dateUpdated": "2024-08-07T20:33:59.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6697 (GCVE-0-2006-6697)
Vulnerability from cvelistv5 – Published: 2006-12-22 02:00 – Updated: 2024-08-07 20:33
VLAI?
Summary
CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:33:59.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2057",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2057"
},
{
"name": "20061220 Re: [Full-disclosure] Oracle Portal 10g HTTP Response Splitting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/454965/100/0/threaded"
},
{
"name": "20061220 Oracle Portal 10g HTTP Response Splitting",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=116664018702238\u0026w=2"
},
{
"name": "20061220 Re: [Full-disclosure] Oracle Portal 10g HTTP Response Splitting",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=116666155824901\u0026w=2"
},
{
"name": "23461",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23461"
},
{
"name": "20061221 Re: Oracle Portal 10g HTTP Response Splitting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/455106/100/0/threaded"
},
{
"name": "ADV-2006-5124",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/5124"
},
{
"name": "21686",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21686"
},
{
"name": "20061220 Oracle Portal 10g HTTP Response Splitting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/454945/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2057",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2057"
},
{
"name": "20061220 Re: [Full-disclosure] Oracle Portal 10g HTTP Response Splitting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/454965/100/0/threaded"
},
{
"name": "20061220 Oracle Portal 10g HTTP Response Splitting",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=116664018702238\u0026w=2"
},
{
"name": "20061220 Re: [Full-disclosure] Oracle Portal 10g HTTP Response Splitting",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=116666155824901\u0026w=2"
},
{
"name": "23461",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23461"
},
{
"name": "20061221 Re: Oracle Portal 10g HTTP Response Splitting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/455106/100/0/threaded"
},
{
"name": "ADV-2006-5124",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/5124"
},
{
"name": "21686",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21686"
},
{
"name": "20061220 Oracle Portal 10g HTTP Response Splitting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/454945/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6697",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2057",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2057"
},
{
"name": "20061220 Re: [Full-disclosure] Oracle Portal 10g HTTP Response Splitting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/454965/100/0/threaded"
},
{
"name": "20061220 Oracle Portal 10g HTTP Response Splitting",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=116664018702238\u0026w=2"
},
{
"name": "20061220 Re: [Full-disclosure] Oracle Portal 10g HTTP Response Splitting",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=116666155824901\u0026w=2"
},
{
"name": "23461",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23461"
},
{
"name": "20061221 Re: Oracle Portal 10g HTTP Response Splitting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/455106/100/0/threaded"
},
{
"name": "ADV-2006-5124",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5124"
},
{
"name": "21686",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21686"
},
{
"name": "20061220 Oracle Portal 10g HTTP Response Splitting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/454945/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6697",
"datePublished": "2006-12-22T02:00:00",
"dateReserved": "2006-12-21T00:00:00",
"dateUpdated": "2024-08-07T20:33:59.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-1193 (GCVE-0-2003-1193)
Vulnerability from cvelistv5 – Published: 2005-05-10 04:00 – Updated: 2024-08-08 02:19
VLAI?
Summary
Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:19:46.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert61.pdf"
},
{
"name": "20031105 Multiple SQL Injection Vulnerabilities in Oracle Application Server 9i and RDBMS (#NISR05112003)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/343520"
},
{
"name": "oracle-portal-sql-injection(13593)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13593"
},
{
"name": "8966",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8966"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert61.pdf"
},
{
"name": "20031105 Multiple SQL Injection Vulnerabilities in Oracle Application Server 9i and RDBMS (#NISR05112003)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/343520"
},
{
"name": "oracle-portal-sql-injection(13593)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13593"
},
{
"name": "8966",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8966"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://otn.oracle.com/deploy/security/pdf/2003alert61.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert61.pdf"
},
{
"name": "20031105 Multiple SQL Injection Vulnerabilities in Oracle Application Server 9i and RDBMS (#NISR05112003)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/343520"
},
{
"name": "oracle-portal-sql-injection(13593)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13593"
},
{
"name": "8966",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8966"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1193",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T02:19:46.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1707 (GCVE-0-2004-1707)
Vulnerability from cvelistv5 – Published: 2005-02-26 05:00 – Updated: 2024-08-08 01:00
VLAI?
