All the vulnerabilites related to oracle - oracle8i
cve-1999-0888
Vulnerability from cvelistv5
Published
2000-04-18 04:00
Modified
2024-08-01 16:55
Severity ?
EPSS score ?
Summary
dbsnmp in Oracle Intelligent Agent allows local users to gain privileges by setting the ORACLE_HOME environmental variable, which dbsnmp uses to find the nmiconf.tcl script.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/585 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:55:29.139Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "585",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/585"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1999-08-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "dbsnmp in Oracle Intelligent Agent allows local users to gain privileges by setting the ORACLE_HOME environmental variable, which dbsnmp uses to find the nmiconf.tcl script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "585",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/585"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0888",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dbsnmp in Oracle Intelligent Agent allows local users to gain privileges by setting the ORACLE_HOME environmental variable, which dbsnmp uses to find the nmiconf.tcl script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "585",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/585"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0888",
"datePublished": "2000-04-18T04:00:00",
"dateReserved": "1999-12-08T00:00:00",
"dateUpdated": "2024-08-01T16:55:29.139Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0564
Vulnerability from cvelistv5
Published
2002-06-11 04:00
Modified
2024-08-08 02:56
Severity ?
EPSS score ?
Summary
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to bypass authentication for a Database Access Descriptor (DAD) by modifying the URL to reference an alternate DAD that already has valid credentials.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=101301813117562&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.cert.org/advisories/CA-2002-08.html | third-party-advisory, x_refsource_CERT | |
| http://www.nextgenss.com/papers/hpoas.pdf | x_refsource_MISC | |
| http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf | x_refsource_CONFIRM | |
| http://www.kb.cert.org/vuls/id/193523 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:37.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020206 Hackproofing Oracle Application Server paper",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"name": "CA-2002-08",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"name": "VU#193523",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/193523"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to bypass authentication for a Database Access Descriptor (DAD) by modifying the URL to reference an alternate DAD that already has valid credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020206 Hackproofing Oracle Application Server paper",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"name": "CA-2002-08",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"name": "VU#193523",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/193523"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0564",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to bypass authentication for a Database Access Descriptor (DAD) by modifying the URL to reference an alternate DAD that already has valid credentials."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020206 Hackproofing Oracle Application Server paper",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"name": "CA-2002-08",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "http://www.nextgenss.com/papers/hpoas.pdf",
"refsource": "MISC",
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"name": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"name": "VU#193523",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/193523"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0564",
"datePublished": "2002-06-11T04:00:00",
"dateReserved": "2002-06-07T00:00:00",
"dateUpdated": "2024-08-08T02:56:37.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0096
Vulnerability from cvelistv5
Published
2003-02-21 05:00
Modified
2024-08-08 01:43
Severity ?
EPSS score ?
Summary
Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3) a long DIRECTORY parameter to the BFILENAME function.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:43:35.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert48.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nextgenss.com/advisories/ora-tmstmpbo.txt"
},
{
"name": "20030217 Oracle bfilename function buffer overflow vulnerability (#NISR16022003e)",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0083.html"
},
{
"name": "20030217 Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c)",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0075.html"
},
{
"name": "VU#743954",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/743954"
},
{
"name": "6850",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6850"
},
{
"name": "20030217 Oracle TO_TIMESTAMP_TZ Remote System Buffer Overrun (#NISR16022003b)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104549743326864\u0026w=2"
},
{
"name": "oracle-bfilename-directory-bo(11325)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/11325.php"
},
{
"name": "VU#840666",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/840666"
},
{
"name": "CA-2003-05",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2003-05.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert50.pdf"
},
{
"name": "N-046",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/n-046.shtml"
},
{
"name": "oracle-totimestamptz-bo(11327)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/11327.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert49.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nextgenss.com/advisories/ora-bfilebo.txt"
},
{
"name": "6847",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6847"
},
{
"name": "oracle-tzoffset-bo(11326)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/11326.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nextgenss.com/advisories/ora-tzofstbo.txt"
},
{
"name": "20030217 Oracle unauthenticated remote system compromise (#NISR16022003a)",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0073.html"
},
{
"name": "6848",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6848"
},
{
"name": "20030217 Oracle bfilename function buffer overflow vulnerability (#NISR16022003e)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104550346303295\u0026w=2"
},
{
"name": "VU#663786",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/663786"
},
{
"name": "20030217 Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104549782327321\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-02-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3) a long DIRECTORY parameter to the BFILENAME function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-11-17T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert48.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nextgenss.com/advisories/ora-tmstmpbo.txt"
},
{
"name": "20030217 Oracle bfilename function buffer overflow vulnerability (#NISR16022003e)",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0083.html"
},
{
"name": "20030217 Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c)",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0075.html"
},
{
"name": "VU#743954",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/743954"
},
{
"name": "6850",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6850"
},
{
"name": "20030217 Oracle TO_TIMESTAMP_TZ Remote System Buffer Overrun (#NISR16022003b)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104549743326864\u0026w=2"
},
{
"name": "oracle-bfilename-directory-bo(11325)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/11325.php"
},
{
"name": "VU#840666",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/840666"
},
{
"name": "CA-2003-05",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2003-05.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert50.pdf"
},
{
"name": "N-046",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/n-046.shtml"
},
{
"name": "oracle-totimestamptz-bo(11327)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/11327.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert49.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nextgenss.com/advisories/ora-bfilebo.txt"
},
{
"name": "6847",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6847"
},
{
"name": "oracle-tzoffset-bo(11326)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/11326.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nextgenss.com/advisories/ora-tzofstbo.txt"
},
{
"name": "20030217 Oracle unauthenticated remote system compromise (#NISR16022003a)",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0073.html"
},
{
"name": "6848",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6848"
},
{
"name": "20030217 Oracle bfilename function buffer overflow vulnerability (#NISR16022003e)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104550346303295\u0026w=2"
},
{
"name": "VU#663786",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/663786"
},
{
"name": "20030217 Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104549782327321\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0096",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3) a long DIRECTORY parameter to the BFILENAME function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://otn.oracle.com/deploy/security/pdf/2003alert48.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert48.pdf"
},
{
"name": "http://www.nextgenss.com/advisories/ora-tmstmpbo.txt",
"refsource": "MISC",
"url": "http://www.nextgenss.com/advisories/ora-tmstmpbo.txt"
},
{
"name": "20030217 Oracle bfilename function buffer overflow vulnerability (#NISR16022003e)",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0083.html"
},
{
"name": "20030217 Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c)",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0075.html"
},
{
"name": "VU#743954",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/743954"
},
{
"name": "6850",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6850"
},
{
"name": "20030217 Oracle TO_TIMESTAMP_TZ Remote System Buffer Overrun (#NISR16022003b)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104549743326864\u0026w=2"
},
{
"name": "oracle-bfilename-directory-bo(11325)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/11325.php"
},
{
"name": "VU#840666",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/840666"
},
{
"name": "CA-2003-05",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2003-05.html"
},
{
"name": "http://otn.oracle.com/deploy/security/pdf/2003alert50.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert50.pdf"
},
{
"name": "N-046",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/n-046.shtml"
},
{
"name": "oracle-totimestamptz-bo(11327)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/11327.php"
},
{
"name": "http://otn.oracle.com/deploy/security/pdf/2003alert49.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert49.pdf"
},
{
"name": "http://www.nextgenss.com/advisories/ora-bfilebo.txt",
"refsource": "MISC",
"url": "http://www.nextgenss.com/advisories/ora-bfilebo.txt"
},
{
"name": "6847",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6847"
},
{
"name": "oracle-tzoffset-bo(11326)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/11326.php"
},
{
"name": "http://www.nextgenss.com/advisories/ora-tzofstbo.txt",
"refsource": "MISC",
"url": "http://www.nextgenss.com/advisories/ora-tzofstbo.txt"
},
{
"name": "20030217 Oracle unauthenticated remote system compromise (#NISR16022003a)",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0073.html"
},
{
"name": "6848",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6848"
},
{
"name": "20030217 Oracle bfilename function buffer overflow vulnerability (#NISR16022003e)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104550346303295\u0026w=2"
},
{
"name": "VU#663786",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/663786"
},
{
"name": "20030217 Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104549782327321\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0096",
"datePublished": "2003-02-21T05:00:00",
"dateReserved": "2003-02-18T00:00:00",
"dateUpdated": "2024-08-08T01:43:35.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1366
Vulnerability from cvelistv5
Published
2005-01-19 05:00
Modified
2024-08-08 00:46
Severity ?
EPSS score ?
Summary
Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18661 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/385323 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.kb.cert.org/vuls/id/316206 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.us-cert.gov/cas/techalerts/TA04-245A.html | third-party-advisory, x_refsource_CERT | |
| http://www.ngssoftware.com/advisories/oracle23122004D.txt | x_refsource_MISC | |
| http://www.securityfocus.com/bid/10871 | vdb-entry, x_refsource_BID | |
| http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf | x_refsource_CONFIRM | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1 | vendor-advisory, x_refsource_SUNALERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:46:12.404Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oracle-sysman-password-plaintext(18661)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18661"
},
{
"name": "20041223 Oracle clear text passwords (#NISR2122004D)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/385323"
},
{
"name": "VU#316206",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004D.txt"
},
{
"name": "10871",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "101782",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oracle-sysman-password-plaintext(18661)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18661"
},
{
"name": "20041223 Oracle clear text passwords (#NISR2122004D)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/385323"
},
{
"name": "VU#316206",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004D.txt"
},
{
"name": "10871",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "101782",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1366",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oracle-sysman-password-plaintext(18661)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18661"
},
{
"name": "20041223 Oracle clear text passwords (#NISR2122004D)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/385323"
},
{
"name": "VU#316206",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "http://www.ngssoftware.com/advisories/oracle23122004D.txt",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/oracle23122004D.txt"
},
{
"name": "10871",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10871"
},
{
"name": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "101782",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1366",
"datePublished": "2005-01-19T05:00:00",
"dateReserved": "2005-01-07T00:00:00",
"dateUpdated": "2024-08-08T00:46:12.404Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1369
Vulnerability from cvelistv5
Published
2005-01-19 05:00
Modified
2024-08-08 00:46
Severity ?
EPSS score ?
Summary
The TNS Listener in Oracle 10g allows remote attackers to cause a denial of service (listener crash) via a malformed service_register_NSGR request containing a value that is used as an invalid offset for a pointer that references incorrect memory.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ngssoftware.com/advisories/oracle23122004F.txt | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18664 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=110382524401468&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.kb.cert.org/vuls/id/316206 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.us-cert.gov/cas/techalerts/TA04-245A.html | third-party-advisory, x_refsource_CERT | |
| http://www.securityfocus.com/bid/10871 | vdb-entry, x_refsource_BID | |
| http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf | x_refsource_CONFIRM | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1 | vendor-advisory, x_refsource_SUNALERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:46:12.448Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004F.txt"
},
{
"name": "oracle-tnslsnr-nsgr-dos(18664)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18664"
},
{
"name": "20041223 Oracle TNS Listener DoS (#NISR2122004F)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110382524401468\u0026w=2"
},
{
"name": "VU#316206",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "10871",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "101782",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The TNS Listener in Oracle 10g allows remote attackers to cause a denial of service (listener crash) via a malformed service_register_NSGR request containing a value that is used as an invalid offset for a pointer that references incorrect memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004F.txt"
},
{
"name": "oracle-tnslsnr-nsgr-dos(18664)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18664"
},
{
"name": "20041223 Oracle TNS Listener DoS (#NISR2122004F)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110382524401468\u0026w=2"
},
{
"name": "VU#316206",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "10871",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "101782",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1369",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TNS Listener in Oracle 10g allows remote attackers to cause a denial of service (listener crash) via a malformed service_register_NSGR request containing a value that is used as an invalid offset for a pointer that references incorrect memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ngssoftware.com/advisories/oracle23122004F.txt",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/oracle23122004F.txt"
},
{
"name": "oracle-tnslsnr-nsgr-dos(18664)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18664"
},
{
"name": "20041223 Oracle TNS Listener DoS (#NISR2122004F)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110382524401468\u0026w=2"
},
{
"name": "VU#316206",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "10871",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10871"
},
{
"name": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "101782",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1369",
"datePublished": "2005-01-19T05:00:00",
"dateReserved": "2005-01-07T00:00:00",
"dateUpdated": "2024-08-08T00:46:12.448Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1363
Vulnerability from cvelistv5
Published
2005-01-19 05:00
Modified
2024-08-08 00:46
Severity ?
EPSS score ?
Summary
Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18659 | vdb-entry, x_refsource_XF | |
| http://www.ngssoftware.com/advisories/oracle23122004.txt | x_refsource_MISC | |
| http://marc.info/?l=bugtraq&m=110382345829397&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.kb.cert.org/vuls/id/316206 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.us-cert.gov/cas/techalerts/TA04-245A.html | third-party-advisory, x_refsource_CERT | |
| http://www.securityfocus.com/bid/10871 | vdb-entry, x_refsource_BID | |
| http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf | x_refsource_CONFIRM | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1 | vendor-advisory, x_refsource_SUNALERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:46:12.458Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oracle-extproc-library-bo(18659)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18659"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004.txt"
},
{
"name": "20041223 Oracle extproc buffer overflow (#NISR23122004A)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110382345829397\u0026w=2"
},
{
"name": "VU#316206",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "10871",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "101782",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oracle-extproc-library-bo(18659)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18659"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004.txt"
},
{
"name": "20041223 Oracle extproc buffer overflow (#NISR23122004A)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110382345829397\u0026w=2"
},
{
"name": "VU#316206",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "10871",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "101782",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1363",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oracle-extproc-library-bo(18659)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18659"
},
{
"name": "http://www.ngssoftware.com/advisories/oracle23122004.txt",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/oracle23122004.txt"
},
{
"name": "20041223 Oracle extproc buffer overflow (#NISR23122004A)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110382345829397\u0026w=2"
},
{
"name": "VU#316206",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "10871",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10871"
},
{
"name": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "101782",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1363",
"datePublished": "2005-01-19T05:00:00",
"dateReserved": "2005-01-07T00:00:00",
"dateUpdated": "2024-08-08T00:46:12.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-1999-0711
Vulnerability from cvelistv5
Published
2000-04-18 04:00
Modified
2024-08-01 16:48
Severity ?
EPSS score ?
Summary
The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix allows local users to execute Tcl commands as root.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?t=92550157100002&w=2&r=1 | mailing-list, x_refsource_BUGTRAQ | |
| http://marc.info/?l=bugtraq&m=92609807906778&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T16:48:37.597Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19990430 *Huge* security hole in Oracle 8.0.5 with Intellegent agent installed",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?t=92550157100002\u0026w=2\u0026r=1"
},
{
"name": "19990506 Oracle Security Followup, patch and FAQ: setuid on oratclsh",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=92609807906778\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix allows local users to execute Tcl commands as root."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19990430 *Huge* security hole in Oracle 8.0.5 with Intellegent agent installed",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?t=92550157100002\u0026w=2\u0026r=1"
},
{
"name": "19990506 Oracle Security Followup, patch and FAQ: setuid on oratclsh",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=92609807906778\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-0711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix allows local users to execute Tcl commands as root."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19990430 *Huge* security hole in Oracle 8.0.5 with Intellegent agent installed",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?t=92550157100002\u0026w=2\u0026r=1"
},
{
"name": "19990506 Oracle Security Followup, patch and FAQ: setuid on oratclsh",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=92609807906778\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-0711",
"datePublished": "2000-04-18T04:00:00",
"dateReserved": "1999-11-25T00:00:00",
"dateUpdated": "2024-08-01T16:48:37.597Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1362
Vulnerability from cvelistv5
Published
2005-01-19 05:00
Modified
2024-08-08 00:46
Severity ?
EPSS score ?
Summary
The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote attackers to bypass access restrictions for certain procedures via an encoded URL with "%FF" encoded sequences that are improperly converted to "Y" characters.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18657 | vdb-entry, x_refsource_XF | |
| http://www.kb.cert.org/vuls/id/435974 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.us-cert.gov/cas/techalerts/TA04-245A.html | third-party-advisory, x_refsource_CERT | |
| http://www.securityfocus.com/bid/10871 | vdb-entry, x_refsource_BID | |
| http://www.ngssoftware.com/advisories/oracle23122004G.txt | x_refsource_MISC | |
| http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf | x_refsource_CONFIRM | |
| http://marc.info/?l=bugtraq&m=110382306006205&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1 | vendor-advisory, x_refsource_SUNALERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:46:12.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oracle-character-conversion-gain-privileges(18657)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18657"
},
{
"name": "VU#435974",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/435974"
},
{
"name": "TA04-245A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "10871",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004G.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "20041223 Oracle Character Conversion Bugs (#NISR2122004G)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110382306006205\u0026w=2"
},
{
"name": "101782",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote attackers to bypass access restrictions for certain procedures via an encoded URL with \"%FF\" encoded sequences that are improperly converted to \"Y\" characters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oracle-character-conversion-gain-privileges(18657)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18657"
},
{
"name": "VU#435974",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/435974"
},
{
"name": "TA04-245A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "10871",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004G.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "20041223 Oracle Character Conversion Bugs (#NISR2122004G)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110382306006205\u0026w=2"
},
{
"name": "101782",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1362",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote attackers to bypass access restrictions for certain procedures via an encoded URL with \"%FF\" encoded sequences that are improperly converted to \"Y\" characters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oracle-character-conversion-gain-privileges(18657)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18657"
},
{
"name": "VU#435974",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/435974"
},
{
"name": "TA04-245A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "10871",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10871"
},
{
"name": "http://www.ngssoftware.com/advisories/oracle23122004G.txt",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/oracle23122004G.txt"
},
{
"name": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "20041223 Oracle Character Conversion Bugs (#NISR2122004G)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110382306006205\u0026w=2"
},
{
"name": "101782",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1362",
"datePublished": "2005-01-19T05:00:00",
"dateReserved": "2005-01-07T00:00:00",
"dateUpdated": "2024-08-08T00:46:12.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2000-0206
Vulnerability from cvelistv5
Published
2000-04-25 04:00
Modified
2024-08-08 05:05
Severity ?
EPSS score ?
Summary
The installation of Oracle 8.1.5.x on Linux follows symlinks and creates the orainstRoot.sh file with world-writeable permissions, which allows local users to gain privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2000-03/0023.html | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/1035 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:05:54.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20000305 Oracle installer problem",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-03/0023.html"
},
{
"name": "1035",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1035"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-03-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The installation of Oracle 8.1.5.x on Linux follows symlinks and creates the orainstRoot.sh file with world-writeable permissions, which allows local users to gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20000305 Oracle installer problem",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-03/0023.html"
},
{
"name": "1035",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1035"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The installation of Oracle 8.1.5.x on Linux follows symlinks and creates the orainstRoot.sh file with world-writeable permissions, which allows local users to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20000305 Oracle installer problem",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-03/0023.html"
},
{
"name": "1035",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1035"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0206",
"datePublished": "2000-04-25T04:00:00",
"dateReserved": "2000-03-22T00:00:00",
"dateUpdated": "2024-08-08T05:05:54.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1367
Vulnerability from cvelistv5
Published
2005-01-19 05:00
Modified
2024-08-08 00:46
Severity ?
EPSS score ?
Summary
Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=110382247308064&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.kb.cert.org/vuls/id/316206 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.us-cert.gov/cas/techalerts/TA04-245A.html | third-party-advisory, x_refsource_CERT | |
| http://www.ngssoftware.com/advisories/oracle23122004D.txt | x_refsource_MISC | |
| http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf | x_refsource_CONFIRM | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1 | vendor-advisory, x_refsource_SUNALERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:46:12.402Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20041223 Oracle clear text passwords (#NISR2122004D)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110382247308064\u0026w=2"
},
{
"name": "VU#316206",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004D.txt"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "101782",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Oracle 10g Database Server, when installed with a password that contains an exclamation point (\"!\") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20041223 Oracle clear text passwords (#NISR2122004D)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110382247308064\u0026w=2"
},
{
"name": "VU#316206",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004D.txt"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "101782",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1367",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Oracle 10g Database Server, when installed with a password that contains an exclamation point (\"!\") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20041223 Oracle clear text passwords (#NISR2122004D)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110382247308064\u0026w=2"
},
{
"name": "VU#316206",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "http://www.ngssoftware.com/advisories/oracle23122004D.txt",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/oracle23122004D.txt"
},
{
"name": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "101782",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1367",
"datePublished": "2005-01-19T05:00:00",
"dateReserved": "2005-01-07T00:00:00",
"dateUpdated": "2024-08-08T00:46:12.402Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1365
Vulnerability from cvelistv5
Published
2005-01-19 05:00
Modified
2024-08-08 00:46
Severity ?
EPSS score ?
Summary
Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local users to execute arbitrary commands as the Oracle user.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ngssoftware.com/advisories/oracle23122004C.txt | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18662 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=110382471608835&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.kb.cert.org/vuls/id/316206 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.us-cert.gov/cas/techalerts/TA04-245A.html | third-party-advisory, x_refsource_CERT | |
| http://www.securityfocus.com/bid/10871 | vdb-entry, x_refsource_BID | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1 | vendor-advisory, x_refsource_SUNALERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:46:12.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004C.txt"
},
{
"name": "oracle-extproc-command-execution(18662)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18662"
},
{
"name": "20041223 Oracle extproc local command execution (#NISR23122004C)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110382471608835\u0026w=2"
},
{
"name": "VU#316206",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "10871",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"name": "101782",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local users to execute arbitrary commands as the Oracle user."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004C.txt"
},
{
"name": "oracle-extproc-command-execution(18662)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18662"
},
{
"name": "20041223 Oracle extproc local command execution (#NISR23122004C)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110382471608835\u0026w=2"
},
{
"name": "VU#316206",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "10871",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"name": "101782",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1365",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local users to execute arbitrary commands as the Oracle user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ngssoftware.com/advisories/oracle23122004C.txt",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/oracle23122004C.txt"
},
{
"name": "oracle-extproc-command-execution(18662)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18662"
},
{
"name": "20041223 Oracle extproc local command execution (#NISR23122004C)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110382471608835\u0026w=2"
},
{
"name": "VU#316206",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "10871",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10871"
},
{
"name": "101782",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1365",
"datePublished": "2005-01-19T05:00:00",
"dateReserved": "2005-01-07T00:00:00",
"dateUpdated": "2024-08-08T00:46:12.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-1118
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:12
Severity ?
EPSS score ?
Summary
TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and Oracle 8i 8.1.x, allows remote attackers to cause a denial of service (hang or crash) via a SERVICE_CURLOAD command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://otn.oracle.com/deploy/security/pdf/2002alert42rev1.pdf | x_refsource_CONFIRM | |
| http://www.iss.net/security_center/static/10283.php | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/5678 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0017.html | mailing-list, x_refsource_VULNWATCH |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:12:16.946Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2002alert42rev1.pdf"
},
{
"name": "oracle-net-services-dos(10283)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10283.php"
},
{
"name": "5678",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5678"
},
{
"name": "20021009 R7-0006: Oracle 8i/9i Listener SERVICE_CURLOAD Denial of Service",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0017.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-10-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and Oracle 8i 8.1.x, allows remote attackers to cause a denial of service (hang or crash) via a SERVICE_CURLOAD command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-08-04T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2002alert42rev1.pdf"
},
{
"name": "oracle-net-services-dos(10283)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10283.php"
},
{
"name": "5678",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5678"
},
{
"name": "20021009 R7-0006: Oracle 8i/9i Listener SERVICE_CURLOAD Denial of Service",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0017.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1118",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and Oracle 8i 8.1.x, allows remote attackers to cause a denial of service (hang or crash) via a SERVICE_CURLOAD command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://otn.oracle.com/deploy/security/pdf/2002alert42rev1.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/2002alert42rev1.pdf"
},
{
"name": "oracle-net-services-dos(10283)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10283.php"
},
{
"name": "5678",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5678"
},
{
"name": "20021009 R7-0006: Oracle 8i/9i Listener SERVICE_CURLOAD Denial of Service",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0017.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1118",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-09-09T00:00:00",
"dateUpdated": "2024-08-08T03:12:16.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0560
Vulnerability from cvelistv5
Published
2002-06-11 04:00
Modified
2024-08-08 02:56
Severity ?
EPSS score ?
Summary
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to obtain sensitive information via the OWA_UTIL stored procedures (1) OWA_UTIL.signature, (2) OWA_UTIL.listprint, or (3) OWA_UTIL.show_query_columns.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=101301813117562&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.kb.cert.org/vuls/id/307835 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.cert.org/advisories/CA-2002-08.html | third-party-advisory, x_refsource_CERT | |
| http://www.nextgenss.com/papers/hpoas.pdf | x_refsource_MISC | |
| http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/4294 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:37.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020206 Hackproofing Oracle Application Server paper",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"name": "VU#307835",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/307835"
},
{
"name": "CA-2002-08",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"name": "4294",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4294"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to obtain sensitive information via the OWA_UTIL stored procedures (1) OWA_UTIL.signature, (2) OWA_UTIL.listprint, or (3) OWA_UTIL.show_query_columns."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020206 Hackproofing Oracle Application Server paper",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"name": "VU#307835",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/307835"
},
{
"name": "CA-2002-08",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"name": "4294",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4294"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0560",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to obtain sensitive information via the OWA_UTIL stored procedures (1) OWA_UTIL.signature, (2) OWA_UTIL.listprint, or (3) OWA_UTIL.show_query_columns."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020206 Hackproofing Oracle Application Server paper",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"name": "VU#307835",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/307835"
},
{
"name": "CA-2002-08",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "http://www.nextgenss.com/papers/hpoas.pdf",
"refsource": "MISC",
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"name": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"name": "4294",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4294"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0560",
"datePublished": "2002-06-11T04:00:00",
"dateReserved": "2002-06-07T00:00:00",
"dateUpdated": "2024-08-08T02:56:37.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-0126
Vulnerability from cvelistv5
Published
2001-05-07 04:00
Modified
2024-08-08 04:06
Severity ?
EPSS score ?