Summary
The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:00:37.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "12205",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12205"
},
{
"name": "oracle-libraries-gain-privileges(16839)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16839"
},
{
"name": "20040802 OPEN3S - Local Privilege Elevation through Oracle products (Unix Platform)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109147677214087\u0026w=2"
},
{
"name": "10829",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10829"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "12205",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12205"
},
{
"name": "oracle-libraries-gain-privileges(16839)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16839"
},
{
"name": "20040802 OPEN3S - Local Privilege Elevation through Oracle products (Unix Platform)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109147677214087\u0026w=2"
},
{
"name": "10829",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10829"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12205",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12205"
},
{
"name": "oracle-libraries-gain-privileges(16839)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16839"
},
{
"name": "20040802 OPEN3S - Local Privilege Elevation through Oracle products (Unix Platform)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109147677214087\u0026w=2"
},
{
"name": "10829",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10829"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1707",
"datePublished": "2005-02-26T05:00:00",
"dateReserved": "2005-02-26T00:00:00",
"dateUpdated": "2024-08-08T01:00:37.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2138 (GCVE-0-2008-2138)
Vulnerability from nvd – Published: 2008-05-12 16:00 – Updated: 2024-08-07 08:49
VLAI?
Summary
Oracle Application Server (OracleAS) Portal 10g allows remote attackers to bypass intended access restrictions and read the contents of /dav_portal/portal/ by sending a request containing a trailing "%0A" (encoded line feed), then using the session ID that is generated from that request. NOTE: as of 20080512, Oracle has not commented on the accuracy of this report.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:49:58.493Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3867",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3867"
},
{
"name": "oracle-aps-cookie-auth-bypass(42302)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42302"
},
{
"name": "20080509 Oracle Application Server 10G ORA_DAV Basic Authentication Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/491865/100/0/threaded"
},
{
"name": "1020034",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020034"
},
{
"name": "30140",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30140"
},
{
"name": "29119",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29119"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Oracle Application Server (OracleAS) Portal 10g allows remote attackers to bypass intended access restrictions and read the contents of /dav_portal/portal/ by sending a request containing a trailing \"%0A\" (encoded line feed), then using the session ID that is generated from that request. NOTE: as of 20080512, Oracle has not commented on the accuracy of this report."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3867",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3867"
},
{
"name": "oracle-aps-cookie-auth-bypass(42302)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42302"
},
{
"name": "20080509 Oracle Application Server 10G ORA_DAV Basic Authentication Bypass Vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/491865/100/0/threaded"
},
{
"name": "1020034",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020034"
},
{
"name": "30140",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30140"
},
{
"name": "29119",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29119"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2138",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Oracle Application Server (OracleAS) Portal 10g allows remote attackers to bypass intended access restrictions and read the contents of /dav_portal/portal/ by sending a request containing a trailing \"%0A\" (encoded line feed), then using the session ID that is generated from that request. NOTE: as of 20080512, Oracle has not commented on the accuracy of this report."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3867",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3867"
},
{
"name": "oracle-aps-cookie-auth-bypass(42302)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42302"
},
{
"name": "20080509 Oracle Application Server 10G ORA_DAV Basic Authentication Bypass Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/491865/100/0/threaded"
},
{
"name": "1020034",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020034"
},
{
"name": "30140",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30140"
},
{
"name": "29119",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29119"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2138",
"datePublished": "2008-05-12T16:00:00",
"dateReserved": "2008-05-12T00:00:00",
"dateUpdated": "2024-08-07T08:49:58.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1506 (GCVE-0-2007-1506)
Vulnerability from nvd – Published: 2007-03-19 22:00 – Updated: 2024-08-07 12:59
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in PORTAL.wwv_main.render_warning_screen in the Oracle Portal 10g allows remote attackers to inject arbitrary web script or HTML via the (1) p_oldurl and (2) p_newurl parameters.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:59:08.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20070316 Oracle Portal PORTAL.wwv_main.render_warning_screen XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/463012/100/0/threaded"
},
{
"name": "2463",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2463"
},
{
"name": "oracleportal-portalwarning-xss(33028)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33028"
},
{
"name": "34299",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34299"
},
{
"name": "22999",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22999"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-03-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in PORTAL.wwv_main.render_warning_screen in the Oracle Portal 10g allows remote attackers to inject arbitrary web script or HTML via the (1) p_oldurl and (2) p_newurl parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20070316 Oracle Portal PORTAL.wwv_main.render_warning_screen XSS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/463012/100/0/threaded"
},
{
"name": "2463",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2463"
},
{
"name": "oracleportal-portalwarning-xss(33028)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33028"
},
{
"name": "34299",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34299"
},
{
"name": "22999",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22999"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1506",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in PORTAL.wwv_main.render_warning_screen in the Oracle Portal 10g allows remote attackers to inject arbitrary web script or HTML via the (1) p_oldurl and (2) p_newurl parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20070316 Oracle Portal PORTAL.wwv_main.render_warning_screen XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/463012/100/0/threaded"
},
{
"name": "2463",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2463"
},
{
"name": "oracleportal-portalwarning-xss(33028)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33028"
},
{
"name": "34299",
"refsource": "OSVDB",
"url": "http://osvdb.org/34299"
},
{
"name": "22999",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22999"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1506",
"datePublished": "2007-03-19T22:00:00",
"dateReserved": "2007-03-19T00:00:00",
"dateUpdated": "2024-08-07T12:59:08.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6699 (GCVE-0-2006-6699)
Vulnerability from nvd – Published: 2006-12-23 01:00 – Updated: 2024-08-07 20:33
VLAI?
Summary
Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and possibly other versions allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter to (1) calendarDialog.jsp or (2) fred.jsp. NOTE: the calendar.jsp vector is covered by CVE-2006-6697.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:33:59.977Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20061221 Re: Oracle Portal 10g HTTP Response Splitting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/455106/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and possibly other versions allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter to (1) calendarDialog.jsp or (2) fred.jsp. NOTE: the calendar.jsp vector is covered by CVE-2006-6697."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20061221 Re: Oracle Portal 10g HTTP Response Splitting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/455106/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6699",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and possibly other versions allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter to (1) calendarDialog.jsp or (2) fred.jsp. NOTE: the calendar.jsp vector is covered by CVE-2006-6697."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20061221 Re: Oracle Portal 10g HTTP Response Splitting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/455106/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6699",
"datePublished": "2006-12-23T01:00:00",
"dateReserved": "2006-12-22T00:00:00",
"dateUpdated": "2024-08-07T20:33:59.977Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-6697 (GCVE-0-2006-6697)
Vulnerability from nvd – Published: 2006-12-22 02:00 – Updated: 2024-08-07 20:33
VLAI?
Summary
CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:33:59.974Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2057",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/2057"
},
{
"name": "20061220 Re: [Full-disclosure] Oracle Portal 10g HTTP Response Splitting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/454965/100/0/threaded"
},
{
"name": "20061220 Oracle Portal 10g HTTP Response Splitting",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=116664018702238\u0026w=2"
},
{
"name": "20061220 Re: [Full-disclosure] Oracle Portal 10g HTTP Response Splitting",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=116666155824901\u0026w=2"
},
{
"name": "23461",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23461"
},
{
"name": "20061221 Re: Oracle Portal 10g HTTP Response Splitting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/455106/100/0/threaded"
},
{
"name": "ADV-2006-5124",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/5124"
},
{
"name": "21686",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21686"
},
{
"name": "20061220 Oracle Portal 10g HTTP Response Splitting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/454945/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2057",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/2057"
},
{
"name": "20061220 Re: [Full-disclosure] Oracle Portal 10g HTTP Response Splitting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/454965/100/0/threaded"
},
{
"name": "20061220 Oracle Portal 10g HTTP Response Splitting",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=116664018702238\u0026w=2"
},
{
"name": "20061220 Re: [Full-disclosure] Oracle Portal 10g HTTP Response Splitting",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=116666155824901\u0026w=2"
},
{
"name": "23461",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23461"