Summary
Oracle XSQL servlet 1.0.3.0 and earlier allows remote attackers to execute arbitrary Java code by redirecting the XSQL server to another source via the xml-stylesheet parameter in the xslt stylesheet.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/5905 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=98027700625521&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://marc.info/?l=bugtraq&m=97906670012796&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:06:55.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oracle-xsql-execute-code(5905)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5905"
},
{
"name": "20010123 Patch for Potential Vulnerability in Oracle XSQL Servlet",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=98027700625521\u0026w=2"
},
{
"name": "20010109 Oracle XSQL servlet and xml-stylesheet allow executing java on the web server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=97906670012796\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Oracle XSQL servlet 1.0.3.0 and earlier allows remote attackers to execute arbitrary Java code by redirecting the XSQL server to another source via the xml-stylesheet parameter in the xslt stylesheet."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oracle-xsql-execute-code(5905)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5905"
},
{
"name": "20010123 Patch for Potential Vulnerability in Oracle XSQL Servlet",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=98027700625521\u0026w=2"
},
{
"name": "20010109 Oracle XSQL servlet and xml-stylesheet allow executing java on the web server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=97906670012796\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0126",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Oracle XSQL servlet 1.0.3.0 and earlier allows remote attackers to execute arbitrary Java code by redirecting the XSQL server to another source via the xml-stylesheet parameter in the xslt stylesheet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oracle-xsql-execute-code(5905)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5905"
},
{
"name": "20010123 Patch for Potential Vulnerability in Oracle XSQL Servlet",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=98027700625521\u0026w=2"
},
{
"name": "20010109 Oracle XSQL servlet and xml-stylesheet allow executing java on the web server",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=97906670012796\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0126",
"datePublished": "2001-05-07T04:00:00",
"dateReserved": "2001-02-06T00:00:00",
"dateUpdated": "2024-08-08T04:06:55.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1370
Vulnerability from cvelistv5
Published
2005-01-19 05:00
Modified
2024-08-08 00:46
Severity ?
EPSS score ?
Summary
Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitrary SQL commands and gain privileges via (1) DBMS_EXPORT_EXTENSION, (2) WK_ACL.GET_ACL, (3) WK_ACL.STORE_ACL, (4) WK_ADM.COMPLETE_ACL_SNAPSHOT, (5) WK_ACL.DELETE_ACLS_WITH_STATEMENT, or (6) DRILOAD.VALIDATE_STMT.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ngssoftware.com/advisories/oracle23122004H.txt | x_refsource_MISC | |
| http://marc.info/?l=bugtraq&m=110382596129607&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.kb.cert.org/vuls/id/316206 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.us-cert.gov/cas/techalerts/TA04-245A.html | third-party-advisory, x_refsource_CERT | |
| http://www.securityfocus.com/bid/10871 | vdb-entry, x_refsource_BID | |
| http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18665 | vdb-entry, x_refsource_XF | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1 | vendor-advisory, x_refsource_SUNALERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:46:12.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004H.txt"
},
{
"name": "20041223 Oracle multiple PL/SQL injection vulnerabilities (#NISR2122004H)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110382596129607\u0026w=2"
},
{
"name": "VU#316206",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "10871",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "oracle-procedure-sql-injection(18665)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18665"
},
{
"name": "101782",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitrary SQL commands and gain privileges via (1) DBMS_EXPORT_EXTENSION, (2) WK_ACL.GET_ACL, (3) WK_ACL.STORE_ACL, (4) WK_ADM.COMPLETE_ACL_SNAPSHOT, (5) WK_ACL.DELETE_ACLS_WITH_STATEMENT, or (6) DRILOAD.VALIDATE_STMT."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004H.txt"
},
{
"name": "20041223 Oracle multiple PL/SQL injection vulnerabilities (#NISR2122004H)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110382596129607\u0026w=2"
},
{
"name": "VU#316206",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "10871",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "oracle-procedure-sql-injection(18665)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18665"
},
{
"name": "101782",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1370",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitrary SQL commands and gain privileges via (1) DBMS_EXPORT_EXTENSION, (2) WK_ACL.GET_ACL, (3) WK_ACL.STORE_ACL, (4) WK_ADM.COMPLETE_ACL_SNAPSHOT, (5) WK_ACL.DELETE_ACLS_WITH_STATEMENT, or (6) DRILOAD.VALIDATE_STMT."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ngssoftware.com/advisories/oracle23122004H.txt",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/oracle23122004H.txt"
},
{
"name": "20041223 Oracle multiple PL/SQL injection vulnerabilities (#NISR2122004H)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110382596129607\u0026w=2"
},
{
"name": "VU#316206",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "10871",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10871"
},
{
"name": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "oracle-procedure-sql-injection(18665)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18665"
},
{
"name": "101782",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1370",
"datePublished": "2005-01-19T05:00:00",
"dateReserved": "2005-01-07T00:00:00",
"dateUpdated": "2024-08-08T00:46:12.509Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-0498
Vulnerability from cvelistv5
Published
2001-07-27 04:00
Modified
2024-08-08 04:21
Severity ?
EPSS score ?
Summary
Transparent Network Substrate (TNS) over Net8 (SQLNet) in Oracle 8i 8.1.7 and earlier allows remote attackers to cause a denial of service via a malformed SQLNet connection request with a large offset in the header extension.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.nai.com/research/covert/advisories/049.asp | vendor-advisory, x_refsource_NAI |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:21:38.600Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010627 Oracle 8i SQLNet Header Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_NAI",
"x_transferred"
],
"url": "http://www.nai.com/research/covert/advisories/049.asp"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-06-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Transparent Network Substrate (TNS) over Net8 (SQLNet) in Oracle 8i 8.1.7 and earlier allows remote attackers to cause a denial of service via a malformed SQLNet connection request with a large offset in the header extension."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-04-18T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010627 Oracle 8i SQLNet Header Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_NAI"
],
"url": "http://www.nai.com/research/covert/advisories/049.asp"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0498",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Transparent Network Substrate (TNS) over Net8 (SQLNet) in Oracle 8i 8.1.7 and earlier allows remote attackers to cause a denial of service via a malformed SQLNet connection request with a large offset in the header extension."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010627 Oracle 8i SQLNet Header Vulnerability",
"refsource": "NAI",
"url": "http://www.nai.com/research/covert/advisories/049.asp"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0498",
"datePublished": "2001-07-27T04:00:00",
"dateReserved": "2001-06-05T00:00:00",
"dateUpdated": "2024-08-08T04:21:38.600Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-0516
Vulnerability from cvelistv5
Published
2001-07-27 04:00
Modified
2024-08-08 04:21
Severity ?
EPSS score ?
Summary
Oracle listener between Oracle 9i and Oracle 8.0 allows remote attackers to cause a denial of service via a malformed connection packet that contains an incorrect requester_version value that does not match an expected offset to the data.
References
| ▼ | URL | Tags |
|---|---|---|
| http://xforce.iss.net/alerts/advise82.php | third-party-advisory, x_refsource_ISS | |
| http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:21:38.747Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010515 Multiple Oracle Listener Denial of Service Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_ISS",
"x_transferred"
],
"url": "http://xforce.iss.net/alerts/advise82.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Oracle listener between Oracle 9i and Oracle 8.0 allows remote attackers to cause a denial of service via a malformed connection packet that contains an incorrect requester_version value that does not match an expected offset to the data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010515 Multiple Oracle Listener Denial of Service Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_ISS"
],
"url": "http://xforce.iss.net/alerts/advise82.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0516",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Oracle listener between Oracle 9i and Oracle 8.0 allows remote attackers to cause a denial of service via a malformed connection packet that contains an incorrect requester_version value that does not match an expected offset to the data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010515 Multiple Oracle Listener Denial of Service Vulnerabilities",
"refsource": "ISS",
"url": "http://xforce.iss.net/alerts/advise82.php"
},
{
"name": "http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0516",
"datePublished": "2001-07-27T04:00:00",
"dateReserved": "2001-06-13T00:00:00",
"dateUpdated": "2024-08-08T04:21:38.747Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1371
Vulnerability from cvelistv5
Published
2005-01-19 05:00
Modified
2024-08-08 00:46
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ngssoftware.com/advisories/oracle23122004J.txt | x_refsource_MISC | |
| http://marc.info/?l=bugtraq&m=110382570313035&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.kb.cert.org/vuls/id/316206 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.us-cert.gov/cas/techalerts/TA04-245A.html | third-party-advisory, x_refsource_CERT | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18666 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/10871 | vdb-entry, x_refsource_BID | |
| http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf | x_refsource_CONFIRM | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1 | vendor-advisory, x_refsource_SUNALERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:46:12.354Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004J.txt"
},
{
"name": "20041223 Oracle wrapped procedure overflow (#NISR2122004J)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110382570313035\u0026w=2"
},
{
"name": "VU#316206",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "oracle-wrapped-procedure-bo(18666)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18666"
},
{
"name": "10871",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "101782",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004J.txt"
},
{
"name": "20041223 Oracle wrapped procedure overflow (#NISR2122004J)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110382570313035\u0026w=2"
},
{
"name": "VU#316206",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "oracle-wrapped-procedure-bo(18666)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18666"
},
{
"name": "10871",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "101782",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1371",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ngssoftware.com/advisories/oracle23122004J.txt",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/oracle23122004J.txt"
},
{
"name": "20041223 Oracle wrapped procedure overflow (#NISR2122004J)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110382570313035\u0026w=2"
},
{
"name": "VU#316206",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "oracle-wrapped-procedure-bo(18666)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18666"
},
{
"name": "10871",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10871"
},
{
"name": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "101782",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1371",
"datePublished": "2005-01-19T05:00:00",
"dateReserved": "2005-01-07T00:00:00",
"dateUpdated": "2024-08-08T00:46:12.354Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0840
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 03:03
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:03:48.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-188",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-188"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://marc.info/?l=apache-httpd-announce\u0026m=103367938230488\u0026w=2"
},
{
"name": "ESA-20021007-024",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE",
"x_transferred"
],
"url": "http://www.linuxsecurity.com/advisories/other_advisory-2414.html"
},
{
"name": "HPSBUX0210-224",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://online.securityfocus.com/advisories/4617"
},
{
"name": "DSA-187",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-187"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.apacheweek.com/issues/02-10-04"
},
{
"name": "DSA-195",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-195"
},
{
"name": "20021003 [OpenPKG-SA-2002.009] OpenPKG Security Advisory (apache)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103376585508776\u0026w=2"
},
{
"name": "MDKSA-2002:068",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php"
},
{
"name": "CLA-2002:530",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000530"
},
{
"name": "20021017 TSLSA-2002-0069-apache",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html"
},
{
"name": "20021002 Apache 2 Cross-Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103357160425708\u0026w=2"
},
{
"name": "RHSA-2002:243",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-243.html"
},
{
"name": "862",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/862"
},
{
"name": "RHSA-2002:222",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-222.html"
},
{
"name": "RHSA-2003:106",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-106.html"
},
{
"name": "RHSA-2002:251",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-251.html"
},
{
"name": "apache-http-host-xss(10241)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10241"
},
{
"name": "20021105-02-I",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20021105-02-I"
},
{
"name": "20021002 Apache 2 Cross-Site Scripting",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0003.html"
},
{
"name": "VU#240329",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/240329"
},
{
"name": "5847",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5847"
},
{
"name": "RHSA-2002:248",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-248.html"
},
{
"name": "RHSA-2002:244",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-244.html"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-10-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is \"Off\" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-06T10:10:26",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-188",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-188"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://marc.info/?l=apache-httpd-announce\u0026m=103367938230488\u0026w=2"
},
{
"name": "ESA-20021007-024",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE"
],
"url": "http://www.linuxsecurity.com/advisories/other_advisory-2414.html"
},
{
"name": "HPSBUX0210-224",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://online.securityfocus.com/advisories/4617"
},
{
"name": "DSA-187",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-187"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.apacheweek.com/issues/02-10-04"
},
{
"name": "DSA-195",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-195"
},
{
"name": "20021003 [OpenPKG-SA-2002.009] OpenPKG Security Advisory (apache)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103376585508776\u0026w=2"
},
{
"name": "MDKSA-2002:068",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php"
},
{
"name": "CLA-2002:530",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000530"
},
{
"name": "20021017 TSLSA-2002-0069-apache",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html"
},
{
"name": "20021002 Apache 2 Cross-Site Scripting",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103357160425708\u0026w=2"
},
{
"name": "RHSA-2002:243",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-243.html"
},
{
"name": "862",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/862"
},
{
"name": "RHSA-2002:222",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-222.html"
},
{
"name": "RHSA-2003:106",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2003-106.html"
},
{
"name": "RHSA-2002:251",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-251.html"
},
{
"name": "apache-http-host-xss(10241)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10241"
},
{
"name": "20021105-02-I",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20021105-02-I"
},
{
"name": "20021002 Apache 2 Cross-Site Scripting",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0003.html"
},
{
"name": "VU#240329",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/240329"
},
{
"name": "5847",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5847"
},
{
"name": "RHSA-2002:248",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-248.html"
},
{
"name": "RHSA-2002:244",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2002-244.html"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0840",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is \"Off\" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-188",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-188"
},
{
"name": "http://marc.info/?l=apache-httpd-announce\u0026m=103367938230488\u0026w=2",
"refsource": "CONFIRM",
"url": "http://marc.info/?l=apache-httpd-announce\u0026m=103367938230488\u0026w=2"
},
{
"name": "ESA-20021007-024",
"refsource": "ENGARDE",
"url": "http://www.linuxsecurity.com/advisories/other_advisory-2414.html"
},
{
"name": "HPSBUX0210-224",
"refsource": "HP",
"url": "http://online.securityfocus.com/advisories/4617"
},
{
"name": "DSA-187",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-187"
},
{
"name": "http://www.apacheweek.com/issues/02-10-04",
"refsource": "CONFIRM",
"url": "http://www.apacheweek.com/issues/02-10-04"
},
{
"name": "DSA-195",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-195"
},
{
"name": "20021003 [OpenPKG-SA-2002.009] OpenPKG Security Advisory (apache)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=103376585508776\u0026w=2"
},
{
"name": "MDKSA-2002:068",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php"
},
{
"name": "CLA-2002:530",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000530"
},
{
"name": "20021017 TSLSA-2002-0069-apache",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html"
},
{
"name": "20021002 Apache 2 Cross-Site Scripting",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=103357160425708\u0026w=2"
},
{
"name": "RHSA-2002:243",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-243.html"
},
{
"name": "862",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/862"
},
{
"name": "RHSA-2002:222",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-222.html"
},
{
"name": "RHSA-2003:106",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2003-106.html"
},
{
"name": "RHSA-2002:251",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-251.html"
},
{
"name": "apache-http-host-xss(10241)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10241"
},
{
"name": "20021105-02-I",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20021105-02-I"
},
{
"name": "20021002 Apache 2 Cross-Site Scripting",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0003.html"
},
{
"name": "VU#240329",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/240329"
},
{
"name": "5847",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5847"
},
{
"name": "RHSA-2002:248",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-248.html"
},
{
"name": "RHSA-2002:244",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2002-244.html"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0840",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2002-08-08T00:00:00",
"dateUpdated": "2024-08-08T03:03:48.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0222
Vulnerability from cvelistv5
Published
2003-04-30 04:00
Modified
2024-08-08 01:43
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long USING parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=105162831008176&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.ciac.org/ciac/bulletins/n-085.shtml | third-party-advisory, government-resource, x_refsource_CIAC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/11885 | vdb-entry, x_refsource_XF | |
| http://otn.oracle.com/deploy/security/pdf/2003alert54.pdf | x_refsource_CONFIRM | |
| http://marc.info/?l=ntbugtraq&m=105163376015735&w=2 | mailing-list, x_refsource_NTBUGTRAQ | |
| http://www.securityfocus.com/bid/7453 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:43:36.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20030429 Oracle Database Server Buffer Overflow Vulnerability (#NISR29042003)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105162831008176\u0026w=2"
},
{
"name": "N-085",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/n-085.shtml"
},
{
"name": "oracle-database-link-bo(11885)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11885"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert54.pdf"
},
{
"name": "20030429 Oracle Database Server Buffer Overflow Vulnerability (#NISR29042003)",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=ntbugtraq\u0026m=105163376015735\u0026w=2"
},
{
"name": "7453",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/7453"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-04-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a \"CREATE DATABASE LINK\" query containing a connect string with a long USING parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20030429 Oracle Database Server Buffer Overflow Vulnerability (#NISR29042003)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105162831008176\u0026w=2"
},
{
"name": "N-085",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/n-085.shtml"
},
{
"name": "oracle-database-link-bo(11885)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11885"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert54.pdf"
},
{
"name": "20030429 Oracle Database Server Buffer Overflow Vulnerability (#NISR29042003)",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ"
],
"url": "http://marc.info/?l=ntbugtraq\u0026m=105163376015735\u0026w=2"
},
{
"name": "7453",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/7453"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0222",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a \"CREATE DATABASE LINK\" query containing a connect string with a long USING parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20030429 Oracle Database Server Buffer Overflow Vulnerability (#NISR29042003)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=105162831008176\u0026w=2"
},
{
"name": "N-085",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/n-085.shtml"
},
{
"name": "oracle-database-link-bo(11885)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11885"
},
{
"name": "http://otn.oracle.com/deploy/security/pdf/2003alert54.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert54.pdf"
},
{
"name": "20030429 Oracle Database Server Buffer Overflow Vulnerability (#NISR29042003)",
"refsource": "NTBUGTRAQ",
"url": "http://marc.info/?l=ntbugtraq\u0026m=105163376015735\u0026w=2"
},
{
"name": "7453",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/7453"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0222",
"datePublished": "2003-04-30T04:00:00",
"dateReserved": "2003-04-29T00:00:00",
"dateUpdated": "2024-08-08T01:43:36.042Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2000-0987
Vulnerability from cvelistv5
Published
2000-11-29 05:00
Modified
2024-08-08 05:37
Severity ?
EPSS score ?
Summary
Buffer overflow in oidldapd in Oracle 8.1.6 allow local users to gain privileges via a long "connect" command line parameter.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/archive/1/140340 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/archive/1/140709 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/5401 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:37:32.210Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20001018 vulnerability in Oracle Internet Directory in Oracle 8.1.6",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/140340"
},
{
"name": "20001020 In response to posting 10/18/2000 vulnerability in Oracle Internet Directory in Oracle 8.1.6",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/140709"
},
{
"name": "oracle-oidldap-bo(5401)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5401"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-10-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in oidldapd in Oracle 8.1.6 allow local users to gain privileges via a long \"connect\" command line parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20001018 vulnerability in Oracle Internet Directory in Oracle 8.1.6",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/140340"
},
{
"name": "20001020 In response to posting 10/18/2000 vulnerability in Oracle Internet Directory in Oracle 8.1.6",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/140709"
},
{
"name": "oracle-oidldap-bo(5401)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5401"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0987",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in oidldapd in Oracle 8.1.6 allow local users to gain privileges via a long \"connect\" command line parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20001018 vulnerability in Oracle Internet Directory in Oracle 8.1.6",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/140340"
},
{
"name": "20001020 In response to posting 10/18/2000 vulnerability in Oracle Internet Directory in Oracle 8.1.6",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/140709"
},
{
"name": "oracle-oidldap-bo(5401)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5401"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0987",
"datePublished": "2000-11-29T05:00:00",
"dateReserved": "2000-11-24T00:00:00",
"dateUpdated": "2024-08-08T05:37:32.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0568
Vulnerability from cvelistv5
Published
2002-06-11 04:00
Modified
2024-08-08 02:56
Severity ?
EPSS score ?
Summary
Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=101301813117562&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.cert.org/advisories/CA-2002-08.html | third-party-advisory, x_refsource_CERT | |
| http://www.securityfocus.com/bid/4290 | vdb-entry, x_refsource_BID | |
| http://www.nextgenss.com/papers/hpoas.pdf | x_refsource_MISC | |
| http://www.kb.cert.org/vuls/id/476619 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:38.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020206 Hackproofing Oracle Application Server paper",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"name": "CA-2002-08",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "4290",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4290"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"name": "VU#476619",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/476619"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020206 Hackproofing Oracle Application Server paper",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"name": "CA-2002-08",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "4290",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4290"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"name": "VU#476619",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/476619"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0568",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020206 Hackproofing Oracle Application Server paper",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"name": "CA-2002-08",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "4290",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4290"
},
{
"name": "http://www.nextgenss.com/papers/hpoas.pdf",
"refsource": "MISC",
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"name": "VU#476619",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/476619"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0568",
"datePublished": "2002-06-11T04:00:00",
"dateReserved": "2002-06-07T00:00:00",
"dateUpdated": "2024-08-08T02:56:38.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0095
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 01:43
Severity ?
EPSS score ?
Summary
Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authentication, as demonstrated using LOADPSP.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cert.org/advisories/CA-2003-05.html | third-party-advisory, x_refsource_CERT | |
| http://www.ciac.org/ciac/bulletins/n-046.shtml | third-party-advisory, government-resource, x_refsource_CIAC | |
| http://www.securityfocus.com/bid/6849 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=104549693426042&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://otn.oracle.com/deploy/security/pdf/2003alert51.pdf | x_refsource_CONFIRM | |
| http://www.iss.net/security_center/static/11328.php | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/6319 | vdb-entry, x_refsource_OSVDB | |
| http://www.kb.cert.org/vuls/id/953746 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:43:35.187Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CA-2003-05",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2003-05.html"
},
{
"name": "N-046",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC",
"x_transferred"
],
"url": "http://www.ciac.org/ciac/bulletins/n-046.shtml"
},
{
"name": "6849",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/6849"
},
{
"name": "20030217 Oracle unauthenticated remote system compromise (#NISR16022003a)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104549693426042\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert51.pdf"
},
{
"name": "oracle-username-bo(11328)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/11328.php"
},
{
"name": "6319",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6319"
},
{
"name": "VU#953746",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/953746"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-02-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authentication, as demonstrated using LOADPSP."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-10-18T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CA-2003-05",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2003-05.html"
},
{
"name": "N-046",
"tags": [
"third-party-advisory",
"government-resource",
"x_refsource_CIAC"
],
"url": "http://www.ciac.org/ciac/bulletins/n-046.shtml"
},
{
"name": "6849",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/6849"
},
{
"name": "20030217 Oracle unauthenticated remote system compromise (#NISR16022003a)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=104549693426042\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert51.pdf"
},
{
"name": "oracle-username-bo(11328)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/11328.php"
},
{
"name": "6319",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6319"
},
{
"name": "VU#953746",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/953746"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0095",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authentication, as demonstrated using LOADPSP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CA-2003-05",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2003-05.html"
},
{
"name": "N-046",
"refsource": "CIAC",
"url": "http://www.ciac.org/ciac/bulletins/n-046.shtml"
},
{
"name": "6849",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/6849"
},
{
"name": "20030217 Oracle unauthenticated remote system compromise (#NISR16022003a)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=104549693426042\u0026w=2"
},
{
"name": "http://otn.oracle.com/deploy/security/pdf/2003alert51.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert51.pdf"
},
{
"name": "oracle-username-bo(11328)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/11328.php"
},
{
"name": "6319",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6319"
},
{
"name": "VU#953746",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/953746"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0095",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2003-02-18T00:00:00",
"dateUpdated": "2024-08-08T01:43:35.187Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-0517
Vulnerability from cvelistv5
Published
2002-03-09 05:00
Modified
2024-08-08 04:21
Severity ?
EPSS score ?
Summary
Oracle listener in Oracle 8i on Solaris allows remote attackers to cause a denial of service via a malformed connection packet with a maximum transport data size that is set to 0.
References
| ▼ | URL | Tags |
|---|---|---|
| http://xforce.iss.net/alerts/advise82.php | third-party-advisory, x_refsource_ISS | |
| http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf | x_refsource_CONFIRM | |
| http://www.osvdb.org/5590 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/6715 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:21:38.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010515 Multiple Oracle Listener Denial of Service Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_ISS",
"x_transferred"
],
"url": "http://xforce.iss.net/alerts/advise82.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf"
},
{
"name": "5590",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5590"
},
{
"name": "oracle-listener-data-transport-dos(6715)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6715"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Oracle listener in Oracle 8i on Solaris allows remote attackers to cause a denial of service via a malformed connection packet with a maximum transport data size that is set to 0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010515 Multiple Oracle Listener Denial of Service Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_ISS"
],
"url": "http://xforce.iss.net/alerts/advise82.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf"
},
{
"name": "5590",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5590"
},
{
"name": "oracle-listener-data-transport-dos(6715)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6715"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0517",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Oracle listener in Oracle 8i on Solaris allows remote attackers to cause a denial of service via a malformed connection packet with a maximum transport data size that is set to 0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010515 Multiple Oracle Listener Denial of Service Vulnerabilities",
"refsource": "ISS",
"url": "http://xforce.iss.net/alerts/advise82.php"
},
{
"name": "http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf"
},
{
"name": "5590",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5590"
},
{
"name": "oracle-listener-data-transport-dos(6715)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6715"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0517",
"datePublished": "2002-03-09T05:00:00",
"dateReserved": "2001-06-13T00:00:00",
"dateUpdated": "2024-08-08T04:21:38.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0566
Vulnerability from cvelistv5
Published
2002-06-11 04:00
Modified
2024-08-08 02:56
Severity ?
EPSS score ?
Summary
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to cause a denial of service (crash) via an HTTP Authorization header without an authentication type.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cert.org/advisories/CA-2002-08.html | third-party-advisory, x_refsource_CERT | |
| http://www.securityfocus.com/bid/4037 | vdb-entry, x_refsource_BID | |
| http://www.kb.cert.org/vuls/id/805915 | third-party-advisory, x_refsource_CERT-VN | |
| http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf | x_refsource_CONFIRM | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/8099 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:37.286Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CA-2002-08",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "4037",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4037"
},
{
"name": "VU#805915",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/805915"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"name": "oracle-appserver-plsql-pls-dos(8099)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8099"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to cause a denial of service (crash) via an HTTP Authorization header without an authentication type."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CA-2002-08",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "4037",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4037"
},
{
"name": "VU#805915",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/805915"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"name": "oracle-appserver-plsql-pls-dos(8099)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8099"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0566",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to cause a denial of service (crash) via an HTTP Authorization header without an authentication type."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CA-2002-08",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "4037",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4037"
},
{
"name": "VU#805915",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/805915"
},
{
"name": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"name": "oracle-appserver-plsql-pls-dos(8099)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8099"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0566",
"datePublished": "2002-06-11T04:00:00",
"dateReserved": "2002-06-07T00:00:00",
"dateUpdated": "2024-08-08T02:56:37.286Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1368
Vulnerability from cvelistv5
Published
2005-01-19 05:00
Modified
2024-08-08 00:46
Severity ?
EPSS score ?
Summary
ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18656 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=110382264415387&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.ngssoftware.com/advisories/oracle23122004E.txt | x_refsource_MISC | |
| http://www.kb.cert.org/vuls/id/435974 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.us-cert.gov/cas/techalerts/TA04-245A.html | third-party-advisory, x_refsource_CERT | |
| http://www.securityfocus.com/bid/10871 | vdb-entry, x_refsource_BID | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1 | vendor-advisory, x_refsource_SUNALERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:46:12.449Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oracle-isqlplus-file-access(18656)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18656"
},
{
"name": "20041223 Oracle ISQLPlus file access vulnerability (#NISR2122004E)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110382264415387\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004E.txt"
},
{
"name": "VU#435974",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/435974"
},
{
"name": "TA04-245A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "10871",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"name": "101782",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oracle-isqlplus-file-access(18656)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18656"
},
{
"name": "20041223 Oracle ISQLPlus file access vulnerability (#NISR2122004E)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110382264415387\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004E.txt"
},
{
"name": "VU#435974",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/435974"
},
{
"name": "TA04-245A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "10871",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"name": "101782",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1368",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oracle-isqlplus-file-access(18656)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18656"
},
{
"name": "20041223 Oracle ISQLPlus file access vulnerability (#NISR2122004E)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110382264415387\u0026w=2"
},
{
"name": "http://www.ngssoftware.com/advisories/oracle23122004E.txt",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/oracle23122004E.txt"
},
{
"name": "VU#435974",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/435974"
},
{
"name": "TA04-245A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "10871",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10871"
},
{
"name": "101782",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1368",
"datePublished": "2005-01-19T05:00:00",
"dateReserved": "2005-01-07T00:00:00",
"dateUpdated": "2024-08-08T00:46:12.449Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0857
Vulnerability from cvelistv5
Published
2002-08-20 04:00
Modified
2024-08-08 03:03
Severity ?