},
{
"name": "20061221 Re: Oracle Portal 10g HTTP Response Splitting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/455106/100/0/threaded"
},
{
"name": "ADV-2006-5124",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/5124"
},
{
"name": "21686",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21686"
},
{
"name": "20061220 Oracle Portal 10g HTTP Response Splitting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/454945/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6697",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2057",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/2057"
},
{
"name": "20061220 Re: [Full-disclosure] Oracle Portal 10g HTTP Response Splitting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/454965/100/0/threaded"
},
{
"name": "20061220 Oracle Portal 10g HTTP Response Splitting",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=116664018702238\u0026w=2"
},
{
"name": "20061220 Re: [Full-disclosure] Oracle Portal 10g HTTP Response Splitting",
"refsource": "FULLDISC",
"url": "http://marc.info/?l=full-disclosure\u0026m=116666155824901\u0026w=2"
},
{
"name": "23461",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23461"
},
{
"name": "20061221 Re: Oracle Portal 10g HTTP Response Splitting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/455106/100/0/threaded"
},
{
"name": "ADV-2006-5124",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5124"
},
{
"name": "21686",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21686"
},
{
"name": "20061220 Oracle Portal 10g HTTP Response Splitting",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/454945/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6697",
"datePublished": "2006-12-22T02:00:00",
"dateReserved": "2006-12-21T00:00:00",
"dateUpdated": "2024-08-07T20:33:59.974Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2003-1193 (GCVE-0-2003-1193)
Vulnerability from nvd – Published: 2005-05-10 04:00 – Updated: 2024-08-08 02:19
VLAI?
Summary
Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:19:46.091Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert61.pdf"
},
{
"name": "20031105 Multiple SQL Injection Vulnerabilities in Oracle Application Server 9i and RDBMS (#NISR05112003)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/343520"
},
{
"name": "oracle-portal-sql-injection(13593)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13593"
},
{
"name": "8966",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8966"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-11-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert61.pdf"
},
{
"name": "20031105 Multiple SQL Injection Vulnerabilities in Oracle Application Server 9i and RDBMS (#NISR05112003)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/343520"
},
{
"name": "oracle-portal-sql-injection(13593)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13593"
},
{
"name": "8966",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8966"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-1193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in the Portal DB (1) List of Values (LOVs), (2) Forms, (3) Hierarchy, and (4) XML components packages in Oracle Oracle9i Application Server 9.0.2.00 through 3.0.9.8.5 allow remote attackers to execute arbitrary SQL commands via the URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://otn.oracle.com/deploy/security/pdf/2003alert61.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert61.pdf"
},
{
"name": "20031105 Multiple SQL Injection Vulnerabilities in Oracle Application Server 9i and RDBMS (#NISR05112003)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/343520"
},
{
"name": "oracle-portal-sql-injection(13593)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/13593"
},
{
"name": "8966",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8966"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-1193",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T02:19:46.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2004-1707 (GCVE-0-2004-1707)
Vulnerability from nvd – Published: 2005-02-26 05:00 – Updated: 2024-08-08 01:00
VLAI?
Summary
The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:00:37.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "12205",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12205"
},
{
"name": "oracle-libraries-gain-privileges(16839)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16839"
},
{
"name": "20040802 OPEN3S - Local Privilege Elevation through Oracle products (Unix Platform)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109147677214087\u0026w=2"
},
{
"name": "10829",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10829"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "12205",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12205"
},
{
"name": "oracle-libraries-gain-privileges(16839)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16839"
},
{
"name": "20040802 OPEN3S - Local Privilege Elevation through Oracle products (Unix Platform)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109147677214087\u0026w=2"
},
{
"name": "10829",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10829"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12205",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12205"
},
{
"name": "oracle-libraries-gain-privileges(16839)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16839"
},
{
"name": "20040802 OPEN3S - Local Privilege Elevation through Oracle products (Unix Platform)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109147677214087\u0026w=2"
},
{
"name": "10829",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10829"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1707",
"datePublished": "2005-02-26T05:00:00",
"dateReserved": "2005-02-26T00:00:00",
"dateUpdated": "2024-08-08T01:00:37.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}