EPSS score ?
Summary
Format string vulnerabilities in Oracle Listener Control utility (lsnrctl) for Oracle 9.2 and 9.0, 8.1, and 7.3.4, allow remote attackers to execute arbitrary code on the Oracle DBA system by placing format strings into certain entries in the listener.ora configuration file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://otn.oracle.com/deploy/security/pdf/2002alert40rev1.pdf | x_refsource_CONFIRM | |
| http://www.kb.cert.org/vuls/id/301059 | third-party-advisory, x_refsource_CERT-VN | |
| http://securitytracker.com/id?1005037 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/bid/5460 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=102933735716634&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.ngssoftware.com/advisories/ora-lsnrfmtstr.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:03:49.257Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2002alert40rev1.pdf"
},
{
"name": "VU#301059",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/301059"
},
{
"name": "1005037",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1005037"
},
{
"name": "5460",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5460"
},
{
"name": "20020814 Oracle Listener Control Format String Vulnerabilities (#NISR14082002)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102933735716634\u0026w=2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/ora-lsnrfmtstr.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-08-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerabilities in Oracle Listener Control utility (lsnrctl) for Oracle 9.2 and 9.0, 8.1, and 7.3.4, allow remote attackers to execute arbitrary code on the Oracle DBA system by placing format strings into certain entries in the listener.ora configuration file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2002alert40rev1.pdf"
},
{
"name": "VU#301059",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/301059"
},
{
"name": "1005037",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1005037"
},
{
"name": "5460",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5460"
},
{
"name": "20020814 Oracle Listener Control Format String Vulnerabilities (#NISR14082002)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102933735716634\u0026w=2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/ora-lsnrfmtstr.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0857",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerabilities in Oracle Listener Control utility (lsnrctl) for Oracle 9.2 and 9.0, 8.1, and 7.3.4, allow remote attackers to execute arbitrary code on the Oracle DBA system by placing format strings into certain entries in the listener.ora configuration file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://otn.oracle.com/deploy/security/pdf/2002alert40rev1.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/2002alert40rev1.pdf"
},
{
"name": "VU#301059",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/301059"
},
{
"name": "1005037",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1005037"
},
{
"name": "5460",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5460"
},
{
"name": "20020814 Oracle Listener Control Format String Vulnerabilities (#NISR14082002)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=102933735716634\u0026w=2"
},
{
"name": "http://www.ngssoftware.com/advisories/ora-lsnrfmtstr.txt",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/ora-lsnrfmtstr.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0857",
"datePublished": "2002-08-20T04:00:00",
"dateReserved": "2002-08-15T00:00:00",
"dateUpdated": "2024-08-08T03:03:49.257Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0559
Vulnerability from cvelistv5
Published
2002-06-11 04:00
Modified
2024-08-08 02:56
Severity ?
EPSS score ?
Summary
Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via (1) a long help page request without a dadname, which overflows the resulting HTTP Location header, (2) a long HTTP request to the plsql module, (3) a long password in the HTTP Authorization, (4) a long Access Descriptor (DAD) password in the addadd form, or (5) a long cache directory name.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:37.800Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#750299",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/750299"
},
{
"name": "VU#878603",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/878603"
},
{
"name": "oracle-appserver-plsql-adddad-bo(8098)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8098"
},
{
"name": "CA-2002-08",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "VU#659043",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/659043"
},
{
"name": "oracle-appserver-plsql-cache-bo(8097)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8097"
},
{
"name": "oracle-appserver-plsql-authclient-bo(8096)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8096"
},
{
"name": "20020206 Multiple Buffer Overflows in Oracle 9iAS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://online.securityfocus.com/archive/1/254426"
},
{
"name": "VU#313280",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/313280"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"name": "4032",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4032"
},
{
"name": "oracle-appserver-plsql-bo(8095)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8095"
},
{
"name": "VU#923395",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/923395"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via (1) a long help page request without a dadname, which overflows the resulting HTTP Location header, (2) a long HTTP request to the plsql module, (3) a long password in the HTTP Authorization, (4) a long Access Descriptor (DAD) password in the addadd form, or (5) a long cache directory name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "VU#750299",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/750299"
},
{
"name": "VU#878603",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/878603"
},
{
"name": "oracle-appserver-plsql-adddad-bo(8098)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8098"
},
{
"name": "CA-2002-08",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "VU#659043",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/659043"
},
{
"name": "oracle-appserver-plsql-cache-bo(8097)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8097"
},
{
"name": "oracle-appserver-plsql-authclient-bo(8096)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8096"
},
{
"name": "20020206 Multiple Buffer Overflows in Oracle 9iAS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://online.securityfocus.com/archive/1/254426"
},
{
"name": "VU#313280",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/313280"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"name": "4032",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4032"
},
{
"name": "oracle-appserver-plsql-bo(8095)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8095"
},
{
"name": "VU#923395",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/923395"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0559",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via (1) a long help page request without a dadname, which overflows the resulting HTTP Location header, (2) a long HTTP request to the plsql module, (3) a long password in the HTTP Authorization, (4) a long Access Descriptor (DAD) password in the addadd form, or (5) a long cache directory name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#750299",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/750299"
},
{
"name": "VU#878603",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/878603"
},
{
"name": "oracle-appserver-plsql-adddad-bo(8098)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8098"
},
{
"name": "CA-2002-08",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "VU#659043",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/659043"
},
{
"name": "oracle-appserver-plsql-cache-bo(8097)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8097"
},
{
"name": "oracle-appserver-plsql-authclient-bo(8096)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8096"
},
{
"name": "20020206 Multiple Buffer Overflows in Oracle 9iAS",
"refsource": "BUGTRAQ",
"url": "http://online.securityfocus.com/archive/1/254426"
},
{
"name": "VU#313280",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/313280"
},
{
"name": "http://www.nextgenss.com/papers/hpoas.pdf",
"refsource": "MISC",
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"name": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"name": "4032",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4032"
},
{
"name": "oracle-appserver-plsql-bo(8095)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8095"
},
{
"name": "VU#923395",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/923395"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0559",
"datePublished": "2002-06-11T04:00:00",
"dateReserved": "2002-06-07T00:00:00",
"dateUpdated": "2024-08-08T02:56:37.800Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1707
Vulnerability from cvelistv5
Published
2005-02-26 05:00
Modified
2024-08-08 01:00
Severity ?
EPSS score ?
Summary
The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/12205 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16839 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=109147677214087&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/10829 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:00:37.205Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "12205",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12205"
},
{
"name": "oracle-libraries-gain-privileges(16839)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16839"
},
{
"name": "20040802 OPEN3S - Local Privilege Elevation through Oracle products (Unix Platform)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109147677214087\u0026w=2"
},
{
"name": "10829",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10829"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-08-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "12205",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12205"
},
{
"name": "oracle-libraries-gain-privileges(16839)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16839"
},
{
"name": "20040802 OPEN3S - Local Privilege Elevation through Oracle products (Unix Platform)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=109147677214087\u0026w=2"
},
{
"name": "10829",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10829"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1707",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "12205",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12205"
},
{
"name": "oracle-libraries-gain-privileges(16839)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16839"
},
{
"name": "20040802 OPEN3S - Local Privilege Elevation through Oracle products (Unix Platform)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=109147677214087\u0026w=2"
},
{
"name": "10829",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10829"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1707",
"datePublished": "2005-02-26T05:00:00",
"dateReserved": "2005-02-26T00:00:00",
"dateUpdated": "2024-08-08T01:00:37.205Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1364
Vulnerability from cvelistv5
Published
2005-01-19 05:00
Modified
2024-08-08 00:46
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\bin directory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18658 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/archive/1/454861/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.kb.cert.org/vuls/id/316206 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.us-cert.gov/cas/techalerts/TA04-245A.html | third-party-advisory, x_refsource_CERT | |
| http://marc.info/?l=bugtraq&m=110382406002365&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/10871 | vdb-entry, x_refsource_BID | |
| http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf | x_refsource_CONFIRM | |
| http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1 | vendor-advisory, x_refsource_SUNALERT | |
| http://www.ngssoftware.com/advisories/oracle23122004B.txt | x_refsource_MISC | |
| http://www.0xdeadbeef.info/exploits/raptor_oraextproc.sql | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:46:12.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oracle-extproc-directory-traversal(18658)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18658"
},
{
"name": "20061219 Oracle \u003c= 9i / 10g (extproc) Local/Remote Command Execution Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/454861/100/0/threaded"
},
{
"name": "VU#316206",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "20041223 Oracle extproc directory traversal (#NISR23122004B)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110382406002365\u0026w=2"
},
{
"name": "10871",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "101782",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004B.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.0xdeadbeef.info/exploits/raptor_oraextproc.sql"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\\bin directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oracle-extproc-directory-traversal(18658)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18658"
},
{
"name": "20061219 Oracle \u003c= 9i / 10g (extproc) Local/Remote Command Execution Exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/454861/100/0/threaded"
},
{
"name": "VU#316206",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "20041223 Oracle extproc directory traversal (#NISR23122004B)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=110382406002365\u0026w=2"
},
{
"name": "10871",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "101782",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004B.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.0xdeadbeef.info/exploits/raptor_oraextproc.sql"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1364",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\\bin directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oracle-extproc-directory-traversal(18658)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18658"
},
{
"name": "20061219 Oracle \u003c= 9i / 10g (extproc) Local/Remote Command Execution Exploit",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/454861/100/0/threaded"
},
{
"name": "VU#316206",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "TA04-245A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"name": "20041223 Oracle extproc directory traversal (#NISR23122004B)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=110382406002365\u0026w=2"
},
{
"name": "10871",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10871"
},
{
"name": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "101782",
"refsource": "SUNALERT",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
},
{
"name": "http://www.ngssoftware.com/advisories/oracle23122004B.txt",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/advisories/oracle23122004B.txt"
},
{
"name": "http://www.0xdeadbeef.info/exploits/raptor_oraextproc.sql",
"refsource": "MISC",
"url": "http://www.0xdeadbeef.info/exploits/raptor_oraextproc.sql"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1364",
"datePublished": "2005-01-19T05:00:00",
"dateReserved": "2005-01-07T00:00:00",
"dateUpdated": "2024-08-08T00:46:12.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0638
Vulnerability from cvelistv5
Published
2005-01-19 05:00
Modified
2024-08-08 00:24
Severity ?
EPSS score ?
Summary
Buffer overflow in the KSDWRTB function in the dbms_system package (dbms_system.ksdwrt) for Oracle 9i Database Server Release 2 9.2.0.3 and 9.2.0.4, 9i Release 1 9.0.1.4 and 9.0.1.5, and 8i Release 1 8.1.7.4, allows remote authorized users to execute arbitrary code via a long second argument.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/17254 | vdb-entry, x_refsource_XF | |
| http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf | x_refsource_CONFIRM | |
| http://www.idefense.com/application/poi/display?id=135&type=vulnerabilities&flashstatus=false | third-party-advisory, x_refsource_IDEFENSE | |
| http://www.securityfocus.com/bid/11100 | vdb-entry, x_refsource_BID | |
| http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0178.html | mailing-list, x_refsource_FULLDISC | |
| http://www.red-database-security.com/advisory/advisory_20040903_3.htm | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:26.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oracle-dbmssystem-bo(17254)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17254"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "20040902 Oracle Database Server dbms_system.ksdwrt Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=135\u0026type=vulnerabilities\u0026flashstatus=false"
},
{
"name": "11100",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11100"
},
{
"name": "20040905 Buffer Overflow in DBMS_SYSTEM.KSDWRT() in Oracle8i - 9i",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0178.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.red-database-security.com/advisory/advisory_20040903_3.htm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the KSDWRTB function in the dbms_system package (dbms_system.ksdwrt) for Oracle 9i Database Server Release 2 9.2.0.3 and 9.2.0.4, 9i Release 1 9.0.1.4 and 9.0.1.5, and 8i Release 1 8.1.7.4, allows remote authorized users to execute arbitrary code via a long second argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oracle-dbmssystem-bo(17254)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17254"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "20040902 Oracle Database Server dbms_system.ksdwrt Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=135\u0026type=vulnerabilities\u0026flashstatus=false"
},
{
"name": "11100",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11100"
},
{
"name": "20040905 Buffer Overflow in DBMS_SYSTEM.KSDWRT() in Oracle8i - 9i",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0178.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.red-database-security.com/advisory/advisory_20040903_3.htm"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0638",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the KSDWRTB function in the dbms_system package (dbms_system.ksdwrt) for Oracle 9i Database Server Release 2 9.2.0.3 and 9.2.0.4, 9i Release 1 9.0.1.4 and 9.0.1.5, and 8i Release 1 8.1.7.4, allows remote authorized users to execute arbitrary code via a long second argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oracle-dbmssystem-bo(17254)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17254"
},
{
"name": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"name": "20040902 Oracle Database Server dbms_system.ksdwrt Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=135\u0026type=vulnerabilities\u0026flashstatus=false"
},
{
"name": "11100",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11100"
},
{
"name": "20040905 Buffer Overflow in DBMS_SYSTEM.KSDWRT() in Oracle8i - 9i",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0178.html"
},
{
"name": "http://www.red-database-security.com/advisory/advisory_20040903_3.htm",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/advisory_20040903_3.htm"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0638",
"datePublished": "2005-01-19T05:00:00",
"dateReserved": "2004-07-07T00:00:00",
"dateUpdated": "2024-08-08T00:24:26.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0843
Vulnerability from cvelistv5
Published
2002-10-05 04:00
Modified
2024-08-08 03:03
Severity ?
EPSS score ?
Summary
Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:03:49.279Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-188",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-188"
},
{
"name": "CLSA-2002:530",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com/atualizacoes/?id=a\u0026anuncio=000530"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://marc.info/?l=apache-httpd-announce\u0026m=103367938230488\u0026w=2"
},
{
"name": "ESA-20021007-024",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE",
"x_transferred"
],
"url": "http://www.linuxsecurity.com/advisories/other_advisory-2414.html"
},
{
"name": "5996",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5996"
},
{
"name": "IY87070",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR",
"x_transferred"
],
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IY87070\u0026apar=only"
},
{
"name": "20021105-01-I",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I"
},
{
"name": "HPSBUX0210-224",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://online.securityfocus.com/advisories/4617"
},
{
"name": "ADV-2006-3263",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/3263"
},
{
"name": "20021016 Apache 1.3.26",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0229.html"
},
{
"name": "000530",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com/atualizacoes/?id=a\u0026anuncio=000530"
},
{
"name": "DSA-187",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-187"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.apacheweek.com/issues/02-10-04"
},
{
"name": "5887",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5887"
},
{
"name": "DSA-195",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2002/dsa-195"
},
{
"name": "20021003 [OpenPKG-SA-2002.009] OpenPKG Security Advisory (apache)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103376585508776\u0026w=2"
},
{
"name": "MDKSA-2002:068",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=2871"
},
{
"name": "CLA-2002:530",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000530"
},
{
"name": "21425",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/21425"
},
{
"name": "20021017 TSLSA-2002-0069-apache",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html"
},
{
"name": "5995",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5995"
},
{
"name": "apache-apachebench-response-bo(10281)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/10281.php"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-10-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-06T10:08:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-188",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-188"
},
{
"name": "CLSA-2002:530",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com/atualizacoes/?id=a\u0026anuncio=000530"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://marc.info/?l=apache-httpd-announce\u0026m=103367938230488\u0026w=2"
},
{
"name": "ESA-20021007-024",
"tags": [
"vendor-advisory",
"x_refsource_ENGARDE"
],
"url": "http://www.linuxsecurity.com/advisories/other_advisory-2414.html"
},
{
"name": "5996",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5996"
},
{
"name": "IY87070",
"tags": [
"vendor-advisory",
"x_refsource_AIXAPAR"
],
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IY87070\u0026apar=only"
},
{
"name": "20021105-01-I",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I"
},
{
"name": "HPSBUX0210-224",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://online.securityfocus.com/advisories/4617"
},
{
"name": "ADV-2006-3263",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/3263"
},
{
"name": "20021016 Apache 1.3.26",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0229.html"
},
{
"name": "000530",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com/atualizacoes/?id=a\u0026anuncio=000530"
},
{
"name": "DSA-187",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-187"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.apacheweek.com/issues/02-10-04"
},
{
"name": "5887",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5887"
},
{
"name": "DSA-195",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2002/dsa-195"
},
{
"name": "20021003 [OpenPKG-SA-2002.009] OpenPKG Security Advisory (apache)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=103376585508776\u0026w=2"
},
{
"name": "MDKSA-2002:068",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=2871"
},
{
"name": "CLA-2002:530",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000530"
},
{
"name": "21425",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/21425"
},
{
"name": "20021017 TSLSA-2002-0069-apache",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html"
},
{
"name": "5995",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5995"
},
{
"name": "apache-apachebench-response-bo(10281)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/10281.php"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0843",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-188",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-188"
},
{
"name": "CLSA-2002:530",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com/atualizacoes/?id=a\u0026anuncio=000530"
},
{
"name": "http://marc.info/?l=apache-httpd-announce\u0026m=103367938230488\u0026w=2",
"refsource": "CONFIRM",
"url": "http://marc.info/?l=apache-httpd-announce\u0026m=103367938230488\u0026w=2"
},
{
"name": "ESA-20021007-024",
"refsource": "ENGARDE",
"url": "http://www.linuxsecurity.com/advisories/other_advisory-2414.html"
},
{
"name": "5996",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5996"
},
{
"name": "IY87070",
"refsource": "AIXAPAR",
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IY87070\u0026apar=only"
},
{
"name": "20021105-01-I",
"refsource": "SGI",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I"
},
{
"name": "HPSBUX0210-224",
"refsource": "HP",
"url": "http://online.securityfocus.com/advisories/4617"
},
{
"name": "ADV-2006-3263",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3263"
},
{
"name": "20021016 Apache 1.3.26",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0229.html"
},
{
"name": "000530",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com/atualizacoes/?id=a\u0026anuncio=000530"
},
{
"name": "DSA-187",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-187"
},
{
"name": "http://www.apacheweek.com/issues/02-10-04",
"refsource": "CONFIRM",
"url": "http://www.apacheweek.com/issues/02-10-04"
},
{
"name": "5887",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5887"
},
{
"name": "DSA-195",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2002/dsa-195"
},
{
"name": "20021003 [OpenPKG-SA-2002.009] OpenPKG Security Advisory (apache)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=103376585508776\u0026w=2"
},
{
"name": "MDKSA-2002:068",
"refsource": "MANDRAKE",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php"
},
{
"name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=2871",
"refsource": "CONFIRM",
"url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=2871"
},
{
"name": "CLA-2002:530",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000530"
},
{
"name": "21425",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/21425"
},
{
"name": "20021017 TSLSA-2002-0069-apache",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html"
},
{
"name": "5995",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5995"
},
{
"name": "apache-apachebench-response-bo(10281)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/10281.php"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E"
},
{
"name": "[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0843",
"datePublished": "2002-10-05T04:00:00",
"dateReserved": "2002-08-08T00:00:00",
"dateUpdated": "2024-08-08T03:03:49.279Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0271
Vulnerability from cvelistv5
Published
2006-01-18 11:00
Modified
2024-08-07 16:25
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Upgrade & Downgrade component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB28. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the DBMS_REGISTRY package in certain parameters to the (1) IS_COMPONENT, (2) GET_COMP_OPTION, (3) DISABLE_DDL_TRIGGERS, (4) SCRIPT_EXISTS, (5) COMP_PATH, (6) GATHER_STATS, (7) NOTHING_SCRIPT, and (8) VALIDATE_COMPONENTS functions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24321 | vdb-entry, x_refsource_XF | |
| http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html | x_refsource_MISC | |
| http://secunia.com/advisories/18493 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2006/0323 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/16287 | vdb-entry, x_refsource_BID | |
| http://www.kb.cert.org/vuls/id/545804 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.osvdb.org/22566 | vdb-entry, x_refsource_OSVDB | |
| http://securitytracker.com/id?1015499 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2006/0243 | vdb-entry, x_refsource_VUPEN | |
| http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html | x_refsource_CONFIRM | |
| http://secunia.com/advisories/18608 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:25:34.180Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oracle-january2006-update(24321)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html"
},
{
"name": "18493",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18493"
},
{
"name": "ADV-2006-0323",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name": "16287",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16287"
},
{
"name": "VU#545804",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/545804"
},
{
"name": "22566",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22566"
},
{
"name": "1015499",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015499"
},
{
"name": "ADV-2006-0243",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0243"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"name": "18608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18608"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Upgrade \u0026 Downgrade component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB28. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the DBMS_REGISTRY package in certain parameters to the (1) IS_COMPONENT, (2) GET_COMP_OPTION, (3) DISABLE_DDL_TRIGGERS, (4) SCRIPT_EXISTS, (5) COMP_PATH, (6) GATHER_STATS, (7) NOTHING_SCRIPT, and (8) VALIDATE_COMPONENTS functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oracle-january2006-update(24321)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html"
},
{
"name": "18493",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18493"
},
{
"name": "ADV-2006-0323",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name": "16287",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16287"
},
{
"name": "VU#545804",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/545804"
},
{
"name": "22566",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22566"
},
{
"name": "1015499",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015499"
},
{
"name": "ADV-2006-0243",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0243"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"name": "18608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18608"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0271",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Upgrade \u0026 Downgrade component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB28. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the DBMS_REGISTRY package in certain parameters to the (1) IS_COMPONENT, (2) GET_COMP_OPTION, (3) DISABLE_DDL_TRIGGERS, (4) SCRIPT_EXISTS, (5) COMP_PATH, (6) GATHER_STATS, (7) NOTHING_SCRIPT, and (8) VALIDATE_COMPONENTS functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oracle-january2006-update(24321)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"name": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html",
"refsource": "MISC",
"url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html"
},
{
"name": "18493",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18493"
},
{
"name": "ADV-2006-0323",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name": "16287",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16287"
},
{
"name": "VU#545804",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/545804"
},
{
"name": "22566",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22566"
},
{
"name": "1015499",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015499"
},
{
"name": "ADV-2006-0243",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0243"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"name": "18608",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18608"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0271",
"datePublished": "2006-01-18T11:00:00",
"dateReserved": "2006-01-18T00:00:00",
"dateUpdated": "2024-08-07T16:25:34.180Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2000-1180
Vulnerability from cvelistv5
Published
2001-05-07 04:00
Modified
2024-08-08 05:45
Severity ?
EPSS score ?
Summary
Buffer overflow in cmctl program in Oracle 8.1.5 Connection Manager Control allows local users to gain privileges via a long command line argument.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/5551 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=97474521003453&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/1968 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:45:37.377Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oracle-cmctl-bo(5551)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5551"
},
{
"name": "20001120 vulnerability in Connection Manager Control binary in Oracle",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=97474521003453\u0026w=2"
},
{
"name": "1968",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1968"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-11-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in cmctl program in Oracle 8.1.5 Connection Manager Control allows local users to gain privileges via a long command line argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oracle-cmctl-bo(5551)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5551"
},
{
"name": "20001120 vulnerability in Connection Manager Control binary in Oracle",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=97474521003453\u0026w=2"
},
{
"name": "1968",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1968"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-1180",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in cmctl program in Oracle 8.1.5 Connection Manager Control allows local users to gain privileges via a long command line argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oracle-cmctl-bo(5551)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5551"
},
{
"name": "20001120 vulnerability in Connection Manager Control binary in Oracle",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=97474521003453\u0026w=2"
},
{
"name": "1968",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1968"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-1180",
"datePublished": "2001-05-07T04:00:00",
"dateReserved": "2000-12-14T00:00:00",
"dateUpdated": "2024-08-08T05:45:37.377Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2000-0986
Vulnerability from cvelistv5
Published
2000-11-29 05:00
Modified
2024-08-08 05:37
Severity ?
EPSS score ?
Summary
Buffer overflow in Oracle 8.1.5 applications such as names, namesctl, onrsd, osslogin, tnslsnr, tnsping, trcasst, and trcroute possibly allow local users to gain privileges via a long ORACLE_HOME environmental variable.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/5390 | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/bugtraq/2000-10/0294.html | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:37:32.105Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oracle-home-bo(5390)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5390"
},
{
"name": "20001020 [ Hackerslab bug_paper ] Linux ORACLE 8.1.5 vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0294.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-10-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Oracle 8.1.5 applications such as names, namesctl, onrsd, osslogin, tnslsnr, tnsping, trcasst, and trcroute possibly allow local users to gain privileges via a long ORACLE_HOME environmental variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-18T21:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oracle-home-bo(5390)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5390"
},
{
"name": "20001020 [ Hackerslab bug_paper ] Linux ORACLE 8.1.5 vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0294.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0986",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Oracle 8.1.5 applications such as names, namesctl, onrsd, osslogin, tnslsnr, tnsping, trcasst, and trcroute possibly allow local users to gain privileges via a long ORACLE_HOME environmental variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oracle-home-bo(5390)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5390"
},
{
"name": "20001020 [ Hackerslab bug_paper ] Linux ORACLE 8.1.5 vulnerability",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0294.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0986",
"datePublished": "2000-11-29T05:00:00",
"dateReserved": "2000-11-24T00:00:00",
"dateUpdated": "2024-08-08T05:37:32.105Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0634
Vulnerability from cvelistv5
Published
2003-08-02 04:00
Modified
2024-08-08 01:58
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Oracle9i Database Release 2 and 1, and Oracle 8i, allows authenticated database users, and arbitrary database users in some cases, to execute arbitrary code via a long library name.
References
| ▼ | URL | Tags |
|---|---|---|
| http://otn.oracle.com/deploy/security/pdf/2003alert57.pdf | x_refsource_CONFIRM | |
| http://marc.info/?l=bugtraq&m=105916455814904&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/8267 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/12721 | vdb-entry, x_refsource_XF | |
| http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0105.html | mailing-list, x_refsource_VULNWATCH | |
| http://marc.info/?l=ntbugtraq&m=105915485303327&w=2 | mailing-list, x_refsource_NTBUGTRAQ | |
| http://www.kb.cert.org/vuls/id/936868 | third-party-advisory, x_refsource_CERT-VN | |
| http://marc.info/?l=bugtraq&m=105914979629857&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:58:11.082Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert57.pdf"
},
{
"name": "20030725 question about oracle advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105916455814904\u0026w=2"
},
{
"name": "8267",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/8267"
},
{
"name": "oracle-extproc-bo(12721)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12721"
},
{
"name": "20030912 Update to the Oracle EXTPROC advisory",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0105.html"
},
{
"name": "20030725 Oracle Extproc Buffer Overflow (#NISR25072003)",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=ntbugtraq\u0026m=105915485303327\u0026w=2"
},
{
"name": "VU#936868",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/936868"
},
{
"name": "20030725 Oracle Extproc Buffer Overflow (#NISR25072003)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105914979629857\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-07-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Oracle9i Database Release 2 and 1, and Oracle 8i, allows authenticated database users, and arbitrary database users in some cases, to execute arbitrary code via a long library name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert57.pdf"
},
{
"name": "20030725 question about oracle advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105916455814904\u0026w=2"
},
{
"name": "8267",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/8267"
},
{
"name": "oracle-extproc-bo(12721)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12721"
},
{
"name": "20030912 Update to the Oracle EXTPROC advisory",
"tags": [
"mailing-list",
"x_refsource_VULNWATCH"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0105.html"
},
{
"name": "20030725 Oracle Extproc Buffer Overflow (#NISR25072003)",
"tags": [
"mailing-list",
"x_refsource_NTBUGTRAQ"
],
"url": "http://marc.info/?l=ntbugtraq\u0026m=105915485303327\u0026w=2"
},
{
"name": "VU#936868",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/936868"
},
{
"name": "20030725 Oracle Extproc Buffer Overflow (#NISR25072003)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=105914979629857\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0634",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Oracle9i Database Release 2 and 1, and Oracle 8i, allows authenticated database users, and arbitrary database users in some cases, to execute arbitrary code via a long library name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://otn.oracle.com/deploy/security/pdf/2003alert57.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert57.pdf"
},
{
"name": "20030725 question about oracle advisory",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=105916455814904\u0026w=2"
},
{
"name": "8267",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/8267"
},
{
"name": "oracle-extproc-bo(12721)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12721"
},
{
"name": "20030912 Update to the Oracle EXTPROC advisory",
"refsource": "VULNWATCH",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0105.html"
},
{
"name": "20030725 Oracle Extproc Buffer Overflow (#NISR25072003)",
"refsource": "NTBUGTRAQ",
"url": "http://marc.info/?l=ntbugtraq\u0026m=105915485303327\u0026w=2"
},
{
"name": "VU#936868",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/936868"
},
{
"name": "20030725 Oracle Extproc Buffer Overflow (#NISR25072003)",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=105914979629857\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0634",
"datePublished": "2003-08-02T04:00:00",
"dateReserved": "2003-08-01T00:00:00",
"dateUpdated": "2024-08-08T01:58:11.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-0499
Vulnerability from cvelistv5
Published
2001-07-27 04:00
Modified
2024-08-08 04:21
Severity ?
EPSS score ?
Summary
Buffer overflow in Transparent Network Substrate (TNS) Listener in Oracle 8i 8.1.7 and earlier allows remote attackers to gain privileges via a long argument to the commands (1) STATUS, (2) PING, (3) SERVICES, (4) TRC_FILE, (5) SAVE_CONFIG, or (6) RELOAD.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.nai.com/research/covert/advisories/050.asp | vendor-advisory, x_refsource_NAI | |
| http://www.kb.cert.org/vuls/id/620495 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.securityfocus.com/bid/2941 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/6758 | vdb-entry, x_refsource_XF | |
| http://www.cert.org/advisories/CA-2001-16.html | third-party-advisory, x_refsource_CERT |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:21:38.508Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010627 Vulnerability in Oracle 8i TNS Listener",
"tags": [
"vendor-advisory",
"x_refsource_NAI",
"x_transferred"
],
"url": "http://www.nai.com/research/covert/advisories/050.asp"
},
{
"name": "VU#620495",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/620495"
},
{
"name": "2941",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/2941"
},
{
"name": "oracle-tns-listener-bo(6758)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6758"
},
{
"name": "CA-2001-16",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2001-16.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-06-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Transparent Network Substrate (TNS) Listener in Oracle 8i 8.1.7 and earlier allows remote attackers to gain privileges via a long argument to the commands (1) STATUS, (2) PING, (3) SERVICES, (4) TRC_FILE, (5) SAVE_CONFIG, or (6) RELOAD."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010627 Vulnerability in Oracle 8i TNS Listener",
"tags": [
"vendor-advisory",
"x_refsource_NAI"
],
"url": "http://www.nai.com/research/covert/advisories/050.asp"
},
{
"name": "VU#620495",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/620495"
},
{
"name": "2941",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/2941"
},
{
"name": "oracle-tns-listener-bo(6758)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6758"
},
{
"name": "CA-2001-16",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2001-16.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in Transparent Network Substrate (TNS) Listener in Oracle 8i 8.1.7 and earlier allows remote attackers to gain privileges via a long argument to the commands (1) STATUS, (2) PING, (3) SERVICES, (4) TRC_FILE, (5) SAVE_CONFIG, or (6) RELOAD."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010627 Vulnerability in Oracle 8i TNS Listener",
"refsource": "NAI",
"url": "http://www.nai.com/research/covert/advisories/050.asp"
},
{
"name": "VU#620495",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/620495"
},
{
"name": "2941",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/2941"
},
{
"name": "oracle-tns-listener-bo(6758)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6758"
},
{
"name": "CA-2001-16",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2001-16.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0499",
"datePublished": "2001-07-27T04:00:00",
"dateReserved": "2001-06-05T00:00:00",
"dateUpdated": "2024-08-08T04:21:38.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0561
Vulnerability from cvelistv5
Published
2002-06-11 04:00
Modified
2024-08-08 02:56
Severity ?
EPSS score ?
Summary
The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=101301813117562&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/4292 | vdb-entry, x_refsource_BID | |
| http://www.cert.org/advisories/CA-2002-08.html | third-party-advisory, x_refsource_CERT | |
| http://www.kb.cert.org/vuls/id/611776 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.nextgenss.com/papers/hpoas.pdf | x_refsource_MISC | |
| http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:37.356Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020206 Hackproofing Oracle Application Server paper",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"name": "4292",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4292"
},
{
"name": "CA-2002-08",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "VU#611776",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/611776"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020206 Hackproofing Oracle Application Server paper",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"name": "4292",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4292"
},
{
"name": "CA-2002-08",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "VU#611776",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/611776"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0561",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020206 Hackproofing Oracle Application Server paper",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"name": "4292",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4292"
},
{
"name": "CA-2002-08",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "VU#611776",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/611776"
},
{
"name": "http://www.nextgenss.com/papers/hpoas.pdf",
"refsource": "MISC",
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"name": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0561",
"datePublished": "2002-06-11T04:00:00",
"dateReserved": "2002-06-07T00:00:00",
"dateUpdated": "2024-08-08T02:56:37.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-0515
Vulnerability from cvelistv5
Published
2001-07-27 04:00
Modified
2024-08-08 04:21
Severity ?
EPSS score ?
Summary
Oracle Listener in Oracle 7.3 and 8i allows remote attackers to cause a denial of service via a malformed connection packet with a large offset_to_data value.
References
| ▼ | URL | Tags |
|---|---|---|
| http://xforce.iss.net/alerts/advise82.php | third-party-advisory, x_refsource_ISS | |
| http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:21:38.635Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010515 Multiple Oracle Listener Denial of Service Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_ISS",
"x_transferred"
],
"url": "http://xforce.iss.net/alerts/advise82.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-06-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Oracle Listener in Oracle 7.3 and 8i allows remote attackers to cause a denial of service via a malformed connection packet with a large offset_to_data value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-26T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010515 Multiple Oracle Listener Denial of Service Vulnerabilities",
"tags": [
"third-party-advisory",
"x_refsource_ISS"
],
"url": "http://xforce.iss.net/alerts/advise82.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0515",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Oracle Listener in Oracle 7.3 and 8i allows remote attackers to cause a denial of service via a malformed connection packet with a large offset_to_data value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010515 Multiple Oracle Listener Denial of Service Vulnerabilities",
"refsource": "ISS",
"url": "http://xforce.iss.net/alerts/advise82.php"
},
{
"name": "http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0515",
"datePublished": "2001-07-27T04:00:00",
"dateReserved": "2001-06-13T00:00:00",
"dateUpdated": "2024-08-08T04:21:38.635Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0262
Vulnerability from cvelistv5
Published
2006-01-18 11:00
Modified
2024-08-07 16:25
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Net Foundation Layer component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB08.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24321 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/18493 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2006/0323 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/16287 | vdb-entry, x_refsource_BID | |
| http://www.kb.cert.org/vuls/id/545804 | third-party-advisory, x_refsource_CERT-VN | |
| http://securitytracker.com/id?1015499 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2006/0243 | vdb-entry, x_refsource_VUPEN | |
| http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html | x_refsource_CONFIRM | |
| http://secunia.com/advisories/18608 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:25:34.063Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "oracle-january2006-update(24321)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"name": "18493",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18493"
},
{
"name": "ADV-2006-0323",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name": "16287",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16287"
},
{
"name": "VU#545804",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/545804"
},
{
"name": "1015499",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015499"
},
{
"name": "ADV-2006-0243",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0243"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"name": "18608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18608"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Net Foundation Layer component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB08."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "oracle-january2006-update(24321)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"name": "18493",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18493"
},
{
"name": "ADV-2006-0323",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name": "16287",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16287"
},
{
"name": "VU#545804",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/545804"
},
{
"name": "1015499",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015499"
},
{
"name": "ADV-2006-0243",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0243"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"name": "18608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18608"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0262",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Net Foundation Layer component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB08."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "oracle-january2006-update(24321)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"name": "18493",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18493"
},
{
"name": "ADV-2006-0323",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name": "16287",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16287"
},
{
"name": "VU#545804",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/545804"
},
{
"name": "1015499",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015499"
},
{
"name": "ADV-2006-0243",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0243"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"name": "18608",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18608"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0262",
"datePublished": "2006-01-18T11:00:00",
"dateReserved": "2006-01-18T00:00:00",
"dateUpdated": "2024-08-07T16:25:34.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2001-0326
Vulnerability from cvelistv5
Published
2001-05-07 04:00
Modified
2024-08-08 04:14
Severity ?
EPSS score ?
Summary
Oracle Java Virtual Machine (JVM ) for Oracle 8.1.7 and Oracle Application Server 9iAS Release 1.0.2.0.1 allows remote attackers to read arbitrary files via the .jsp and .sqljsp file extensions when the server is configured to use the <<ALL FILES>> FilePermission.
References
| ▼ | URL | Tags |
|---|---|---|
| http://archives.neohapsis.com/archives/bugtraq/2001-02/0255.html | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/6438 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/5706 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T04:14:07.386Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20010212 Solution for Potential Vunerability in Granting FilePermission to Oracle Java Virtual Machine",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0255.html"
},
{
"name": "oracle-jvm-file-permissions(6438)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6438"
},
{
"name": "5706",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/5706"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2001-02-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Oracle Java Virtual Machine (JVM ) for Oracle 8.1.7 and Oracle Application Server 9iAS Release 1.0.2.0.1 allows remote attackers to read arbitrary files via the .jsp and .sqljsp file extensions when the server is configured to use the \u003c\u003cALL FILES\u003e\u003e FilePermission."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-09-02T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20010212 Solution for Potential Vunerability in Granting FilePermission to Oracle Java Virtual Machine",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0255.html"
},
{
"name": "oracle-jvm-file-permissions(6438)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6438"
},
{
"name": "5706",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/5706"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2001-0326",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Oracle Java Virtual Machine (JVM ) for Oracle 8.1.7 and Oracle Application Server 9iAS Release 1.0.2.0.1 allows remote attackers to read arbitrary files via the .jsp and .sqljsp file extensions when the server is configured to use the \u003c\u003cALL FILES\u003e\u003e FilePermission."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20010212 Solution for Potential Vunerability in Granting FilePermission to Oracle Java Virtual Machine",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0255.html"
},
{
"name": "oracle-jvm-file-permissions(6438)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6438"
},
{
"name": "5706",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/5706"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2001-0326",
"datePublished": "2001-05-07T04:00:00",
"dateReserved": "2001-04-04T00:00:00",
"dateUpdated": "2024-08-08T04:14:07.386Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0552
Vulnerability from cvelistv5
Published
2006-02-04 11:00
Modified
2024-08-07 16:41
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the Net Listener component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, and 9.2.0.7 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB11.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.osvdb.org/22549 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/24321 | vdb-entry, x_refsource_XF | |
| http://secunia.com/advisories/18493 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.vupen.com/english/advisories/2006/0323 | vdb-entry, x_refsource_VUPEN | |
| http://www.securityfocus.com/bid/16287 | vdb-entry, x_refsource_BID | |
| http://www.kb.cert.org/vuls/id/545804 | third-party-advisory, x_refsource_CERT-VN | |
| http://securitytracker.com/id?1015499 | vdb-entry, x_refsource_SECTRACK | |
| http://www.vupen.com/english/advisories/2006/0243 | vdb-entry, x_refsource_VUPEN | |
| http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html | x_refsource_CONFIRM | |
| http://secunia.com/advisories/18608 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:41:28.978Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "22549",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22549"
},
{
"name": "oracle-january2006-update(24321)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"name": "18493",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18493"
},
{
"name": "ADV-2006-0323",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name": "16287",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16287"
},
{
"name": "VU#545804",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/545804"
},
{
"name": "1015499",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015499"
},
{
"name": "ADV-2006-0243",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0243"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"name": "18608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18608"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Net Listener component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, and 9.2.0.7 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB11."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "22549",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22549"
},
{
"name": "oracle-january2006-update(24321)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"name": "18493",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18493"
},
{
"name": "ADV-2006-0323",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name": "16287",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16287"
},
{
"name": "VU#545804",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/545804"
},
{
"name": "1015499",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015499"
},
{
"name": "ADV-2006-0243",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0243"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"name": "18608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18608"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0552",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the Net Listener component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, and 9.2.0.7 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB11."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "22549",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22549"
},
{
"name": "oracle-january2006-update(24321)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"name": "18493",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18493"
},
{
"name": "ADV-2006-0323",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"name": "16287",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16287"
},
{
"name": "VU#545804",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/545804"
},
{
"name": "1015499",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015499"
},
{
"name": "ADV-2006-0243",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0243"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"name": "18608",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18608"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0552",
"datePublished": "2006-02-04T11:00:00",
"dateReserved": "2006-02-04T00:00:00",
"dateUpdated": "2024-08-07T16:41:28.978Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0637
Vulnerability from cvelistv5
Published
2005-04-14 04:00
Modified
2024-08-08 00:24
Severity ?
EPSS score ?
Summary
Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload package, which is publicly accessible.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/11099 | vdb-entry, x_refsource_BID | |
| http://www.idefense.com/application/poi/display?id=136&type=vulnerabilities&flashstatus=true | third-party-advisory, x_refsource_IDEFENSE | |
| http://www.kb.cert.org/vuls/id/316206 | third-party-advisory, x_refsource_CERT-VN | |
| http://secunia.com/advisories/12409/ | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:24:26.763Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11099",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/11099"
},
{
"name": "20040902 Oracle Database Server ctxsys.driload Access Validation Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=136\u0026type=vulnerabilities\u0026flashstatus=true"
},
{
"name": "VU#316206",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "12409",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/12409/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-09-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload package, which is publicly accessible."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-04T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11099",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/11099"
},
{
"name": "20040902 Oracle Database Server ctxsys.driload Access Validation Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=136\u0026type=vulnerabilities\u0026flashstatus=true"
},
{
"name": "VU#316206",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "12409",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/12409/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0637",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload package, which is publicly accessible."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11099",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/11099"
},
{
"name": "20040902 Oracle Database Server ctxsys.driload Access Validation Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=136\u0026type=vulnerabilities\u0026flashstatus=true"
},
{
"name": "VU#316206",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"name": "12409",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/12409/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0637",
"datePublished": "2005-04-14T04:00:00",
"dateReserved": "2004-07-07T00:00:00",
"dateUpdated": "2024-08-08T00:24:26.763Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3641
Vulnerability from cvelistv5
Published
2005-11-16 21:17
Modified
2024-09-16 23:11
Severity ?
EPSS score ?
Summary
Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a valid username.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.ngssoftware.com/papers/database-on-xp.pdf | x_refsource_MISC | |
| http://www.securityfocus.com/bid/15450 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:23.439Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ngssoftware.com/papers/database-on-xp.pdf"
},
{
"name": "15450",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15450"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a valid username."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-16T21:17:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ngssoftware.com/papers/database-on-xp.pdf"
},
{
"name": "15450",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15450"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3641",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a valid username."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.ngssoftware.com/papers/database-on-xp.pdf",
"refsource": "MISC",
"url": "http://www.ngssoftware.com/papers/database-on-xp.pdf"
},
{
"name": "15450",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15450"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3641",
"datePublished": "2005-11-16T21:17:00Z",
"dateReserved": "2005-11-16T00:00:00Z",
"dateUpdated": "2024-09-16T23:11:46.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0858
Vulnerability from cvelistv5
Published
2002-08-20 04:00
Modified
2024-08-08 03:03
Severity ?
EPSS score ?
Summary
catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a default dbsnmp password, which allows attackers to perform restricted database operations and possibly gain other privileges.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=102918005402808&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.iss.net/security_center/static/9932.php | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/9476 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:03:49.252Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20020812 Vulnerability in Oracle",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102918005402808\u0026w=2"
},
{
"name": "oracle-catsnmp-default-account(9932)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9932.php"
},
{
"name": "9476",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/9476"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-08-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a default dbsnmp password, which allows attackers to perform restricted database operations and possibly gain other privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20020812 Vulnerability in Oracle",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=102918005402808\u0026w=2"
},
{
"name": "oracle-catsnmp-default-account(9932)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9932.php"
},
{
"name": "9476",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/9476"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0858",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a default dbsnmp password, which allows attackers to perform restricted database operations and possibly gain other privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20020812 Vulnerability in Oracle",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=102918005402808\u0026w=2"
},
{
"name": "oracle-catsnmp-default-account(9932)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9932.php"
},
{
"name": "9476",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/9476"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0858",
"datePublished": "2002-08-20T04:00:00",
"dateReserved": "2002-08-15T00:00:00",
"dateUpdated": "2024-08-08T03:03:49.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0567
Vulnerability from cvelistv5
Published
2003-04-02 05:00
Modified
2024-08-08 02:56
Severity ?
EPSS score ?
Summary
Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to the EXTPROC process.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.cert.org/advisories/CA-2002-08.html | third-party-advisory, x_refsource_CERT | |
| http://marc.info/?l=bugtraq&m=101301332402079&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://otn.oracle.com/deploy/security/pdf/plsextproc_alert.pdf | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/4033 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/8089 | vdb-entry, x_refsource_XF | |
| http://www.kb.cert.org/vuls/id/180147 | third-party-advisory, x_refsource_CERT-VN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:37.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "CA-2002-08",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "20020206 Remote Compromise in Oracle 9i Database Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101301332402079\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otn.oracle.com/deploy/security/pdf/plsextproc_alert.pdf"
},
{
"name": "4033",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4033"
},
{
"name": "oracle-plsql-remote-access(8089)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8089"
},
{
"name": "VU#180147",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/180147"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to the EXTPROC process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-06-15T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "CA-2002-08",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "20020206 Remote Compromise in Oracle 9i Database Server",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101301332402079\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otn.oracle.com/deploy/security/pdf/plsextproc_alert.pdf"
},
{
"name": "4033",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4033"
},
{
"name": "oracle-plsql-remote-access(8089)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8089"
},
{
"name": "VU#180147",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/180147"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0567",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to the EXTPROC process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "CA-2002-08",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "20020206 Remote Compromise in Oracle 9i Database Server",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101301332402079\u0026w=2"
},
{
"name": "http://otn.oracle.com/deploy/security/pdf/plsextproc_alert.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/plsextproc_alert.pdf"
},
{
"name": "4033",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4033"
},
{
"name": "oracle-plsql-remote-access(8089)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8089"
},
{
"name": "VU#180147",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/180147"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0567",
"datePublished": "2003-04-02T05:00:00",
"dateReserved": "2002-06-07T00:00:00",
"dateUpdated": "2024-08-08T02:56:37.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2002-0563
Vulnerability from cvelistv5
Published
2002-06-11 04:00
Modified
2024-08-08 02:56
Severity ?
EPSS score ?
Summary
The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without authentication, including Dynamic Monitoring Services (1) dms0, (2) dms/DMSDump, (3) servlet/DMSDump, (4) servlet/Spy, (5) soap/servlet/Spy, and (6) dms/AggreSpy; and Oracle Java Process Manager (7) oprocmgr-status and (8) oprocmgr-service, which can be used to control Java processes.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/4293 | vdb-entry, x_refsource_BID | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/8455 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=101301813117562&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.osvdb.org/13152 | vdb-entry, x_refsource_OSVDB | |
| http://www.cert.org/advisories/CA-2002-08.html | third-party-advisory, x_refsource_CERT | |
| http://securitytracker.com/id?1009167 | vdb-entry, x_refsource_SECTRACK | |
| http://www.appsecinc.com/Policy/PolicyCheck7024.html | x_refsource_MISC | |
| http://www.kb.cert.org/vuls/id/168795 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.nextgenss.com/papers/hpoas.pdf | x_refsource_MISC | |
| http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf | x_refsource_CONFIRM | |
| http://www.osvdb.org/705 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:56:37.326Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4293",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/4293"
},
{
"name": "oracle-appserver-apache-services(8455)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8455"
},
{
"name": "20020206 Hackproofing Oracle Application Server paper",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"name": "13152",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/13152"
},
{
"name": "CA-2002-08",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "1009167",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1009167"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.appsecinc.com/Policy/PolicyCheck7024.html"
},
{
"name": "VU#168795",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/168795"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"name": "705",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/705"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2002-02-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without authentication, including Dynamic Monitoring Services (1) dms0, (2) dms/DMSDump, (3) servlet/DMSDump, (4) servlet/Spy, (5) soap/servlet/Spy, and (6) dms/AggreSpy; and Oracle Java Process Manager (7) oprocmgr-status and (8) oprocmgr-service, which can be used to control Java processes."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4293",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/4293"
},
{
"name": "oracle-appserver-apache-services(8455)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8455"
},
{
"name": "20020206 Hackproofing Oracle Application Server paper",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"name": "13152",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/13152"
},
{
"name": "CA-2002-08",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "1009167",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1009167"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.appsecinc.com/Policy/PolicyCheck7024.html"
},
{
"name": "VU#168795",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/168795"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"name": "705",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/705"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-0563",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without authentication, including Dynamic Monitoring Services (1) dms0, (2) dms/DMSDump, (3) servlet/DMSDump, (4) servlet/Spy, (5) soap/servlet/Spy, and (6) dms/AggreSpy; and Oracle Java Process Manager (7) oprocmgr-status and (8) oprocmgr-service, which can be used to control Java processes."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4293",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4293"
},
{
"name": "oracle-appserver-apache-services(8455)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8455"
},
{
"name": "20020206 Hackproofing Oracle Application Server paper",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"name": "13152",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/13152"
},
{
"name": "CA-2002-08",
"refsource": "CERT",
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"name": "1009167",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1009167"
},
{
"name": "http://www.appsecinc.com/Policy/PolicyCheck7024.html",
"refsource": "MISC",
"url": "http://www.appsecinc.com/Policy/PolicyCheck7024.html"
},
{
"name": "VU#168795",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/168795"
},
{
"name": "http://www.nextgenss.com/papers/hpoas.pdf",
"refsource": "MISC",
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"name": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf",
"refsource": "CONFIRM",
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"name": "705",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/705"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-0563",
"datePublished": "2002-06-11T04:00:00",
"dateReserved": "2002-06-07T00:00:00",
"dateUpdated": "2024-08-08T02:56:37.326Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2002-07-03 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without authentication, including Dynamic Monitoring Services (1) dms0, (2) dms/DMSDump, (3) servlet/DMSDump, (4) servlet/Spy, (5) soap/servlet/Spy, and (6) dms/AggreSpy; and Oracle Java Process Manager (7) oprocmgr-status and (8) oprocmgr-service, which can be used to control Java processes.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | application_server | 1.0.2 | |
| oracle | application_server_web_cache | 2.0.0.0 | |
| oracle | application_server_web_cache | 2.0.0.1 | |
| oracle | application_server_web_cache | 2.0.0.2 | |
| oracle | application_server_web_cache | 2.0.0.3 | |
| oracle | oracle8i | 8.1.7 | |
| oracle | oracle8i | 8.1.7_.1 | |
| oracle | oracle9i | 9.0 | |
| oracle | oracle9i | 9.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC62E1B2-6964-4459-A1EF-A6A087C2960F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C272DE0-3717-40D0-99A6-2B4108BF85A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4959B7CD-218F-47A3-A604-629B69E1905B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6659ECF3-D355-4357-BB15-DAFA427FCD12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7B34A419-42C2-44FC-84C7-65699BA07120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5E0E5C6A-FFEA-4855-AE5D-65806B6AFA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7_.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11D27BB6-DFA0-4CB7-B546-0E00C096BF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2720EA-55FB-40B1-BE58-3E16628DA248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BB176D-7A94-4A91-89FC-9971E19FF7C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without authentication, including Dynamic Monitoring Services (1) dms0, (2) dms/DMSDump, (3) servlet/DMSDump, (4) servlet/Spy, (5) soap/servlet/Spy, and (6) dms/AggreSpy; and Oracle Java Process Manager (7) oprocmgr-status and (8) oprocmgr-service, which can be used to control Java processes."
}
],
"id": "CVE-2002-0563",
"lastModified": "2024-11-20T23:39:22.480",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-07-03T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1009167"
},
{
"source": "cve@mitre.org",
"url": "http://www.appsecinc.com/Policy/PolicyCheck7024.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/168795"
},
{
"source": "cve@mitre.org",
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/13152"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/705"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4293"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8455"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1009167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.appsecinc.com/Policy/PolicyCheck7024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/168795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/13152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8455"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-07-03 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to obtain sensitive information via the OWA_UTIL stored procedures (1) OWA_UTIL.signature, (2) OWA_UTIL.listprint, or (3) OWA_UTIL.show_query_columns.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | application_server | 1.0.2 | |
| oracle | application_server_web_cache | 2.0.0.0 | |
| oracle | application_server_web_cache | 2.0.0.1 | |
| oracle | application_server_web_cache | 2.0.0.2 | |
| oracle | application_server_web_cache | 2.0.0.3 | |
| oracle | oracle8i | 8.1.7 | |
| oracle | oracle8i | 8.1.7.1 | |
| oracle | oracle9i | 9.0 | |
| oracle | oracle9i | 9.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC62E1B2-6964-4459-A1EF-A6A087C2960F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C272DE0-3717-40D0-99A6-2B4108BF85A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4959B7CD-218F-47A3-A604-629B69E1905B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6659ECF3-D355-4357-BB15-DAFA427FCD12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7B34A419-42C2-44FC-84C7-65699BA07120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5E0E5C6A-FFEA-4855-AE5D-65806B6AFA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2607015-B358-4963-968C-777E2AE9650D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2720EA-55FB-40B1-BE58-3E16628DA248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BB176D-7A94-4A91-89FC-9971E19FF7C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to obtain sensitive information via the OWA_UTIL stored procedures (1) OWA_UTIL.signature, (2) OWA_UTIL.listprint, or (3) OWA_UTIL.show_query_columns."
}
],
"id": "CVE-2002-0560",
"lastModified": "2024-11-20T23:39:22.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-07-03T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/307835"
},
{
"source": "cve@mitre.org",
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4294"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/307835"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4294"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-04 04:00
Modified
2024-11-20 23:50
Severity ?
Summary
Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\bin directory.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD38E99A-864A-4E99-B6A5-12AACDA822E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFAE1E8A-644B-42FD-B149-89AD420BD7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8075E330-5819-4105-9BB7-4DCC3C0EAEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB346764-EDF2-4BE1-A273-C2CE9A173CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E59B89D9-AAF9-40CB-931C-EB4958491B99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C64888FB-133F-4930-8368-1BD2A4FB11A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "87DEB7BD-FB71-4C22-A0FF-89923B263DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BAAD1A33-4333-4AFB-8D49-1274AE345BA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "852BF209-3C6F-403B-920D-50C46D37515B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "335143DB-4538-49F4-BAFB-C47802318667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6A3E2D8-617C-4740-B662-F8884CE26BF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFBB096-523E-4634-ADC4-6CFB03F9577B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:collaboration_suite:release_1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D1A1DC8-A38C-4061-A825-C6CC2ED453E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBD7B7B5-4C37-4EC7-8B1D-66C1E5043E11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E237E5-9E1A-4F20-9A3D-E3418E3B1329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F57A5AE0-90B5-410E-8878-BD514C3B7946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7EAC35-E890-444A-B070-C91382F2E242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69568B66-122B-4946-B630-2960DAA1885E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6E1838-B4DA-4F62-8713-9E8D7E79CDF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3E4A5C-8D0F-4105-8618-26586BEDE84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D07FEA4F-B1C7-4250-81FD-AC1289769348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "78408427-3FFB-45C4-82EF-C8D636B3A718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager:9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3595689-13AE-4349-8684-D73D33D4A9FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53F57A30-BE27-4F93-B8E4-B0956007F625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_database_control:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F074FCED-60D9-4B07-8A6F-85A89C8CFC33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_grid_control:10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "016AFE8B-049D-4BA9-9270-E18DFDFDC61F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BF667575-AD5F-43D6-B7BF-F255C1A14A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C033CC3-1840-49A1-AB6E-3EC8CE1F0BEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6CEA97EC-FC86-4F53-A134-B98F25892BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_10.1_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E41C0DB6-CD92-4FDC-A705-83CFB92C062A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC43855-2664-42CC-87DD-3C90DB1430C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25A4D091-1D89-484E-A3F7-0F98F8814686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.5_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D96A60B5-7B83-4E94-AF2B-AF3DF28EE1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5C8D47-953E-41DF-9852-955611F6D387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6_.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4798CAE-9AAA-4623-85B2-309DB46DD28A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "121CF7A1-1710-4DA1-B7B6-028557D3FA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "616AD7A7-C8F3-4125-8E26-64109EA40730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7365AA-ACDA-461A-A84C-6B4FF04F295F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42C22E50-FDB8-4314-9F36-70D0130EAA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C65AC14-2AA0-4475-9932-E4AEA410CBCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA730ABB-F315-4F7F-B820-33C5558B05DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CE4E08-4892-419D-AC51-68DD42073092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF52682E-0AB7-4C3F-94D4-7B4A7E08F2C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C65C2671-2FFE-4461-A570-72E3BBC312D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6_.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA59E72F-ACC1-44F3-AE63-B42F1EB83F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CB4061-855C-4DAA-BDAD-AA1E68EFC1E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07F81AC9-DEBD-4B04-8753-C68BAE509B13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0785C55D-183D-42D8-A9F9-DBD297FE7F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8086BBDC-76BE-47C0-8F11-CEC57A23FC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.1:*:*:*:*:*:*:*",
"matchCriteriaId": "72BAAEF7-74CA-4C4F-8D52-AC4D5DE2E0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EECAE774-22F3-4872-9E05-A14376F3883D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:client_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAA7E8B-263B-40A2-B6D8-8A303A7D4358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:client_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "085FF0CB-B426-4DCB-9411-017A45280A60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ED4991B9-67A9-4EE9-A30F-27950BF3A3DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2201796B-013B-4440-B366-1F2966AA86FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "43C6FFA8-18A6-4EE1-BE10-A1B7F3C1A47E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F90F6C4F-CEF5-4172-97FC-617B71EAA636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FFA2A5C-B289-4505-85F5-7F6F0222B552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E876825-D6E5-4958-B737-4CE43A32BEC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E07567-754A-40C0-9428-D151880EE6F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6233345D-5100-404A-9B61-524D9679D9E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB739C3-A9BD-433F-8547-12BC615DB18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7231B057-9B7E-43CA-9E91-6DF74D6ADAE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D7A3CB-54CC-4CD9-9672-366233BF0CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58DB0B6B-EB97-448A-B63E-E5997382DD45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DA77BC6D-661F-46E9-B144-1587C1192B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "16F9C7F3-8140-4FEF-8319-64CE51B830AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68286D06-9EBA-4FBD-AB0B-D80993895416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C059683-E0A1-4E97-B393-CB6B0EACF7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5675664-7036-48D0-9524-0350F626D4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA9F3EE8-DA8B-4605-B70B-CFCA25B07C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0DE0FB4-3C1A-460D-B48E-11D7AF415A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "597EE9ED-6A95-46C7-BE83-ADEC6AA65341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DCAD9D1D-A7E5-4D88-B93B-C518BF1986AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E46FE2E-CA1A-4970-81FF-0BFFF2CF6849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE7A2B1-A161-4A20-9EEC-B1EF7F2E387C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D65D66A0-23F7-4110-AF71-05CBFB3F92F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F207CBC6-D186-418D-8F11-3E623530E00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB2708A-58D1-4F17-8504-3748D6667788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E83B1C7A-287A-405F-B44E-85F891183D2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34FC1E19-8F20-4215-8D90-E42EF7126BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CB172848-A873-4137-A335-AD034806A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B78BD7D2-7B48-438C-8C24-01C4007C1A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDCC0D1-32AD-4902-8383-2AA169C3F3BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2D4D70A8-A6FE-4F82-82F1-AB1E9C28FB35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7F64908D-FDAA-499B-8060-8A6EC2443418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E77BCF6E-0D09-4DAF-B147-D11FEEE7371C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\\bin directory."
}
],
"id": "CVE-2004-1364",
"lastModified": "2024-11-20T23:50:42.053",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110382406002365\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.0xdeadbeef.info/exploits/raptor_oraextproc.sql"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004B.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/454861/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110382406002365\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.0xdeadbeef.info/exploits/raptor_oraextproc.sql"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004B.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/454861/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18658"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-07-21 04:00
Modified
2024-11-20 23:35
Severity ?
Summary
Oracle Listener in Oracle 7.3 and 8i allows remote attackers to cause a denial of service via a malformed connection packet with a large offset_to_data value.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database_server:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "67EE7CCD-D1DC-43CF-862C-3183A5422720",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9459AC46-5095-4EEF-BD8B-4BBA3A5CE7B4",
"versionEndIncluding": "8.1.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EC58370-C10D-4559-81C8-C67B64EE2502",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Oracle Listener in Oracle 7.3 and 8i allows remote attackers to cause a denial of service via a malformed connection packet with a large offset_to_data value."
}
],
"id": "CVE-2001-0515",
"lastModified": "2024-11-20T23:35:32.907",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-07-21T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xforce.iss.net/alerts/advise82.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xforce.iss.net/alerts/advise82.php"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-04 04:00
Modified
2024-11-20 23:50
Severity ?
Summary
ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD38E99A-864A-4E99-B6A5-12AACDA822E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFAE1E8A-644B-42FD-B149-89AD420BD7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8075E330-5819-4105-9BB7-4DCC3C0EAEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB346764-EDF2-4BE1-A273-C2CE9A173CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E59B89D9-AAF9-40CB-931C-EB4958491B99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C64888FB-133F-4930-8368-1BD2A4FB11A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "87DEB7BD-FB71-4C22-A0FF-89923B263DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BAAD1A33-4333-4AFB-8D49-1274AE345BA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "852BF209-3C6F-403B-920D-50C46D37515B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "335143DB-4538-49F4-BAFB-C47802318667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6A3E2D8-617C-4740-B662-F8884CE26BF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFBB096-523E-4634-ADC4-6CFB03F9577B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:collaboration_suite:release_1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D1A1DC8-A38C-4061-A825-C6CC2ED453E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBD7B7B5-4C37-4EC7-8B1D-66C1E5043E11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E237E5-9E1A-4F20-9A3D-E3418E3B1329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F57A5AE0-90B5-410E-8878-BD514C3B7946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7EAC35-E890-444A-B070-C91382F2E242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69568B66-122B-4946-B630-2960DAA1885E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6E1838-B4DA-4F62-8713-9E8D7E79CDF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3E4A5C-8D0F-4105-8618-26586BEDE84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D07FEA4F-B1C7-4250-81FD-AC1289769348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "78408427-3FFB-45C4-82EF-C8D636B3A718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager:9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3595689-13AE-4349-8684-D73D33D4A9FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53F57A30-BE27-4F93-B8E4-B0956007F625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_database_control:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F074FCED-60D9-4B07-8A6F-85A89C8CFC33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_grid_control:10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "016AFE8B-049D-4BA9-9270-E18DFDFDC61F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BF667575-AD5F-43D6-B7BF-F255C1A14A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C033CC3-1840-49A1-AB6E-3EC8CE1F0BEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6CEA97EC-FC86-4F53-A134-B98F25892BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_10.1_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E41C0DB6-CD92-4FDC-A705-83CFB92C062A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC43855-2664-42CC-87DD-3C90DB1430C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25A4D091-1D89-484E-A3F7-0F98F8814686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.5_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D96A60B5-7B83-4E94-AF2B-AF3DF28EE1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5C8D47-953E-41DF-9852-955611F6D387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6_.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4798CAE-9AAA-4623-85B2-309DB46DD28A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "121CF7A1-1710-4DA1-B7B6-028557D3FA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "616AD7A7-C8F3-4125-8E26-64109EA40730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7365AA-ACDA-461A-A84C-6B4FF04F295F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42C22E50-FDB8-4314-9F36-70D0130EAA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C65AC14-2AA0-4475-9932-E4AEA410CBCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA730ABB-F315-4F7F-B820-33C5558B05DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CE4E08-4892-419D-AC51-68DD42073092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF52682E-0AB7-4C3F-94D4-7B4A7E08F2C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C65C2671-2FFE-4461-A570-72E3BBC312D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6_.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA59E72F-ACC1-44F3-AE63-B42F1EB83F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CB4061-855C-4DAA-BDAD-AA1E68EFC1E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07F81AC9-DEBD-4B04-8753-C68BAE509B13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0785C55D-183D-42D8-A9F9-DBD297FE7F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8086BBDC-76BE-47C0-8F11-CEC57A23FC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.1:*:*:*:*:*:*:*",
"matchCriteriaId": "72BAAEF7-74CA-4C4F-8D52-AC4D5DE2E0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EECAE774-22F3-4872-9E05-A14376F3883D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:client_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAA7E8B-263B-40A2-B6D8-8A303A7D4358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:client_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "085FF0CB-B426-4DCB-9411-017A45280A60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ED4991B9-67A9-4EE9-A30F-27950BF3A3DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2201796B-013B-4440-B366-1F2966AA86FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "43C6FFA8-18A6-4EE1-BE10-A1B7F3C1A47E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F90F6C4F-CEF5-4172-97FC-617B71EAA636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FFA2A5C-B289-4505-85F5-7F6F0222B552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E876825-D6E5-4958-B737-4CE43A32BEC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E07567-754A-40C0-9428-D151880EE6F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6233345D-5100-404A-9B61-524D9679D9E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB739C3-A9BD-433F-8547-12BC615DB18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7231B057-9B7E-43CA-9E91-6DF74D6ADAE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D7A3CB-54CC-4CD9-9672-366233BF0CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58DB0B6B-EB97-448A-B63E-E5997382DD45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DA77BC6D-661F-46E9-B144-1587C1192B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "16F9C7F3-8140-4FEF-8319-64CE51B830AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68286D06-9EBA-4FBD-AB0B-D80993895416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C059683-E0A1-4E97-B393-CB6B0EACF7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5675664-7036-48D0-9524-0350F626D4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA9F3EE8-DA8B-4605-B70B-CFCA25B07C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0DE0FB4-3C1A-460D-B48E-11D7AF415A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "597EE9ED-6A95-46C7-BE83-ADEC6AA65341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DCAD9D1D-A7E5-4D88-B93B-C518BF1986AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E46FE2E-CA1A-4970-81FF-0BFFF2CF6849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE7A2B1-A161-4A20-9EEC-B1EF7F2E387C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D65D66A0-23F7-4110-AF71-05CBFB3F92F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F207CBC6-D186-418D-8F11-3E623530E00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB2708A-58D1-4F17-8504-3748D6667788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E83B1C7A-287A-405F-B44E-85F891183D2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34FC1E19-8F20-4215-8D90-E42EF7126BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CB172848-A873-4137-A335-AD034806A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B78BD7D2-7B48-438C-8C24-01C4007C1A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDCC0D1-32AD-4902-8383-2AA169C3F3BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2D4D70A8-A6FE-4F82-82F1-AB1E9C28FB35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7F64908D-FDAA-499B-8060-8A6EC2443418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E77BCF6E-0D09-4DAF-B147-D11FEEE7371C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script."
}
],
"id": "CVE-2004-1368",
"lastModified": "2024-11-20T23:50:42.710",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110382264415387\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/435974"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004E.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18656"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110382264415387\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/435974"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004E.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18656"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-04 04:00
Modified
2024-11-20 23:50
Severity ?
Summary
Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD38E99A-864A-4E99-B6A5-12AACDA822E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFAE1E8A-644B-42FD-B149-89AD420BD7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8075E330-5819-4105-9BB7-4DCC3C0EAEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB346764-EDF2-4BE1-A273-C2CE9A173CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E59B89D9-AAF9-40CB-931C-EB4958491B99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C64888FB-133F-4930-8368-1BD2A4FB11A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "87DEB7BD-FB71-4C22-A0FF-89923B263DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BAAD1A33-4333-4AFB-8D49-1274AE345BA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "852BF209-3C6F-403B-920D-50C46D37515B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "335143DB-4538-49F4-BAFB-C47802318667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6A3E2D8-617C-4740-B662-F8884CE26BF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFBB096-523E-4634-ADC4-6CFB03F9577B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:collaboration_suite:release_1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D1A1DC8-A38C-4061-A825-C6CC2ED453E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:9i_application_server:*:*:*:*:*:*:*",
"matchCriteriaId": "0D51C24E-B1DB-4C48-A2C3-7A75C93E764B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBD7B7B5-4C37-4EC7-8B1D-66C1E5043E11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E237E5-9E1A-4F20-9A3D-E3418E3B1329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F57A5AE0-90B5-410E-8878-BD514C3B7946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7EAC35-E890-444A-B070-C91382F2E242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69568B66-122B-4946-B630-2960DAA1885E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6E1838-B4DA-4F62-8713-9E8D7E79CDF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3E4A5C-8D0F-4105-8618-26586BEDE84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D07FEA4F-B1C7-4250-81FD-AC1289769348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "78408427-3FFB-45C4-82EF-C8D636B3A718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager:9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3595689-13AE-4349-8684-D73D33D4A9FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53F57A30-BE27-4F93-B8E4-B0956007F625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_database_control:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F074FCED-60D9-4B07-8A6F-85A89C8CFC33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_grid_control:10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "016AFE8B-049D-4BA9-9270-E18DFDFDC61F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BF667575-AD5F-43D6-B7BF-F255C1A14A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C033CC3-1840-49A1-AB6E-3EC8CE1F0BEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6CEA97EC-FC86-4F53-A134-B98F25892BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_10.1_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E41C0DB6-CD92-4FDC-A705-83CFB92C062A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC43855-2664-42CC-87DD-3C90DB1430C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25A4D091-1D89-484E-A3F7-0F98F8814686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.5_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D96A60B5-7B83-4E94-AF2B-AF3DF28EE1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5C8D47-953E-41DF-9852-955611F6D387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6_.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4798CAE-9AAA-4623-85B2-309DB46DD28A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "121CF7A1-1710-4DA1-B7B6-028557D3FA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "616AD7A7-C8F3-4125-8E26-64109EA40730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7365AA-ACDA-461A-A84C-6B4FF04F295F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42C22E50-FDB8-4314-9F36-70D0130EAA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C65AC14-2AA0-4475-9932-E4AEA410CBCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA730ABB-F315-4F7F-B820-33C5558B05DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CE4E08-4892-419D-AC51-68DD42073092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF52682E-0AB7-4C3F-94D4-7B4A7E08F2C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C65C2671-2FFE-4461-A570-72E3BBC312D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6_.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA59E72F-ACC1-44F3-AE63-B42F1EB83F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CB4061-855C-4DAA-BDAD-AA1E68EFC1E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07F81AC9-DEBD-4B04-8753-C68BAE509B13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0785C55D-183D-42D8-A9F9-DBD297FE7F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8086BBDC-76BE-47C0-8F11-CEC57A23FC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.1:*:*:*:*:*:*:*",
"matchCriteriaId": "72BAAEF7-74CA-4C4F-8D52-AC4D5DE2E0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EECAE774-22F3-4872-9E05-A14376F3883D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:client_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAA7E8B-263B-40A2-B6D8-8A303A7D4358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:client_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "085FF0CB-B426-4DCB-9411-017A45280A60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ED4991B9-67A9-4EE9-A30F-27950BF3A3DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2201796B-013B-4440-B366-1F2966AA86FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "43C6FFA8-18A6-4EE1-BE10-A1B7F3C1A47E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F90F6C4F-CEF5-4172-97FC-617B71EAA636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FFA2A5C-B289-4505-85F5-7F6F0222B552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E876825-D6E5-4958-B737-4CE43A32BEC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E07567-754A-40C0-9428-D151880EE6F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6233345D-5100-404A-9B61-524D9679D9E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB739C3-A9BD-433F-8547-12BC615DB18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7231B057-9B7E-43CA-9E91-6DF74D6ADAE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D7A3CB-54CC-4CD9-9672-366233BF0CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58DB0B6B-EB97-448A-B63E-E5997382DD45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DA77BC6D-661F-46E9-B144-1587C1192B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "16F9C7F3-8140-4FEF-8319-64CE51B830AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68286D06-9EBA-4FBD-AB0B-D80993895416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C059683-E0A1-4E97-B393-CB6B0EACF7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5675664-7036-48D0-9524-0350F626D4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA9F3EE8-DA8B-4605-B70B-CFCA25B07C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0DE0FB4-3C1A-460D-B48E-11D7AF415A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "597EE9ED-6A95-46C7-BE83-ADEC6AA65341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DCAD9D1D-A7E5-4D88-B93B-C518BF1986AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E46FE2E-CA1A-4970-81FF-0BFFF2CF6849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE7A2B1-A161-4A20-9EEC-B1EF7F2E387C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D65D66A0-23F7-4110-AF71-05CBFB3F92F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F207CBC6-D186-418D-8F11-3E623530E00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB2708A-58D1-4F17-8504-3748D6667788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E83B1C7A-287A-405F-B44E-85F891183D2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34FC1E19-8F20-4215-8D90-E42EF7126BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CB172848-A873-4137-A335-AD034806A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B78BD7D2-7B48-438C-8C24-01C4007C1A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDCC0D1-32AD-4902-8383-2AA169C3F3BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2D4D70A8-A6FE-4F82-82F1-AB1E9C28FB35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7F64908D-FDAA-499B-8060-8A6EC2443418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E77BCF6E-0D09-4DAF-B147-D11FEEE7371C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure."
}
],
"id": "CVE-2004-1371",
"lastModified": "2024-11-20T23:50:43.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110382570313035\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004J.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110382570313035\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004J.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18666"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-12-19 05:00
Modified
2024-11-20 23:33
Severity ?
Summary
Buffer overflow in Oracle 8.1.5 applications such as names, namesctl, onrsd, osslogin, tnslsnr, tnsping, trcasst, and trcroute possibly allow local users to gain privileges via a long ORACLE_HOME environmental variable.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "42AF8B37-C5AA-4B92-A565-214A677C3486",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Oracle 8.1.5 applications such as names, namesctl, onrsd, osslogin, tnslsnr, tnsping, trcasst, and trcroute possibly allow local users to gain privileges via a long ORACLE_HOME environmental variable."
}
],
"id": "CVE-2000-0986",
"lastModified": "2024-11-20T23:33:44.607",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-12-19T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0294.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5390"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0294.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5390"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-01-18 11:03
Modified
2024-11-21 00:06
Severity ?
Summary
Unspecified vulnerability in the Net Foundation Layer component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB08.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | database_server | 8.1.7.4 | |
| oracle | oracle10g | enterprise_10.1.0.4 | |
| oracle | oracle10g | personal_10.1.0.4 | |
| oracle | oracle10g | standard_10.1.0.4 | |
| oracle | oracle8i | enterprise_8.1.7.4 | |
| oracle | oracle8i | standard_8.1.7.4 | |
| oracle | oracle9i | enterprise_9.0.1.5 | |
| oracle | oracle9i | enterprise_9.0.1.5_fips | |
| oracle | oracle9i | standard_9.2.0.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database_server:8.1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B559C62F-88A7-42D3-9629-9F5CAD43F8B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA52C2C2-64C3-40BA-86A1-C4A14BEB8CCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_10.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B33627F4-3E7D-4181-8171-2B65F8C60E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "41B5ED54-BAF4-41B3-8B09-F9795AB7A18A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CA3E2494-5BAE-425B-8F32-A4D2532B10C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "26FA45BE-C7AB-429C-A0A3-928BEC3E78E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F90F6C4F-CEF5-4172-97FC-617B71EAA636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.5_fips:*:*:*:*:*:*:*",
"matchCriteriaId": "61ECB215-482D-4E47-A1CE-169ADE17812B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E61851FB-AC6F-4E56-8CA8-F8CE97D65364",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Net Foundation Layer component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB08."
}
],
"id": "CVE-2006-0262",
"lastModified": "2024-11-21T00:06:03.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-01-18T11:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18493"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18608"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015499"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/545804"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16287"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0243"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18493"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/545804"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0243"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-03-12 05:00
Modified
2024-11-20 23:34
Severity ?
Summary
Oracle XSQL servlet 1.0.3.0 and earlier allows remote attackers to execute arbitrary Java code by redirecting the XSQL server to another source via the xml-stylesheet parameter in the xslt stylesheet.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5E0E5C6A-FFEA-4855-AE5D-65806B6AFA59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Oracle XSQL servlet 1.0.3.0 and earlier allows remote attackers to execute arbitrary Java code by redirecting the XSQL server to another source via the xml-stylesheet parameter in the xslt stylesheet."
}
],
"id": "CVE-2001-0126",
"lastModified": "2024-11-20T23:34:39.833",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-03-12T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=97906670012796\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=98027700625521\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=97906670012796\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=98027700625521\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5905"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-11-16 21:22
Modified
2024-11-21 00:02
Severity ?
Summary
Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a valid username.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | database_server | 7.0.2 | |
| oracle | database_server | 7.0.64 | |
| oracle | database_server | 7.1.3 | |
| oracle | database_server | 7.1.5 | |
| oracle | database_server | 7.3.3 | |
| oracle | database_server | 7.3.4 | |
| oracle | database_server | 8.0.1 | |
| oracle | database_server | 8.0.2 | |
| oracle | database_server | 8.0.3 | |
| oracle | database_server | 8.0.4 | |
| oracle | database_server | 8.0.5 | |
| oracle | database_server | 8.0.5.1 | |
| oracle | database_server | 8.0.6 | |
| oracle | database_server | 8.0.6.3 | |
| oracle | database_server | 8.1.5 | |
| oracle | database_server | 8.1.6 | |
| oracle | database_server | 8.1.7 | |
| oracle | database_server | 8.1.7.4 | |
| oracle | database_server_lite | 5.0 | |
| oracle | database_server_lite | 5.0.1.0.0 | |
| oracle | database_server_lite | 5.0.2.0.0 | |
| oracle | database_server_lite | 5.0.2.9.0 | |
| oracle | oracle10g | enterprise_9.0.4.0 | |
| oracle | oracle10g | enterprise_10.1.0.2 | |
| oracle | oracle10g | enterprise_10.1.0.3 | |
| oracle | oracle10g | enterprise_10.1.0.3.1 | |
| oracle | oracle10g | enterprise_10.1.0.4 | |
| oracle | oracle10g | personal_9.0.4.0 | |
| oracle | oracle10g | personal_10.1.0.2 | |
| oracle | oracle10g | personal_10.1.0.3 | |
| oracle | oracle10g | personal_10.1.0.3.1 | |
| oracle | oracle10g | personal_10.1.0.4 | |
| oracle | oracle10g | standard_9.0.4.0 | |
| oracle | oracle10g | standard_10.1.0.2 | |
| oracle | oracle10g | standard_10.1.0.3 | |
| oracle | oracle10g | standard_10.1.0.3.1 | |
| oracle | oracle10g | standard_10.1.0.4 | |
| oracle | oracle10g | standard_10.1.0.4.2 | |
| oracle | oracle8i | enterprise_8.0.5.0.0 | |
| oracle | oracle8i | enterprise_8.0.6.0.0 | |
| oracle | oracle8i | enterprise_8.0.6.0.1 | |
| oracle | oracle8i | enterprise_8.1.5.0.0 | |
| oracle | oracle8i | enterprise_8.1.5.0.2 | |
| oracle | oracle8i | enterprise_8.1.5.1.0 | |
| oracle | oracle8i | enterprise_8.1.6.0.0 | |
| oracle | oracle8i | enterprise_8.1.6.1.0 | |
| oracle | oracle8i | enterprise_8.1.7.0.0 | |
| oracle | oracle8i | enterprise_8.1.7.1.0 | |
| oracle | oracle8i | enterprise_8.1.7.4 | |
| oracle | oracle8i | standard_8.0.6 | |
| oracle | oracle8i | standard_8.0.6.3 | |
| oracle | oracle8i | standard_8.1.5 | |
| oracle | oracle8i | standard_8.1.6 | |
| oracle | oracle8i | standard_8.1.7 | |
| oracle | oracle8i | standard_8.1.7.0.0 | |
| oracle | oracle8i | standard_8.1.7.1 | |
| oracle | oracle8i | standard_8.1.7.4 | |
| oracle | oracle9i | enterprise_8.1.7 | |
| oracle | oracle9i | enterprise_9.0.1 | |
| oracle | oracle9i | enterprise_9.0.1.4 | |
| oracle | oracle9i | enterprise_9.0.1.5 | |
| oracle | oracle9i | enterprise_9.0.1.5_fips | |
| oracle | oracle9i | enterprise_9.0.2.4 | |
| oracle | oracle9i | enterprise_9.0.4 | |
| oracle | oracle9i | enterprise_9.2.0 | |
| oracle | oracle9i | enterprise_9.2.0.1 | |
| oracle | oracle9i | enterprise_9.2.0.2 | |
| oracle | oracle9i | enterprise_9.2.0.3 | |
| oracle | oracle9i | enterprise_9.2.0.5 | |
| oracle | oracle9i | enterprise_9.2.0.6 | |
| oracle | oracle9i | personal_8.1.7 | |
| oracle | oracle9i | personal_9.0.1 | |
| oracle | oracle9i | personal_9.0.1.4 | |
| oracle | oracle9i | personal_9.0.1.5 | |
| oracle | oracle9i | personal_9.0.1.5_fips | |
| oracle | oracle9i | personal_9.0.2.4 | |
| oracle | oracle9i | personal_9.0.4 | |
| oracle | oracle9i | personal_9.2 | |
| oracle | oracle9i | personal_9.2.0.1 | |
| oracle | oracle9i | personal_9.2.0.2 | |
| oracle | oracle9i | personal_9.2.0.3 | |
| oracle | oracle9i | personal_9.2.0.5 | |
| oracle | oracle9i | personal_9.2.0.6 | |
| oracle | oracle9i | standard_8.1.7 | |
| oracle | oracle9i | standard_9.0 | |
| oracle | oracle9i | standard_9.0.1 | |
| oracle | oracle9i | standard_9.0.1.2 | |
| oracle | oracle9i | standard_9.0.1.3 | |
| oracle | oracle9i | standard_9.0.1.4 | |
| oracle | oracle9i | standard_9.0.1.5 | |
| oracle | oracle9i | standard_9.0.1.5_fips | |
| oracle | oracle9i | standard_9.0.2 | |
| oracle | oracle9i | standard_9.0.2.4 | |
| oracle | oracle9i | standard_9.0.4 | |
| oracle | oracle9i | standard_9.2 | |
| oracle | oracle9i | standard_9.2.0.1 | |
| oracle | oracle9i | standard_9.2.0.2 | |
| oracle | oracle9i | standard_9.2.0.3 | |
| oracle | oracle9i | standard_9.2.0.5 | |
| oracle | oracle9i | standard_9.2.0.6 | |
| oracle | oracle9i | standard_9.2.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database_server:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DFD33B90-AC5F-42B2-9876-F1649D1CB574",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:7.0.64:*:*:*:*:*:*:*",
"matchCriteriaId": "68D8FF8C-87B9-47E8-8525-81090D736C7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:7.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6BB5FC-0E9D-4E94-B358-D95C7E3A7A7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:7.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E66ABE31-E910-40D3-A570-F06ADDBDE42F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:7.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE5CF5D-4649-4E3A-9328-47224065384F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:7.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE07BAF7-3A9A-426B-9536-72EAB8984A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3104552F-31AD-4CBE-8F6E-5E410D2F9EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F3651861-9C23-4AB1-B795-E44C912B8AB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F232E30-578B-440E-98FE-A52FF171F11E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E7675AD-40A0-4BC5-9823-3AC330EE95CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "92829B90-6F6A-4FAF-85A9-731D4F3212C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6EC6CED6-002B-4C69-A700-70FE667BAB9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9C84852A-1153-46A7-9B82-D05F4A6043D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FACC77BE-277F-47F9-B50A-2E9CF5D4A965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BB401046-E029-4CD1-A937-E9E70A081BF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "453891B9-C354-461F-97FA-330165B92255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ED700CB5-6896-41D1-ABEF-98FC159940F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B559C62F-88A7-42D3-9629-9F5CAD43F8B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server_lite:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E33A069-8301-4AD5-BDD3-8371DA394EE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server_lite:5.0.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6093302F-EE5E-4B62-8A23-D5D961C79874",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server_lite:5.0.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0EB6A60B-69A5-4659-B8DC-9BC8A2ED9CD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server_lite:5.0.2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7BAB55DF-D6DE-48EC-9AE3-478E49137339",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_9.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AC89D14C-4E08-475C-953C-D85A9EDFFEC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C033CC3-1840-49A1-AB6E-3EC8CE1F0BEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4E604B-6C0D-474F-A3A9-B07EF0A7D2E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8667E51F-86A9-4181-8FCC-BECC6F50913B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA52C2C2-64C3-40BA-86A1-C4A14BEB8CCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_9.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2A9B45B4-47D3-4803-9BDF-783E7CD3A522",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2C84E349-48A8-4800-A300-AACEC8659656",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_10.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "323353FE-7ECD-4668-BDB1-3E5CA8F3F9A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_10.1.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BD4237F0-BE51-4FCD-9CF1-83E54723390A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_10.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B33627F4-3E7D-4181-8171-2B65F8C60E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_9.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C4FB153-9C3F-4E22-BB42-D99793D4920F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C8975840-9843-4034-BBED-B31A9BA16DF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A39665-BB49-4135-9850-8CF9E69546FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2764001-8B54-47AD-A265-0C0B0F691A15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "41B5ED54-BAF4-41B3-8B09-F9795AB7A18A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1.0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D2EA2727-2F53-470F-AF58-1B33B7A5B7EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "18BFD76C-1BB0-4227-AD6E-D6CBC426900B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "390EFE5A-C0D0-4BC0-9B27-3D8D3039A651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C0CBCA0-A0D1-4B0D-ABA5-2DF86294259C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49EB78D7-01BA-4903-A7F7-F12608112E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34DC1C91-85DC-440C-8928-990496D74F75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62770611-5C6E-487F-A21D-5BA839466CA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F7210473-5E57-47A3-ADDE-9E8C4B3121B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA2CFD69-2241-4065-8BE2-F654B640EED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73D7AA72-29C3-45FB-87EF-D9AD087774FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "52AB4EEE-706E-4CB0-B805-63F514A6073E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CA3E2494-5BAE-425B-8F32-A4D2532B10C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C65C2671-2FFE-4461-A570-72E3BBC312D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BC0C29E8-E7CA-4C96-B32F-695808B99AF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CB4061-855C-4DAA-BDAD-AA1E68EFC1E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07F81AC9-DEBD-4B04-8753-C68BAE509B13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0785C55D-183D-42D8-A9F9-DBD297FE7F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6AA38C05-F2C0-435E-B4CC-4CF2C9733CFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BED1AEB7-AD53-463F-86F1-FD66F29672BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "26FA45BE-C7AB-429C-A0A3-928BEC3E78E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ED4991B9-67A9-4EE9-A30F-27950BF3A3DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2201796B-013B-4440-B366-1F2966AA86FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "43C6FFA8-18A6-4EE1-BE10-A1B7F3C1A47E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F90F6C4F-CEF5-4172-97FC-617B71EAA636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.5_fips:*:*:*:*:*:*:*",
"matchCriteriaId": "61ECB215-482D-4E47-A1CE-169ADE17812B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "4C6B754E-B3FB-4ECA-A166-B3C4AB900573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E121A29C-C1EB-47F9-B220-5B5C9EFA9A45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FFA2A5C-B289-4505-85F5-7F6F0222B552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E876825-D6E5-4958-B737-4CE43A32BEC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E07567-754A-40C0-9428-D151880EE6F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6233345D-5100-404A-9B61-524D9679D9E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7231B057-9B7E-43CA-9E91-6DF74D6ADAE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "3D9B1EAF-ED2D-4B3A-9EB7-5FEB9E6B684C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D7A3CB-54CC-4CD9-9672-366233BF0CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58DB0B6B-EB97-448A-B63E-E5997382DD45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DA77BC6D-661F-46E9-B144-1587C1192B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "16F9C7F3-8140-4FEF-8319-64CE51B830AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.5_fips:*:*:*:*:*:*:*",
"matchCriteriaId": "0F843A2C-2FC8-44E0-84C0-E20186A979CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "62C654BD-6BD7-47C1-9C6D-B488A10ABDC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "957E3BDA-D69B-4FD8-B72A-E8D7C3AB5833",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68286D06-9EBA-4FBD-AB0B-D80993895416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C059683-E0A1-4E97-B393-CB6B0EACF7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5675664-7036-48D0-9524-0350F626D4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA9F3EE8-DA8B-4605-B70B-CFCA25B07C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "597EE9ED-6A95-46C7-BE83-ADEC6AA65341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "50411FCF-8173-458D-B18A-4F7DE7E81A3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DCAD9D1D-A7E5-4D88-B93B-C518BF1986AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E46FE2E-CA1A-4970-81FF-0BFFF2CF6849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE7A2B1-A161-4A20-9EEC-B1EF7F2E387C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D65D66A0-23F7-4110-AF71-05CBFB3F92F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F207CBC6-D186-418D-8F11-3E623530E00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB2708A-58D1-4F17-8504-3748D6667788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E83B1C7A-287A-405F-B44E-85F891183D2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.5_fips:*:*:*:*:*:*:*",
"matchCriteriaId": "015C96B0-1B89-4ECA-B1BB-AEFFC398088C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34FC1E19-8F20-4215-8D90-E42EF7126BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A313CB63-641A-4984-88ED-FBAEB44AE0F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BE456956-255F-4BA6-B830-356512B5D2C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CB172848-A873-4137-A335-AD034806A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B78BD7D2-7B48-438C-8C24-01C4007C1A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDCC0D1-32AD-4902-8383-2AA169C3F3BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2D4D70A8-A6FE-4F82-82F1-AB1E9C28FB35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E77BCF6E-0D09-4DAF-B147-D11FEEE7371C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E61851FB-AC6F-4E56-8CA8-F8CE97D65364",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "99255D3E-41FF-4D2F-A11B-9563997F4110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Oracle Databases running on Windows XP with Simple File Sharing enabled, allows remote attackers to bypass authentication by supplying a valid username."
}
],
"id": "CVE-2005-3641",
"lastModified": "2024-11-21T00:02:19.423",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-16T21:22:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.ngssoftware.com/papers/database-on-xp.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ngssoftware.com/papers/database-on-xp.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15450"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-03-03 05:00
Modified
2024-11-20 23:43
Severity ?
Summary
Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3) a long DIRECTORY parameter to the BFILENAME function.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9C84852A-1153-46A7-9B82-D05F4A6043D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:9.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43116210-05B8-4241-9EC3-7697014A69A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:9.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA359418-31C5-4FCA-AA93-83AF15D3199A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5E0E5C6A-FFEA-4855-AE5D-65806B6AFA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2607015-B358-4963-968C-777E2AE9650D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2720EA-55FB-40B1-BE58-3E16628DA248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BB176D-7A94-4A91-89FC-9971E19FF7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F012561-EA9E-4665-AD81-0AC7655BA22A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF5BE7D-BB10-43E5-8910-626CB6032D64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "330BE6F7-144F-4188-84A4-6597AED71024",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3) a long DIRECTORY parameter to the BFILENAME function."
}
],
"id": "CVE-2003-0096",
"lastModified": "2024-11-20T23:43:56.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-03-03T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0073.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0075.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0083.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=104549743326864\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=104549782327321\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=104550346303295\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert48.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert49.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert50.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2003-05.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.ciac.org/ciac/bulletins/n-046.shtml"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/11325.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/11326.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/11327.php"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/663786"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/743954"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/840666"
},
{
"source": "cve@mitre.org",
"url": "http://www.nextgenss.com/advisories/ora-bfilebo.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.nextgenss.com/advisories/ora-tmstmpbo.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.nextgenss.com/advisories/ora-tzofstbo.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/6847"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/6848"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/6850"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0073.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0075.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0083.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=104549743326864\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=104549782327321\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=104550346303295\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert48.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert49.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert50.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2003-05.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ciac.org/ciac/bulletins/n-046.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/11325.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/11326.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/11327.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/663786"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/743954"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/840666"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nextgenss.com/advisories/ora-bfilebo.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nextgenss.com/advisories/ora-tmstmpbo.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nextgenss.com/advisories/ora-tzofstbo.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/6847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/6848"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/6850"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-07-21 04:00
Modified
2024-11-20 23:35
Severity ?
Summary
Oracle listener between Oracle 9i and Oracle 8.0 allows remote attackers to cause a denial of service via a malformed connection packet that contains an incorrect requester_version value that does not match an expected offset to the data.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:oracle8i:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC8C65AE-EF3B-4B02-B260-B32FB674956D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:*:*:*:*:*:*:*:*",
"matchCriteriaId": "795F83D5-953C-4BBF-896F-DBDAB813BAE2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Oracle listener between Oracle 9i and Oracle 8.0 allows remote attackers to cause a denial of service via a malformed connection packet that contains an incorrect requester_version value that does not match an expected offset to the data."
}
],
"id": "CVE-2001-0516",
"lastModified": "2024-11-20T23:35:33.050",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-07-21T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xforce.iss.net/alerts/advise82.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xforce.iss.net/alerts/advise82.php"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-10-11 04:00
Modified
2024-11-20 23:40
Severity ?
Summary
Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| apache | http_server | 1.3 | |
| apache | http_server | 1.3.1 | |
| apache | http_server | 1.3.3 | |
| apache | http_server | 1.3.4 | |
| apache | http_server | 1.3.6 | |
| apache | http_server | 1.3.9 | |
| apache | http_server | 1.3.11 | |
| apache | http_server | 1.3.12 | |
| apache | http_server | 1.3.14 | |
| apache | http_server | 1.3.17 | |
| apache | http_server | 1.3.18 | |
| apache | http_server | 1.3.19 | |
| apache | http_server | 1.3.20 | |
| apache | http_server | 1.3.22 | |
| apache | http_server | 1.3.23 | |
| apache | http_server | 1.3.24 | |
| apache | http_server | 1.3.25 | |
| apache | http_server | 1.3.26 | |
| oracle | application_server | 1.0.2 | |
| oracle | application_server | 1.0.2.1s | |
| oracle | application_server | 1.0.2.2 | |
| oracle | application_server | 9.0.2 | |
| oracle | application_server | 9.0.2 | |
| oracle | application_server | 9.0.2.1 | |
| oracle | database_server | 8.1.7 | |
| oracle | database_server | 9.2.2 | |
| oracle | oracle8i | 8.1.7 | |
| oracle | oracle8i | 8.1.7.0.0_enterprise | |
| oracle | oracle8i | 8.1.7.1 | |
| oracle | oracle8i | 8.1.7.1.0_enterprise |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "28EC1F94-04F3-490A-8324-1EB60EEBAD4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30D94958-0D13-4076-B6F0-61D505136789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B22DA22E-54DA-46CF-B3AE-4B0900D8086A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F90F496A-5D57-448F-A46F-E15F06CBFD01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "89B58983-633F-4D20-80AE-8E7EB865CF83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "19C8989C-D8A6-4AE9-99B6-F2DAE5999EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6EE0E2-D608-4E72-A0E5-F407511405C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "33FD6791-3B84-40CA-BCF4-B5637B172F2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDD2F69-CFD4-4DEA-B43A-1337EEFA95A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "0A80B17D-FD66-40BD-9ADC-FE7A3944A696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "713ADED4-CBE5-40C3-A128-99CFABF24560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "70FA0B8E-1A90-4939-871A-38B9E93BCCC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "83BDEAE5-29B9-48E3-93FA-F30832044C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A2720E06-1B0E-4BFE-8C85-A17E597BB151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE1DECF-36C7-4968-8B7A-7A2034C2A957",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*",
"matchCriteriaId": "B67BD173-8517-4E97-BC65-D9657C63601A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*",
"matchCriteriaId": "B392A96F-FD2F-4073-8EED-EB31E1F20FE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*",
"matchCriteriaId": "E130104B-86F5-411E-8AC0-9B4B780BCA00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC62E1B2-6964-4459-A1EF-A6A087C2960F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.2.1s:*:*:*:*:*:*:*",
"matchCriteriaId": "6A6F28FD-6EAD-4EDD-B9A1-0B120D0F0919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4ED2EB-1E90-4E99-AAD6-5D838800F9B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFAE1E8A-644B-42FD-B149-89AD420BD7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "0C57D5C2-EEFC-432B-BAF6-57984578186C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E59B89D9-AAF9-40CB-931C-EB4958491B99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ED700CB5-6896-41D1-ABEF-98FC159940F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:9.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA359418-31C5-4FCA-AA93-83AF15D3199A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5E0E5C6A-FFEA-4855-AE5D-65806B6AFA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7.0.0_enterprise:*:*:*:*:*:*:*",
"matchCriteriaId": "A42CA4B3-410B-401C-98A7-A20348BAB97B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2607015-B358-4963-968C-777E2AE9650D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7.1.0_enterprise:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7D907B-CABC-40ED-8ABD-C4C659550EB6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response."
},
{
"lang": "es",
"value": "Desbordamientos de b\u00fafer en el programa de soporte ApacheBench (ab.c) en Apache anteriores a 1.3.27, y Apache 2.x anteriores a 2.0.43, permite a un servidor web malicioso causar una denegaci\u00f3n de servicio y posiblemente ejecutar c\u00f3digo arbitrario mediante una respuesta larga."
}
],
"id": "CVE-2002-0843",
"lastModified": "2024-11-20T23:40:00.543",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-10-11T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0229.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000530"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com/atualizacoes/?id=a\u0026anuncio=000530"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com/atualizacoes/?id=a\u0026anuncio=000530"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=apache-httpd-announce\u0026m=103367938230488\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=103376585508776\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://online.securityfocus.com/advisories/4617"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/21425"
},
{
"source": "cve@mitre.org",
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IY87070\u0026apar=only"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.apacheweek.com/issues/02-10-04"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2002/dsa-187"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2002/dsa-188"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2002/dsa-195"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/10281.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.linuxsecurity.com/advisories/other_advisory-2414.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5887"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5995"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5996"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/3263"
},
{
"source": "cve@mitre.org",
"url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=2871"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0229.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com/atualizacoes/?id=a\u0026anuncio=000530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com/atualizacoes/?id=a\u0026anuncio=000530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=apache-httpd-announce\u0026m=103367938230488\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=103376585508776\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://online.securityfocus.com/advisories/4617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/21425"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www-1.ibm.com/support/search.wss?rs=0\u0026q=IY87070\u0026apar=only"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.apacheweek.com/issues/02-10-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2002/dsa-187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2002/dsa-188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2002/dsa-195"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/10281.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.linuxsecurity.com/advisories/other_advisory-2414.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5887"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5995"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5996"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/3263"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18\u0026ID=2871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Fixed in Apache HTTP Server 1.3.27:\nhttp://httpd.apache.org/security/vulnerabilities_13.html",
"lastModified": "2008-07-02T00:00:00",
"organization": "Apache"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:49
Severity ?
Summary
Buffer overflow in the KSDWRTB function in the dbms_system package (dbms_system.ksdwrt) for Oracle 9i Database Server Release 2 9.2.0.3 and 9.2.0.4, 9i Release 1 9.0.1.4 and 9.0.1.5, and 8i Release 1 8.1.7.4, allows remote authorized users to execute arbitrary code via a long second argument.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | oracle8i | enterprise_8.1.7.4 | |
| oracle | oracle8i | standard_8.1.7.4 | |
| oracle | oracle9i | enterprise_9.0.1.4 | |
| oracle | oracle9i | enterprise_9.0.1.5 | |
| oracle | oracle9i | enterprise_9.2.0.3 | |
| oracle | oracle9i | enterprise_9.2.0.4 | |
| oracle | oracle9i | personal_9.0.1.4 | |
| oracle | oracle9i | personal_9.0.1.5 | |
| oracle | oracle9i | personal_9.2.0.3 | |
| oracle | oracle9i | personal_9.2.0.4 | |
| oracle | oracle9i | standard_9.0.1.4 | |
| oracle | oracle9i | standard_9.0.1.5 | |
| oracle | oracle9i | standard_9.2.0.3 | |
| oracle | oracle9i | standard_9.2.0.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CA3E2494-5BAE-425B-8F32-A4D2532B10C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "26FA45BE-C7AB-429C-A0A3-928BEC3E78E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "43C6FFA8-18A6-4EE1-BE10-A1B7F3C1A47E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F90F6C4F-CEF5-4172-97FC-617B71EAA636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6233345D-5100-404A-9B61-524D9679D9E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB739C3-A9BD-433F-8547-12BC615DB18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DA77BC6D-661F-46E9-B144-1587C1192B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "16F9C7F3-8140-4FEF-8319-64CE51B830AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA9F3EE8-DA8B-4605-B70B-CFCA25B07C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0DE0FB4-3C1A-460D-B48E-11D7AF415A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB2708A-58D1-4F17-8504-3748D6667788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E83B1C7A-287A-405F-B44E-85F891183D2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2D4D70A8-A6FE-4F82-82F1-AB1E9C28FB35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7F64908D-FDAA-499B-8060-8A6EC2443418",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the KSDWRTB function in the dbms_system package (dbms_system.ksdwrt) for Oracle 9i Database Server Release 2 9.2.0.3 and 9.2.0.4, 9i Release 1 9.0.1.4 and 9.0.1.5, and 8i Release 1 8.1.7.4, allows remote authorized users to execute arbitrary code via a long second argument."
}
],
"id": "CVE-2004-0638",
"lastModified": "2024-11-20T23:49:02.493",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.5,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 6.8,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0178.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=135\u0026type=vulnerabilities\u0026flashstatus=false"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.red-database-security.com/advisory/advisory_20040903_3.htm"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/11100"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17254"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2004-09/0178.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=135\u0026type=vulnerabilities\u0026flashstatus=false"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.red-database-security.com/advisory/advisory_20040903_3.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/11100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17254"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-09-02 04:00
Modified
2024-11-20 23:49
Severity ?
Summary
Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload package, which is publicly accessible.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://secunia.com/advisories/12409/ | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.idefense.com/application/poi/display?id=136&type=vulnerabilities&flashstatus=true | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.kb.cert.org/vuls/id/316206 | Patch, Third Party Advisory, US Government Resource | |
| cve@mitre.org | http://www.securityfocus.com/bid/11099 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/12409/ | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.idefense.com/application/poi/display?id=136&type=vulnerabilities&flashstatus=true | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/316206 | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/11099 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF52682E-0AB7-4C3F-94D4-7B4A7E08F2C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EECAE774-22F3-4872-9E05-A14376F3883D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB739C3-A9BD-433F-8547-12BC615DB18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0DE0FB4-3C1A-460D-B48E-11D7AF415A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F207CBC6-D186-418D-8F11-3E623530E00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7F64908D-FDAA-499B-8060-8A6EC2443418",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload package, which is publicly accessible."
}
],
"id": "CVE-2004-0637",
"lastModified": "2024-11-20T23:49:02.337",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-09-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12409/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=136\u0026type=vulnerabilities\u0026flashstatus=true"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/11099"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12409/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=136\u0026type=vulnerabilities\u0026flashstatus=true"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/11099"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-01-18 11:03
Modified
2024-11-21 00:06
Severity ?
Summary
Unspecified vulnerability in the Upgrade & Downgrade component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB28. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the DBMS_REGISTRY package in certain parameters to the (1) IS_COMPONENT, (2) GET_COMP_OPTION, (3) DISABLE_DDL_TRIGGERS, (4) SCRIPT_EXISTS, (5) COMP_PATH, (6) GATHER_STATS, (7) NOTHING_SCRIPT, and (8) VALIDATE_COMPONENTS functions.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database_server:8.1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B559C62F-88A7-42D3-9629-9F5CAD43F8B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA52C2C2-64C3-40BA-86A1-C4A14BEB8CCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_10.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B33627F4-3E7D-4181-8171-2B65F8C60E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "41B5ED54-BAF4-41B3-8B09-F9795AB7A18A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CA3E2494-5BAE-425B-8F32-A4D2532B10C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "26FA45BE-C7AB-429C-A0A3-928BEC3E78E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F90F6C4F-CEF5-4172-97FC-617B71EAA636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "397FC5F3-27E7-4BD7-9348-E671640327FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Upgrade \u0026 Downgrade component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB28. NOTE: details are unavailable from Oracle, but they have not publicly disputed a claim by a reliable independent researcher that states that the problem is SQL injection in the DBMS_REGISTRY package in certain parameters to the (1) IS_COMPONENT, (2) GET_COMP_OPTION, (3) DISABLE_DDL_TRIGGERS, (4) SCRIPT_EXISTS, (5) COMP_PATH, (6) GATHER_STATS, (7) NOTHING_SCRIPT, and (8) VALIDATE_COMPONENTS functions."
}
],
"id": "CVE-2006-0271",
"lastModified": "2024-11-21T00:06:04.250",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-01-18T11:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18493"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18608"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015499"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/545804"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22566"
},
{
"source": "cve@mitre.org",
"url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16287"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0243"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18493"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/545804"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.red-database-security.com/advisory/oracle_cpu_jan_2006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0243"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-12-19 05:00
Modified
2024-11-20 23:33
Severity ?
Summary
Buffer overflow in oidldapd in Oracle 8.1.6 allow local users to gain privileges via a long "connect" command line parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | internet_directory | 2.0.6 | |
| oracle | oracle8i | 8.1.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:internet_directory:2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58CD5369-4262-421D-BC2C-C3E9986A5471",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EC58370-C10D-4559-81C8-C67B64EE2502",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in oidldapd in Oracle 8.1.6 allow local users to gain privileges via a long \"connect\" command line parameter."
}
],
"id": "CVE-2000-0987",
"lastModified": "2024-11-20T23:33:44.767",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-12-19T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/140340"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/140709"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5401"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/140340"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/archive/1/140709"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5401"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-01-09 05:00
Modified
2024-11-20 23:34
Severity ?
Summary
Buffer overflow in cmctl program in Oracle 8.1.5 Connection Manager Control allows local users to gain privileges via a long command line argument.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "42AF8B37-C5AA-4B92-A565-214A677C3486",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in cmctl program in Oracle 8.1.5 Connection Manager Control allows local users to gain privileges via a long command line argument."
}
],
"id": "CVE-2000-1180",
"lastModified": "2024-11-20T23:34:11.580",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-01-09T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=97474521003453\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1968"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=97474521003453\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/1968"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5551"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-02-04 11:02
Modified
2024-11-21 00:06
Severity ?
Summary
Unspecified vulnerability in the Net Listener component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, and 9.2.0.7 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB11.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:10g_enterprise_manager_grid_control:10.1_.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "916550D9-3EFA-40D6-BB9E-39B07EF745CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:10g_enterprise_manager_grid_control:10.1_.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "187A6276-9004-4D45-B9B5-FFECABC48CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4ED2EB-1E90-4E99-AAD6-5D838800F9B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.2.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "117EF4D2-3EA8-410E-8721-31C3C41A7B56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "335143DB-4538-49F4-BAFB-C47802318667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFBB096-523E-4634-ADC4-6CFB03F9577B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D809B0B7-70EF-47C5-B91F-923E999CA7FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D94B7D50-4527-4C14-8A50-D4C0566F36BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:10.1.2.0.0:r2:*:*:*:*:*:*",
"matchCriteriaId": "FE7CAAFD-C15A-4124-933F-C6CCFF35BB06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:10.1.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FB8F5AAE-0365-4E01-AB04-CDC6D58B00B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:10.1.2.0.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "58B58DAF-FDF2-4A07-97E1-3CDE2A84670E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:10.1.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F0B4BAA9-D045-4D2B-8220-47F47ED936DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:10.1.2.0.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "A4C5E780-C03A-46DB-85A2-2471AF377206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:10.1.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FE6C4D36-D9D1-4143-94AA-D8E08F23D2E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:collaboration_suite:9.0.4.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "3341ECC8-1E5F-4436-B056-9CA2BAF659E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:collaboration_suite:10.1.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "1B8347DA-6C8E-4AFB-BBB1-A34F1339F5B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:collaboration_suite:10.1.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "98A6CD5A-A66F-4A07-B4FC-09B71B776CEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:collaboration_suite:release_1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D1A1DC8-A38C-4061-A825-C6CC2ED453E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9C84852A-1153-46A7-9B82-D05F4A6043D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FACC77BE-277F-47F9-B50A-2E9CF5D4A965",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B559C62F-88A7-42D3-9629-9F5CAD43F8B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:developer_suite:9.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "831A8D0C-6ABC-43EB-A762-526ED2620C14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:developer_suite:9.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D276CCCB-3975-496A-B97B-C155BFA7E959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:developer_suite:9.0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E85E0292-DF98-4EA4-8DCE-3C94E94A12EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:developer_suite:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "94034D25-B0BA-4B4F-89F3-50227D75B8C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBD7B7B5-4C37-4EC7-8B1D-66C1E5043E11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E237E5-9E1A-4F20-9A3D-E3418E3B1329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F57A5AE0-90B5-410E-8878-BD514C3B7946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7EAC35-E890-444A-B070-C91382F2E242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69568B66-122B-4946-B630-2960DAA1885E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6E1838-B4DA-4F62-8713-9E8D7E79CDF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3E4A5C-8D0F-4105-8618-26586BEDE84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D07FEA4F-B1C7-4250-81FD-AC1289769348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "78408427-3FFB-45C4-82EF-C8D636B3A718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C9B1BE09-4A96-41A3-AA1D-74533F396998",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterpriseone:8.95.f1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D118CD-2C73-4AC8-9028-C828262507F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterpriseone:sp23_l1:*:*:*:*:*:*:*",
"matchCriteriaId": "780466DC-6192-4BC0-B1A7-18C70AC4A276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CD4E604B-6C0D-474F-A3A9-B07EF0A7D2E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AA52C2C2-64C3-40BA-86A1-C4A14BEB8CCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_10.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "323353FE-7ECD-4668-BDB1-3E5CA8F3F9A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_10.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B33627F4-3E7D-4181-8171-2B65F8C60E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D0A39665-BB49-4135-9850-8CF9E69546FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "41B5ED54-BAF4-41B3-8B09-F9795AB7A18A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1.0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D2EA2727-2F53-470F-AF58-1B33B7A5B7EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0EAD20B6-258F-4093-BEE0-99F11D61A61F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8B900301-8AC5-43BD-BD2B-639419885820",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CA3E2494-5BAE-425B-8F32-A4D2532B10C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C65C2671-2FFE-4461-A570-72E3BBC312D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BC0C29E8-E7CA-4C96-B32F-695808B99AF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "26FA45BE-C7AB-429C-A0A3-928BEC3E78E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "43C6FFA8-18A6-4EE1-BE10-A1B7F3C1A47E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F90F6C4F-CEF5-4172-97FC-617B71EAA636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.5_fips:*:*:*:*:*:*:*",
"matchCriteriaId": "61ECB215-482D-4E47-A1CE-169ADE17812B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E61851FB-AC6F-4E56-8CA8-F8CE97D65364",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "397FC5F3-27E7-4BD7-9348-E671640327FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_portal:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1146E890-0911-4BFB-A1C2-6E158C8EA0A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_portal:8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "B19179B0-0048-43D8-B632-66B4788AB1FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_portal:8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "98E19B32-0C02-4E53-AAD4-B95FB6CA7D36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:workflow:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ABD884F9-1511-4221-A1C7-3B18076222A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:workflow:11.5.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C3C6DF37-B648-445C-B17A-D232B35DD639",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the Net Listener component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, and 9.2.0.7 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB11."
}
],
"id": "CVE-2006-0552",
"lastModified": "2024-11-21T00:06:43.807",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-02-04T11:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/18493"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18608"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015499"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/545804"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22549"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/16287"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0243"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/18493"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/545804"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/16287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0243"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24321"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-07-21 04:00
Modified
2024-11-20 23:35
Severity ?
Summary
Transparent Network Substrate (TNS) over Net8 (SQLNet) in Oracle 8i 8.1.7 and earlier allows remote attackers to cause a denial of service via a malformed SQLNet connection request with a large offset in the header extension.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:oracle8i:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9459AC46-5095-4EEF-BD8B-4BBA3A5CE7B4",
"versionEndIncluding": "8.1.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Transparent Network Substrate (TNS) over Net8 (SQLNet) in Oracle 8i 8.1.7 and earlier allows remote attackers to cause a denial of service via a malformed SQLNet connection request with a large offset in the header extension."
}
],
"id": "CVE-2001-0498",
"lastModified": "2024-11-20T23:35:30.793",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-07-21T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.nai.com/research/covert/advisories/049.asp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nai.com/research/covert/advisories/049.asp"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-03-03 05:00
Modified
2024-11-20 23:43
Severity ?
Summary
Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authentication, as demonstrated using LOADPSP.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9C84852A-1153-46A7-9B82-D05F4A6043D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:9.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43116210-05B8-4241-9EC3-7697014A69A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:9.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA359418-31C5-4FCA-AA93-83AF15D3199A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5E0E5C6A-FFEA-4855-AE5D-65806B6AFA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2607015-B358-4963-968C-777E2AE9650D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2720EA-55FB-40B1-BE58-3E16628DA248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BB176D-7A94-4A91-89FC-9971E19FF7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F012561-EA9E-4665-AD81-0AC7655BA22A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF5BE7D-BB10-43E5-8910-626CB6032D64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "330BE6F7-144F-4188-84A4-6597AED71024",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authentication, as demonstrated using LOADPSP."
}
],
"id": "CVE-2003-0095",
"lastModified": "2024-11-20T23:43:56.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-03-03T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=104549693426042\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert51.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2003-05.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.ciac.org/ciac/bulletins/n-046.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/11328.php"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/953746"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/6319"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/6849"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=104549693426042\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert51.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2003-05.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ciac.org/ciac/bulletins/n-046.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/11328.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/953746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/6319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/6849"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-07-03 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://marc.info/?l=bugtraq&m=101301813117562&w=2 | ||
| cve@mitre.org | http://www.cert.org/advisories/CA-2002-08.html | Patch, Third Party Advisory, US Government Resource | |
| cve@mitre.org | http://www.kb.cert.org/vuls/id/476619 | Patch, Third Party Advisory, US Government Resource | |
| cve@mitre.org | http://www.nextgenss.com/papers/hpoas.pdf | ||
| cve@mitre.org | http://www.securityfocus.com/bid/4290 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=101301813117562&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.cert.org/advisories/CA-2002-08.html | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/476619 | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.nextgenss.com/papers/hpoas.pdf | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/4290 | Vendor Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC62E1B2-6964-4459-A1EF-A6A087C2960F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5E0E5C6A-FFEA-4855-AE5D-65806B6AFA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2607015-B358-4963-968C-777E2AE9650D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2720EA-55FB-40B1-BE58-3E16628DA248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BB176D-7A94-4A91-89FC-9971E19FF7C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Oracle 9i Application Server stores XSQL and SOAP configuration files insecurely, which allows local users to obtain sensitive information including usernames and passwords by requesting (1) XSQLConfig.xml or (2) soapConfig.xml through a virtual directory."
}
],
"id": "CVE-2002-0568",
"lastModified": "2024-11-20T23:39:23.147",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-07-03T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/476619"
},
{
"source": "cve@mitre.org",
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/476619"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4290"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-07-03 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to cause a denial of service (crash) via an HTTP Authorization header without an authentication type.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.cert.org/advisories/CA-2002-08.html | Patch, Third Party Advisory, US Government Resource | |
| cve@mitre.org | http://www.kb.cert.org/vuls/id/805915 | US Government Resource | |
| cve@mitre.org | http://www.securityfocus.com/bid/4037 | Patch, Vendor Advisory | |
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/8099 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.cert.org/advisories/CA-2002-08.html | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/805915 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/4037 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/8099 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | application_server | 1.0.2 | |
| oracle | application_server_web_cache | 2.0.0.0 | |
| oracle | application_server_web_cache | 2.0.0.1 | |
| oracle | application_server_web_cache | 2.0.0.2 | |
| oracle | application_server_web_cache | 2.0.0.3 | |
| oracle | oracle8i | 8.1.7 | |
| oracle | oracle8i | 8.1.7_.1 | |
| oracle | oracle9i | 9.0 | |
| oracle | oracle9i | 9.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC62E1B2-6964-4459-A1EF-A6A087C2960F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C272DE0-3717-40D0-99A6-2B4108BF85A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4959B7CD-218F-47A3-A604-629B69E1905B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6659ECF3-D355-4357-BB15-DAFA427FCD12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7B34A419-42C2-44FC-84C7-65699BA07120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5E0E5C6A-FFEA-4855-AE5D-65806B6AFA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7_.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11D27BB6-DFA0-4CB7-B546-0E00C096BF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2720EA-55FB-40B1-BE58-3E16628DA248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BB176D-7A94-4A91-89FC-9971E19FF7C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to cause a denial of service (crash) via an HTTP Authorization header without an authentication type."
}
],
"id": "CVE-2002-0566",
"lastModified": "2024-11-20T23:39:22.863",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-07-03T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/805915"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4037"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8099"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/805915"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8099"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-07-21 04:00
Modified
2024-11-20 23:35
Severity ?
Summary
Oracle listener in Oracle 8i on Solaris allows remote attackers to cause a denial of service via a malformed connection packet with a maximum transport data size that is set to 0.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EC58370-C10D-4559-81C8-C67B64EE2502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5E0E5C6A-FFEA-4855-AE5D-65806B6AFA59",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Oracle listener in Oracle 8i on Solaris allows remote attackers to cause a denial of service via a malformed connection packet with a maximum transport data size that is set to 0."
}
],
"id": "CVE-2001-0517",
"lastModified": "2024-11-20T23:35:33.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-07-21T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/5590"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xforce.iss.net/alerts/advise82.php"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6715"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/5590"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xforce.iss.net/alerts/advise82.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6715"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-10-28 05:00
Modified
2024-11-20 23:40
Severity ?
Summary
TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and Oracle 8i 8.1.x, allows remote attackers to cause a denial of service (hang or crash) via a SERVICE_CURLOAD command.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | oracle8i | 8.1.5 | |
| oracle | oracle8i | 8.1.5.0.0_enterprise | |
| oracle | oracle8i | 8.1.5.0.2_enterprise | |
| oracle | oracle8i | 8.1.5.1.0_enterprise | |
| oracle | oracle8i | 8.1.6 | |
| oracle | oracle8i | 8.1.6.0.0_enterprise | |
| oracle | oracle8i | 8.1.6.1.0_enterprise | |
| oracle | oracle8i | 8.1.7 | |
| oracle | oracle8i | 8.1.7.0.0_enterprise | |
| oracle | oracle8i | 8.1.7.1 | |
| oracle | oracle8i | 8.1.7.1.0_enterprise | |
| oracle | oracle9i | 9.0 | |
| oracle | oracle9i | 9.0.1 | |
| oracle | oracle9i | 9.0.1.2 | |
| oracle | oracle9i | 9.0.1_3 | |
| oracle | oracle9i | 9.0.2 | |
| oracle | oracle9i | release_2_9.2.1 | |
| oracle | oracle9i | release_2_9.2.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "42AF8B37-C5AA-4B92-A565-214A677C3486",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.5.0.0_enterprise:*:*:*:*:*:*:*",
"matchCriteriaId": "7D6E1F05-FE4C-4657-8C9B-A3719A270B02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.5.0.2_enterprise:*:*:*:*:*:*:*",
"matchCriteriaId": "A2DFCB53-E8AC-4EAC-877B-9EBFAF10FEE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.5.1.0_enterprise:*:*:*:*:*:*:*",
"matchCriteriaId": "2A6E382C-1CBF-481C-9CFA-8EAA3579C269",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EC58370-C10D-4559-81C8-C67B64EE2502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.6.0.0_enterprise:*:*:*:*:*:*:*",
"matchCriteriaId": "4BF058A9-6CB7-4529-B4CE-FAD3E9F875DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.6.1.0_enterprise:*:*:*:*:*:*:*",
"matchCriteriaId": "689A1890-747E-4E3D-94CE-5CEF37A64ACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5E0E5C6A-FFEA-4855-AE5D-65806B6AFA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7.0.0_enterprise:*:*:*:*:*:*:*",
"matchCriteriaId": "A42CA4B3-410B-401C-98A7-A20348BAB97B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2607015-B358-4963-968C-777E2AE9650D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7.1.0_enterprise:*:*:*:*:*:*:*",
"matchCriteriaId": "2C7D907B-CABC-40ED-8ABD-C4C659550EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2720EA-55FB-40B1-BE58-3E16628DA248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BB176D-7A94-4A91-89FC-9971E19FF7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F012561-EA9E-4665-AD81-0AC7655BA22A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1_3:*:*:*:*:*:*:*",
"matchCriteriaId": "1AD638E3-B54A-44E8-A82D-721D6D211D02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "330BE6F7-144F-4188-84A4-6597AED71024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:release_2_9.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A742D865-D856-4E44-8C18-82A40E2D85D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:release_2_9.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7C190DB-8DA7-4858-A646-A62567AFF689",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and Oracle 8i 8.1.x, allows remote attackers to cause a denial of service (hang or crash) via a SERVICE_CURLOAD command."
},
{
"lang": "es",
"value": "El escuchador TNS en Oracle Net Services de Oracle 9i 9.2.x y 9.0.x, y Oracle 8i 8.1.x, permite a atacantes remotos causar una denegaci\u00f3n de servicio (cuelgue o ca\u00edda) mediante un comando SERVICE_CURLOAD."
}
],
"id": "CVE-2002-1118",
"lastModified": "2024-11-20T23:40:38.260",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-10-28T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0017.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2002alert42rev1.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/10283.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5678"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2002alert42rev1.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.iss.net/security_center/static/10283.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5678"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-07-03 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to bypass authentication for a Database Access Descriptor (DAD) by modifying the URL to reference an alternate DAD that already has valid credentials.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://marc.info/?l=bugtraq&m=101301813117562&w=2 | ||
| cve@mitre.org | http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.cert.org/advisories/CA-2002-08.html | US Government Resource | |
| cve@mitre.org | http://www.kb.cert.org/vuls/id/193523 | Patch, Third Party Advisory, US Government Resource | |
| cve@mitre.org | http://www.nextgenss.com/papers/hpoas.pdf | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=101301813117562&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.cert.org/advisories/CA-2002-08.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/193523 | Patch, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.nextgenss.com/papers/hpoas.pdf |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | application_server | 1.0.2 | |
| oracle | application_server_web_cache | 2.0.0.0 | |
| oracle | application_server_web_cache | 2.0.0.1 | |
| oracle | application_server_web_cache | 2.0.0.2 | |
| oracle | application_server_web_cache | 2.0.0.3 | |
| oracle | oracle8i | 8.1.7 | |
| oracle | oracle8i | 8.1.7.1 | |
| oracle | oracle9i | 9.0 | |
| oracle | oracle9i | 9.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC62E1B2-6964-4459-A1EF-A6A087C2960F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C272DE0-3717-40D0-99A6-2B4108BF85A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4959B7CD-218F-47A3-A604-629B69E1905B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6659ECF3-D355-4357-BB15-DAFA427FCD12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7B34A419-42C2-44FC-84C7-65699BA07120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5E0E5C6A-FFEA-4855-AE5D-65806B6AFA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2607015-B358-4963-968C-777E2AE9650D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2720EA-55FB-40B1-BE58-3E16628DA248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BB176D-7A94-4A91-89FC-9971E19FF7C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to bypass authentication for a Database Access Descriptor (DAD) by modifying the URL to reference an alternate DAD that already has valid credentials."
}
],
"id": "CVE-2002-0564",
"lastModified": "2024-11-20T23:39:22.610",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-07-03T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/193523"
},
{
"source": "cve@mitre.org",
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/193523"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-04 04:00
Modified
2024-11-20 23:50
Severity ?
Summary
The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote attackers to bypass access restrictions for certain procedures via an encoded URL with "%FF" encoded sequences that are improperly converted to "Y" characters.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD38E99A-864A-4E99-B6A5-12AACDA822E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFAE1E8A-644B-42FD-B149-89AD420BD7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8075E330-5819-4105-9BB7-4DCC3C0EAEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB346764-EDF2-4BE1-A273-C2CE9A173CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E59B89D9-AAF9-40CB-931C-EB4958491B99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C64888FB-133F-4930-8368-1BD2A4FB11A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "87DEB7BD-FB71-4C22-A0FF-89923B263DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BAAD1A33-4333-4AFB-8D49-1274AE345BA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "852BF209-3C6F-403B-920D-50C46D37515B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "335143DB-4538-49F4-BAFB-C47802318667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6A3E2D8-617C-4740-B662-F8884CE26BF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFBB096-523E-4634-ADC4-6CFB03F9577B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:collaboration_suite:release_1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D1A1DC8-A38C-4061-A825-C6CC2ED453E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBD7B7B5-4C37-4EC7-8B1D-66C1E5043E11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E237E5-9E1A-4F20-9A3D-E3418E3B1329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F57A5AE0-90B5-410E-8878-BD514C3B7946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7EAC35-E890-444A-B070-C91382F2E242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69568B66-122B-4946-B630-2960DAA1885E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6E1838-B4DA-4F62-8713-9E8D7E79CDF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3E4A5C-8D0F-4105-8618-26586BEDE84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D07FEA4F-B1C7-4250-81FD-AC1289769348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "78408427-3FFB-45C4-82EF-C8D636B3A718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager:9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3595689-13AE-4349-8684-D73D33D4A9FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53F57A30-BE27-4F93-B8E4-B0956007F625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_database_control:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F074FCED-60D9-4B07-8A6F-85A89C8CFC33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_grid_control:10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "016AFE8B-049D-4BA9-9270-E18DFDFDC61F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BF667575-AD5F-43D6-B7BF-F255C1A14A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C033CC3-1840-49A1-AB6E-3EC8CE1F0BEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6CEA97EC-FC86-4F53-A134-B98F25892BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_10.1_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E41C0DB6-CD92-4FDC-A705-83CFB92C062A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC43855-2664-42CC-87DD-3C90DB1430C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25A4D091-1D89-484E-A3F7-0F98F8814686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.5_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D96A60B5-7B83-4E94-AF2B-AF3DF28EE1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5C8D47-953E-41DF-9852-955611F6D387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6_.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4798CAE-9AAA-4623-85B2-309DB46DD28A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "121CF7A1-1710-4DA1-B7B6-028557D3FA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "616AD7A7-C8F3-4125-8E26-64109EA40730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7365AA-ACDA-461A-A84C-6B4FF04F295F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42C22E50-FDB8-4314-9F36-70D0130EAA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C65AC14-2AA0-4475-9932-E4AEA410CBCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA730ABB-F315-4F7F-B820-33C5558B05DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CE4E08-4892-419D-AC51-68DD42073092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF52682E-0AB7-4C3F-94D4-7B4A7E08F2C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C65C2671-2FFE-4461-A570-72E3BBC312D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6_.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA59E72F-ACC1-44F3-AE63-B42F1EB83F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CB4061-855C-4DAA-BDAD-AA1E68EFC1E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07F81AC9-DEBD-4B04-8753-C68BAE509B13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0785C55D-183D-42D8-A9F9-DBD297FE7F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8086BBDC-76BE-47C0-8F11-CEC57A23FC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.1:*:*:*:*:*:*:*",
"matchCriteriaId": "72BAAEF7-74CA-4C4F-8D52-AC4D5DE2E0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EECAE774-22F3-4872-9E05-A14376F3883D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:client_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAA7E8B-263B-40A2-B6D8-8A303A7D4358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:client_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "085FF0CB-B426-4DCB-9411-017A45280A60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ED4991B9-67A9-4EE9-A30F-27950BF3A3DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2201796B-013B-4440-B366-1F2966AA86FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "43C6FFA8-18A6-4EE1-BE10-A1B7F3C1A47E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F90F6C4F-CEF5-4172-97FC-617B71EAA636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FFA2A5C-B289-4505-85F5-7F6F0222B552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E876825-D6E5-4958-B737-4CE43A32BEC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E07567-754A-40C0-9428-D151880EE6F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6233345D-5100-404A-9B61-524D9679D9E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB739C3-A9BD-433F-8547-12BC615DB18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7231B057-9B7E-43CA-9E91-6DF74D6ADAE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D7A3CB-54CC-4CD9-9672-366233BF0CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58DB0B6B-EB97-448A-B63E-E5997382DD45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DA77BC6D-661F-46E9-B144-1587C1192B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "16F9C7F3-8140-4FEF-8319-64CE51B830AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68286D06-9EBA-4FBD-AB0B-D80993895416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C059683-E0A1-4E97-B393-CB6B0EACF7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5675664-7036-48D0-9524-0350F626D4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA9F3EE8-DA8B-4605-B70B-CFCA25B07C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0DE0FB4-3C1A-460D-B48E-11D7AF415A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "597EE9ED-6A95-46C7-BE83-ADEC6AA65341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DCAD9D1D-A7E5-4D88-B93B-C518BF1986AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E46FE2E-CA1A-4970-81FF-0BFFF2CF6849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE7A2B1-A161-4A20-9EEC-B1EF7F2E387C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D65D66A0-23F7-4110-AF71-05CBFB3F92F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F207CBC6-D186-418D-8F11-3E623530E00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB2708A-58D1-4F17-8504-3748D6667788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E83B1C7A-287A-405F-B44E-85F891183D2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34FC1E19-8F20-4215-8D90-E42EF7126BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CB172848-A873-4137-A335-AD034806A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B78BD7D2-7B48-438C-8C24-01C4007C1A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDCC0D1-32AD-4902-8383-2AA169C3F3BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2D4D70A8-A6FE-4F82-82F1-AB1E9C28FB35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7F64908D-FDAA-499B-8060-8A6EC2443418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E77BCF6E-0D09-4DAF-B147-D11FEEE7371C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote attackers to bypass access restrictions for certain procedures via an encoded URL with \"%FF\" encoded sequences that are improperly converted to \"Y\" characters."
}
],
"id": "CVE-2004-1362",
"lastModified": "2024-11-20T23:50:41.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110382306006205\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/435974"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004G.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110382306006205\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/435974"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004G.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18657"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-05-03 04:00
Modified
2024-11-20 23:35
Severity ?
Summary
Oracle Java Virtual Machine (JVM ) for Oracle 8.1.7 and Oracle Application Server 9iAS Release 1.0.2.0.1 allows remote attackers to read arbitrary files via the .jsp and .sqljsp file extensions when the server is configured to use the <<ALL FILES>> FilePermission.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | application_server | release_1.0.2.0.1 | |
| oracle | oracle8i | 8.1.7_r3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server:release_1.0.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9828D52-C006-4276-8ED2-94C17B6D5D0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7_r3:*:*:*:*:*:*:*",
"matchCriteriaId": "C5ECD4E2-7228-4E78-A3B7-C22D931BE572",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Oracle Java Virtual Machine (JVM ) for Oracle 8.1.7 and Oracle Application Server 9iAS Release 1.0.2.0.1 allows remote attackers to read arbitrary files via the .jsp and .sqljsp file extensions when the server is configured to use the \u003c\u003cALL FILES\u003e\u003e FilePermission."
}
],
"id": "CVE-2001-0326",
"lastModified": "2024-11-20T23:35:07.573",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-05-03T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0255.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/5706"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6438"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2001-02/0255.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/5706"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6438"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-07-03 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to the EXTPROC process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | database_server | 8.0.1 | |
| oracle | database_server | 8.0.2 | |
| oracle | database_server | 8.0.3 | |
| oracle | database_server | 8.0.4 | |
| oracle | database_server | 8.0.5 | |
| oracle | database_server | 8.0.5.1 | |
| oracle | database_server | 8.0.6 | |
| oracle | database_server | 8.1.5 | |
| oracle | database_server | 8.1.6 | |
| oracle | database_server | 8.1.7 | |
| oracle | database_server | 8.1.7.0.0 | |
| oracle | oracle8i | 8.1.5 | |
| oracle | oracle8i | 8.1.6 | |
| oracle | oracle8i | 8.1.7 | |
| oracle | oracle8i | 8.1.7.1 | |
| oracle | oracle8i | enterprise_8.0.5.0.0 | |
| oracle | oracle8i | enterprise_8.0.6.0.0 | |
| oracle | oracle8i | enterprise_8.0.6.0.1 | |
| oracle | oracle8i | enterprise_8.1.5.0.0 | |
| oracle | oracle8i | enterprise_8.1.5.0.2 | |
| oracle | oracle8i | enterprise_8.1.5.1.0 | |
| oracle | oracle8i | enterprise_8.1.6.0.0 | |
| oracle | oracle8i | enterprise_8.1.6.1.0 | |
| oracle | oracle8i | enterprise_8.1.7.0.0 | |
| oracle | oracle8i | enterprise_8.1.7.1.0 | |
| oracle | oracle9i | 9.0 | |
| oracle | oracle9i | 9.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3104552F-31AD-4CBE-8F6E-5E410D2F9EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F3651861-9C23-4AB1-B795-E44C912B8AB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F232E30-578B-440E-98FE-A52FF171F11E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E7675AD-40A0-4BC5-9823-3AC330EE95CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "92829B90-6F6A-4FAF-85A9-731D4F3212C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6EC6CED6-002B-4C69-A700-70FE667BAB9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9C84852A-1153-46A7-9B82-D05F4A6043D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BB401046-E029-4CD1-A937-E9E70A081BF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "453891B9-C354-461F-97FA-330165B92255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ED700CB5-6896-41D1-ABEF-98FC159940F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.1.7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EB365BBC-9611-4F6A-99B3-09FEA903E618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "42AF8B37-C5AA-4B92-A565-214A677C3486",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EC58370-C10D-4559-81C8-C67B64EE2502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5E0E5C6A-FFEA-4855-AE5D-65806B6AFA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2607015-B358-4963-968C-777E2AE9650D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "18BFD76C-1BB0-4227-AD6E-D6CBC426900B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "390EFE5A-C0D0-4BC0-9B27-3D8D3039A651",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C0CBCA0-A0D1-4B0D-ABA5-2DF86294259C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49EB78D7-01BA-4903-A7F7-F12608112E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34DC1C91-85DC-440C-8928-990496D74F75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "62770611-5C6E-487F-A21D-5BA839466CA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F7210473-5E57-47A3-ADDE-9E8C4B3121B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CA2CFD69-2241-4065-8BE2-F654B640EED8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73D7AA72-29C3-45FB-87EF-D9AD087774FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "52AB4EEE-706E-4CB0-B805-63F514A6073E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2720EA-55FB-40B1-BE58-3E16628DA248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BB176D-7A94-4A91-89FC-9971E19FF7C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to the EXTPROC process."
}
],
"id": "CVE-2002-0567",
"lastModified": "2024-11-20T23:39:23.007",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-07-03T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101301332402079\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otn.oracle.com/deploy/security/pdf/plsextproc_alert.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/180147"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4033"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8089"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101301332402079\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otn.oracle.com/deploy/security/pdf/plsextproc_alert.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/180147"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4033"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8089"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-10-11 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "28EC1F94-04F3-490A-8324-1EB60EEBAD4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30D94958-0D13-4076-B6F0-61D505136789",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B22DA22E-54DA-46CF-B3AE-4B0900D8086A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F90F496A-5D57-448F-A46F-E15F06CBFD01",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "89B58983-633F-4D20-80AE-8E7EB865CF83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "19C8989C-D8A6-4AE9-99B6-F2DAE5999EB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7B6EE0E2-D608-4E72-A0E5-F407511405C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "33FD6791-3B84-40CA-BCF4-B5637B172F2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "6DDD2F69-CFD4-4DEA-B43A-1337EEFA95A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "0A80B17D-FD66-40BD-9ADC-FE7A3944A696",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "713ADED4-CBE5-40C3-A128-99CFABF24560",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "70FA0B8E-1A90-4939-871A-38B9E93BCCC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*",
"matchCriteriaId": "83BDEAE5-29B9-48E3-93FA-F30832044C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*",
"matchCriteriaId": "A2720E06-1B0E-4BFE-8C85-A17E597BB151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE1DECF-36C7-4968-8B7A-7A2034C2A957",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*",
"matchCriteriaId": "B67BD173-8517-4E97-BC65-D9657C63601A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*",
"matchCriteriaId": "B392A96F-FD2F-4073-8EED-EB31E1F20FE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*",
"matchCriteriaId": "E130104B-86F5-411E-8AC0-9B4B780BCA00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "163A6EF6-7D3F-4B1F-9E03-A8C86562CC3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "EB477AFB-EA39-4892-B772-586CF6D2D235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "B35906CD-038E-4243-8A95-F0A3A43F06F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "B940BB85-03F5-46D7-8DC9-2E1E228D3D98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "82139FFA-2779-4732-AFA5-4E6E19775899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "B7F717E6-BACD-4C8A-A9C5-516ADA6FEE6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "08AB120B-2FEC-4EB3-9777-135D81E809AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "1C7FF669-12E0-4A73-BBA7-250D109148C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "5AB7B1F1-7202-445D-9F96-135DC0AFB1E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "BCB7EE53-187E-40A9-9865-0F3EDA2B5A4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "9D06AE8A-9BA8-4AA8-ACEA-326CD001E879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC62E1B2-6964-4459-A1EF-A6A087C2960F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.2.1s:*:*:*:*:*:*:*",
"matchCriteriaId": "6A6F28FD-6EAD-4EDD-B9A1-0B120D0F0919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4ED2EB-1E90-4E99-AAD6-5D838800F9B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFAE1E8A-644B-42FD-B149-89AD420BD7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2:r2:*:*:*:*:*:*",
"matchCriteriaId": "0C57D5C2-EEFC-432B-BAF6-57984578186C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E59B89D9-AAF9-40CB-931C-EB4958491B99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ED700CB5-6896-41D1-ABEF-98FC159940F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:9.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43116210-05B8-4241-9EC3-7697014A69A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:9.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA359418-31C5-4FCA-AA93-83AF15D3199A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5E0E5C6A-FFEA-4855-AE5D-65806B6AFA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2607015-B358-4963-968C-777E2AE9650D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7_.0.0_enterprise:*:*:*:*:*:*:*",
"matchCriteriaId": "BCA4CCED-0943-4212-BAC9-23BF51208A3B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7_.1.0_enterprise:*:*:*:*:*:*:*",
"matchCriteriaId": "744F8147-0857-4E9F-BCA4-D24A06F82B06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2720EA-55FB-40B1-BE58-3E16628DA248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BB176D-7A94-4A91-89FC-9971E19FF7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F012561-EA9E-4665-AD81-0AC7655BA22A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF5BE7D-BB10-43E5-8910-626CB6032D64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "330BE6F7-144F-4188-84A4-6597AED71024",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is \"Off\" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157."
},
{
"lang": "es",
"value": "Vulnerabilidad de comandos en sitios cruzados (cross-site scripting, XSS) en la p\u00e1gina de error por defecto en Apache 2.0 antes de 2.0.43, y en 1.3.x hasta 1.3.26, cuando el par\u00e1metro UseCanonicalName est\u00e1 desactivado, y est\u00e1 presente el soporte para comodines DNS, permite a atacantes ejecutar comandos como otro visitante de la p\u00e1gina mediante la cabecera Host:"
}
],
"id": "CVE-2002-0840",
"lastModified": "2024-11-20T23:39:59.660",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-10-11T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20021105-02-I"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html"
},
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0003.html"
},
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000530"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=apache-httpd-announce\u0026m=103367938230488\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=103357160425708\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=103376585508776\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://online.securityfocus.com/advisories/4617"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.apacheweek.com/issues/02-10-04"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2002/dsa-187"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2002/dsa-188"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2002/dsa-195"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/240329"
},
{
"source": "cve@mitre.org",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.linuxsecurity.com/advisories/other_advisory-2414.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/862"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2002-222.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2002-243.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2002-244.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2002-248.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2002-251.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2003-106.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5847"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10241"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20021105-02-I"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=apache-httpd-announce\u0026m=103367938230488\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=103357160425708\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=103376585508776\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://online.securityfocus.com/advisories/4617"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.apacheweek.com/issues/02-10-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2002/dsa-187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2002/dsa-188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2002/dsa-195"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/240329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.linuxsecurity.com/advisories/other_advisory-2414.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2002-222.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2002-243.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2002-244.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2002-248.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2002-251.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2003-106.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5847"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/10241"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Fixed in Apache HTTP Server 2.0.43 and 1.3.27:\nhttp://httpd.apache.org/security/vulnerabilities_20.html\nhttp://httpd.apache.org/security/vulnerabilities_13.html",
"lastModified": "2008-07-02T00:00:00",
"organization": "Apache"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-04 04:00
Modified
2024-11-20 23:50
Severity ?
Summary
The TNS Listener in Oracle 10g allows remote attackers to cause a denial of service (listener crash) via a malformed service_register_NSGR request containing a value that is used as an invalid offset for a pointer that references incorrect memory.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD38E99A-864A-4E99-B6A5-12AACDA822E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFAE1E8A-644B-42FD-B149-89AD420BD7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8075E330-5819-4105-9BB7-4DCC3C0EAEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB346764-EDF2-4BE1-A273-C2CE9A173CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E59B89D9-AAF9-40CB-931C-EB4958491B99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C64888FB-133F-4930-8368-1BD2A4FB11A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "87DEB7BD-FB71-4C22-A0FF-89923B263DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BAAD1A33-4333-4AFB-8D49-1274AE345BA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "852BF209-3C6F-403B-920D-50C46D37515B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "335143DB-4538-49F4-BAFB-C47802318667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6A3E2D8-617C-4740-B662-F8884CE26BF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFBB096-523E-4634-ADC4-6CFB03F9577B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:collaboration_suite:release_1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D1A1DC8-A38C-4061-A825-C6CC2ED453E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBD7B7B5-4C37-4EC7-8B1D-66C1E5043E11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E237E5-9E1A-4F20-9A3D-E3418E3B1329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F57A5AE0-90B5-410E-8878-BD514C3B7946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7EAC35-E890-444A-B070-C91382F2E242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69568B66-122B-4946-B630-2960DAA1885E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6E1838-B4DA-4F62-8713-9E8D7E79CDF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3E4A5C-8D0F-4105-8618-26586BEDE84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D07FEA4F-B1C7-4250-81FD-AC1289769348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "78408427-3FFB-45C4-82EF-C8D636B3A718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager:9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3595689-13AE-4349-8684-D73D33D4A9FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53F57A30-BE27-4F93-B8E4-B0956007F625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_database_control:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F074FCED-60D9-4B07-8A6F-85A89C8CFC33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_grid_control:10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "016AFE8B-049D-4BA9-9270-E18DFDFDC61F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BF667575-AD5F-43D6-B7BF-F255C1A14A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C033CC3-1840-49A1-AB6E-3EC8CE1F0BEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6CEA97EC-FC86-4F53-A134-B98F25892BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_10.1_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E41C0DB6-CD92-4FDC-A705-83CFB92C062A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC43855-2664-42CC-87DD-3C90DB1430C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25A4D091-1D89-484E-A3F7-0F98F8814686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.5_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D96A60B5-7B83-4E94-AF2B-AF3DF28EE1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5C8D47-953E-41DF-9852-955611F6D387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6_.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4798CAE-9AAA-4623-85B2-309DB46DD28A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "121CF7A1-1710-4DA1-B7B6-028557D3FA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "616AD7A7-C8F3-4125-8E26-64109EA40730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7365AA-ACDA-461A-A84C-6B4FF04F295F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42C22E50-FDB8-4314-9F36-70D0130EAA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C65AC14-2AA0-4475-9932-E4AEA410CBCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA730ABB-F315-4F7F-B820-33C5558B05DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CE4E08-4892-419D-AC51-68DD42073092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF52682E-0AB7-4C3F-94D4-7B4A7E08F2C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C65C2671-2FFE-4461-A570-72E3BBC312D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6_.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA59E72F-ACC1-44F3-AE63-B42F1EB83F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CB4061-855C-4DAA-BDAD-AA1E68EFC1E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07F81AC9-DEBD-4B04-8753-C68BAE509B13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0785C55D-183D-42D8-A9F9-DBD297FE7F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8086BBDC-76BE-47C0-8F11-CEC57A23FC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.1:*:*:*:*:*:*:*",
"matchCriteriaId": "72BAAEF7-74CA-4C4F-8D52-AC4D5DE2E0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EECAE774-22F3-4872-9E05-A14376F3883D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:client_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAA7E8B-263B-40A2-B6D8-8A303A7D4358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:client_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "085FF0CB-B426-4DCB-9411-017A45280A60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ED4991B9-67A9-4EE9-A30F-27950BF3A3DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2201796B-013B-4440-B366-1F2966AA86FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "43C6FFA8-18A6-4EE1-BE10-A1B7F3C1A47E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F90F6C4F-CEF5-4172-97FC-617B71EAA636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FFA2A5C-B289-4505-85F5-7F6F0222B552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E876825-D6E5-4958-B737-4CE43A32BEC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E07567-754A-40C0-9428-D151880EE6F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6233345D-5100-404A-9B61-524D9679D9E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB739C3-A9BD-433F-8547-12BC615DB18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7231B057-9B7E-43CA-9E91-6DF74D6ADAE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D7A3CB-54CC-4CD9-9672-366233BF0CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58DB0B6B-EB97-448A-B63E-E5997382DD45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DA77BC6D-661F-46E9-B144-1587C1192B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "16F9C7F3-8140-4FEF-8319-64CE51B830AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68286D06-9EBA-4FBD-AB0B-D80993895416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C059683-E0A1-4E97-B393-CB6B0EACF7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5675664-7036-48D0-9524-0350F626D4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA9F3EE8-DA8B-4605-B70B-CFCA25B07C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0DE0FB4-3C1A-460D-B48E-11D7AF415A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "597EE9ED-6A95-46C7-BE83-ADEC6AA65341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DCAD9D1D-A7E5-4D88-B93B-C518BF1986AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E46FE2E-CA1A-4970-81FF-0BFFF2CF6849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE7A2B1-A161-4A20-9EEC-B1EF7F2E387C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D65D66A0-23F7-4110-AF71-05CBFB3F92F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F207CBC6-D186-418D-8F11-3E623530E00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB2708A-58D1-4F17-8504-3748D6667788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E83B1C7A-287A-405F-B44E-85F891183D2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34FC1E19-8F20-4215-8D90-E42EF7126BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CB172848-A873-4137-A335-AD034806A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B78BD7D2-7B48-438C-8C24-01C4007C1A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDCC0D1-32AD-4902-8383-2AA169C3F3BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2D4D70A8-A6FE-4F82-82F1-AB1E9C28FB35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7F64908D-FDAA-499B-8060-8A6EC2443418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E77BCF6E-0D09-4DAF-B147-D11FEEE7371C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The TNS Listener in Oracle 10g allows remote attackers to cause a denial of service (listener crash) via a malformed service_register_NSGR request containing a value that is used as an invalid offset for a pointer that references incorrect memory."
}
],
"id": "CVE-2004-1369",
"lastModified": "2024-11-20T23:50:42.867",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110382524401468\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004F.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18664"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110382524401468\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004F.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18664"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-07-03 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | application_server | 1.0.2 | |
| oracle | application_server_web_cache | 2.0.0.0 | |
| oracle | application_server_web_cache | 2.0.0.1 | |
| oracle | application_server_web_cache | 2.0.0.2 | |
| oracle | application_server_web_cache | 2.0.0.3 | |
| oracle | oracle8i | 8.1.7 | |
| oracle | oracle8i | 8.1.7_.1 | |
| oracle | oracle9i | 9.0 | |
| oracle | oracle9i | 9.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC62E1B2-6964-4459-A1EF-A6A087C2960F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C272DE0-3717-40D0-99A6-2B4108BF85A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4959B7CD-218F-47A3-A604-629B69E1905B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6659ECF3-D355-4357-BB15-DAFA427FCD12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7B34A419-42C2-44FC-84C7-65699BA07120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5E0E5C6A-FFEA-4855-AE5D-65806B6AFA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7_.1:*:*:*:*:*:*:*",
"matchCriteriaId": "11D27BB6-DFA0-4CB7-B546-0E00C096BF37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2720EA-55FB-40B1-BE58-3E16628DA248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BB176D-7A94-4A91-89FC-9971E19FF7C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default configuration of the PL/SQL Gateway web administration interface in Oracle 9i Application Server 1.0.2.x uses null authentication, which allows remote attackers to gain privileges and modify DAD settings."
}
],
"id": "CVE-2002-0561",
"lastModified": "2024-11-20T23:39:22.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-07-03T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/611776"
},
{
"source": "cve@mitre.org",
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=101301813117562\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/611776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4292"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2000-03-05 05:00
Modified
2024-11-20 23:31
Severity ?
Summary
The installation of Oracle 8.1.5.x on Linux follows symlinks and creates the orainstRoot.sh file with world-writeable permissions, which allows local users to gain privileges.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "42AF8B37-C5AA-4B92-A565-214A677C3486",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The installation of Oracle 8.1.5.x on Linux follows symlinks and creates the orainstRoot.sh file with world-writeable permissions, which allows local users to gain privileges."
}
],
"id": "CVE-2000-0206",
"lastModified": "2024-11-20T23:31:57.767",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2000-03-05T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-03/0023.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/1035"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-03/0023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/1035"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-04 04:00
Modified
2024-11-20 23:50
Severity ?
Summary
Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD38E99A-864A-4E99-B6A5-12AACDA822E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFAE1E8A-644B-42FD-B149-89AD420BD7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8075E330-5819-4105-9BB7-4DCC3C0EAEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB346764-EDF2-4BE1-A273-C2CE9A173CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E59B89D9-AAF9-40CB-931C-EB4958491B99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C64888FB-133F-4930-8368-1BD2A4FB11A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "87DEB7BD-FB71-4C22-A0FF-89923B263DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BAAD1A33-4333-4AFB-8D49-1274AE345BA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "852BF209-3C6F-403B-920D-50C46D37515B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "335143DB-4538-49F4-BAFB-C47802318667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6A3E2D8-617C-4740-B662-F8884CE26BF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFBB096-523E-4634-ADC4-6CFB03F9577B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:collaboration_suite:release_1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D1A1DC8-A38C-4061-A825-C6CC2ED453E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBD7B7B5-4C37-4EC7-8B1D-66C1E5043E11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E237E5-9E1A-4F20-9A3D-E3418E3B1329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F57A5AE0-90B5-410E-8878-BD514C3B7946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7EAC35-E890-444A-B070-C91382F2E242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69568B66-122B-4946-B630-2960DAA1885E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6E1838-B4DA-4F62-8713-9E8D7E79CDF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3E4A5C-8D0F-4105-8618-26586BEDE84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D07FEA4F-B1C7-4250-81FD-AC1289769348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "78408427-3FFB-45C4-82EF-C8D636B3A718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager:9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3595689-13AE-4349-8684-D73D33D4A9FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53F57A30-BE27-4F93-B8E4-B0956007F625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_database_control:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F074FCED-60D9-4B07-8A6F-85A89C8CFC33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_grid_control:10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "016AFE8B-049D-4BA9-9270-E18DFDFDC61F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BF667575-AD5F-43D6-B7BF-F255C1A14A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C033CC3-1840-49A1-AB6E-3EC8CE1F0BEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6CEA97EC-FC86-4F53-A134-B98F25892BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_10.1_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E41C0DB6-CD92-4FDC-A705-83CFB92C062A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC43855-2664-42CC-87DD-3C90DB1430C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25A4D091-1D89-484E-A3F7-0F98F8814686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.5_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D96A60B5-7B83-4E94-AF2B-AF3DF28EE1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5C8D47-953E-41DF-9852-955611F6D387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6_.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4798CAE-9AAA-4623-85B2-309DB46DD28A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "121CF7A1-1710-4DA1-B7B6-028557D3FA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "616AD7A7-C8F3-4125-8E26-64109EA40730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7365AA-ACDA-461A-A84C-6B4FF04F295F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42C22E50-FDB8-4314-9F36-70D0130EAA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C65AC14-2AA0-4475-9932-E4AEA410CBCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA730ABB-F315-4F7F-B820-33C5558B05DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CE4E08-4892-419D-AC51-68DD42073092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF52682E-0AB7-4C3F-94D4-7B4A7E08F2C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C65C2671-2FFE-4461-A570-72E3BBC312D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6_.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA59E72F-ACC1-44F3-AE63-B42F1EB83F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CB4061-855C-4DAA-BDAD-AA1E68EFC1E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07F81AC9-DEBD-4B04-8753-C68BAE509B13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0785C55D-183D-42D8-A9F9-DBD297FE7F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8086BBDC-76BE-47C0-8F11-CEC57A23FC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.1:*:*:*:*:*:*:*",
"matchCriteriaId": "72BAAEF7-74CA-4C4F-8D52-AC4D5DE2E0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EECAE774-22F3-4872-9E05-A14376F3883D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:client_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAA7E8B-263B-40A2-B6D8-8A303A7D4358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:client_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "085FF0CB-B426-4DCB-9411-017A45280A60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ED4991B9-67A9-4EE9-A30F-27950BF3A3DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2201796B-013B-4440-B366-1F2966AA86FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "43C6FFA8-18A6-4EE1-BE10-A1B7F3C1A47E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F90F6C4F-CEF5-4172-97FC-617B71EAA636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FFA2A5C-B289-4505-85F5-7F6F0222B552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E876825-D6E5-4958-B737-4CE43A32BEC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E07567-754A-40C0-9428-D151880EE6F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6233345D-5100-404A-9B61-524D9679D9E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB739C3-A9BD-433F-8547-12BC615DB18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7231B057-9B7E-43CA-9E91-6DF74D6ADAE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D7A3CB-54CC-4CD9-9672-366233BF0CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58DB0B6B-EB97-448A-B63E-E5997382DD45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DA77BC6D-661F-46E9-B144-1587C1192B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "16F9C7F3-8140-4FEF-8319-64CE51B830AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68286D06-9EBA-4FBD-AB0B-D80993895416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C059683-E0A1-4E97-B393-CB6B0EACF7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5675664-7036-48D0-9524-0350F626D4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA9F3EE8-DA8B-4605-B70B-CFCA25B07C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0DE0FB4-3C1A-460D-B48E-11D7AF415A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "597EE9ED-6A95-46C7-BE83-ADEC6AA65341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DCAD9D1D-A7E5-4D88-B93B-C518BF1986AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E46FE2E-CA1A-4970-81FF-0BFFF2CF6849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE7A2B1-A161-4A20-9EEC-B1EF7F2E387C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D65D66A0-23F7-4110-AF71-05CBFB3F92F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F207CBC6-D186-418D-8F11-3E623530E00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB2708A-58D1-4F17-8504-3748D6667788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E83B1C7A-287A-405F-B44E-85F891183D2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34FC1E19-8F20-4215-8D90-E42EF7126BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CB172848-A873-4137-A335-AD034806A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B78BD7D2-7B48-438C-8C24-01C4007C1A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDCC0D1-32AD-4902-8383-2AA169C3F3BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2D4D70A8-A6FE-4F82-82F1-AB1E9C28FB35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7F64908D-FDAA-499B-8060-8A6EC2443418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E77BCF6E-0D09-4DAF-B147-D11FEEE7371C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges."
}
],
"id": "CVE-2004-1366",
"lastModified": "2024-11-20T23:50:42.393",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004D.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/archive/1/385323"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004D.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.securityfocus.com/archive/1/385323"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18661"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-255"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-09-05 04:00
Modified
2024-11-20 23:40
Severity ?
Summary
catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a default dbsnmp password, which allows attackers to perform restricted database operations and possibly gain other privileges.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:oracle8i:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC8C65AE-EF3B-4B02-B260-B32FB674956D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:*:*:*:*:*:*:*:*",
"matchCriteriaId": "795F83D5-953C-4BBF-896F-DBDAB813BAE2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a default dbsnmp password, which allows attackers to perform restricted database operations and possibly gain other privileges."
},
{
"lang": "es",
"value": "catsnmp en Oracle 9i y 8i se instala con un usario dbsnmp con una contrase\u00f1a por defecto, lo que permite a atacantes realizar operac\u00edones restringidadas en la base de datos y posiblemente ganar otros privilegios."
}
],
"id": "CVE-2002-0858",
"lastModified": "2024-11-20T23:40:02.740",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-09-05T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=102918005402808\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://www.iss.net/security_center/static/9932.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/9476"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=102918005402808\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.iss.net/security_center/static/9932.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/9476"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-04 04:00
Modified
2024-11-20 23:50
Severity ?
Summary
Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitrary SQL commands and gain privileges via (1) DBMS_EXPORT_EXTENSION, (2) WK_ACL.GET_ACL, (3) WK_ACL.STORE_ACL, (4) WK_ADM.COMPLETE_ACL_SNAPSHOT, (5) WK_ACL.DELETE_ACLS_WITH_STATEMENT, or (6) DRILOAD.VALIDATE_STMT.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD38E99A-864A-4E99-B6A5-12AACDA822E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFAE1E8A-644B-42FD-B149-89AD420BD7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8075E330-5819-4105-9BB7-4DCC3C0EAEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB346764-EDF2-4BE1-A273-C2CE9A173CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E59B89D9-AAF9-40CB-931C-EB4958491B99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C64888FB-133F-4930-8368-1BD2A4FB11A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "87DEB7BD-FB71-4C22-A0FF-89923B263DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BAAD1A33-4333-4AFB-8D49-1274AE345BA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "852BF209-3C6F-403B-920D-50C46D37515B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "335143DB-4538-49F4-BAFB-C47802318667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6A3E2D8-617C-4740-B662-F8884CE26BF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFBB096-523E-4634-ADC4-6CFB03F9577B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:collaboration_suite:release_1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D1A1DC8-A38C-4061-A825-C6CC2ED453E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBD7B7B5-4C37-4EC7-8B1D-66C1E5043E11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E237E5-9E1A-4F20-9A3D-E3418E3B1329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F57A5AE0-90B5-410E-8878-BD514C3B7946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7EAC35-E890-444A-B070-C91382F2E242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69568B66-122B-4946-B630-2960DAA1885E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6E1838-B4DA-4F62-8713-9E8D7E79CDF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3E4A5C-8D0F-4105-8618-26586BEDE84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D07FEA4F-B1C7-4250-81FD-AC1289769348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "78408427-3FFB-45C4-82EF-C8D636B3A718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager:9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3595689-13AE-4349-8684-D73D33D4A9FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53F57A30-BE27-4F93-B8E4-B0956007F625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_database_control:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F074FCED-60D9-4B07-8A6F-85A89C8CFC33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_grid_control:10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "016AFE8B-049D-4BA9-9270-E18DFDFDC61F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BF667575-AD5F-43D6-B7BF-F255C1A14A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C033CC3-1840-49A1-AB6E-3EC8CE1F0BEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6CEA97EC-FC86-4F53-A134-B98F25892BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_10.1_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E41C0DB6-CD92-4FDC-A705-83CFB92C062A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC43855-2664-42CC-87DD-3C90DB1430C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25A4D091-1D89-484E-A3F7-0F98F8814686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.5_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D96A60B5-7B83-4E94-AF2B-AF3DF28EE1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5C8D47-953E-41DF-9852-955611F6D387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6_.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4798CAE-9AAA-4623-85B2-309DB46DD28A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "121CF7A1-1710-4DA1-B7B6-028557D3FA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "616AD7A7-C8F3-4125-8E26-64109EA40730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7365AA-ACDA-461A-A84C-6B4FF04F295F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42C22E50-FDB8-4314-9F36-70D0130EAA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C65AC14-2AA0-4475-9932-E4AEA410CBCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA730ABB-F315-4F7F-B820-33C5558B05DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CE4E08-4892-419D-AC51-68DD42073092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF52682E-0AB7-4C3F-94D4-7B4A7E08F2C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C65C2671-2FFE-4461-A570-72E3BBC312D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6_.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA59E72F-ACC1-44F3-AE63-B42F1EB83F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CB4061-855C-4DAA-BDAD-AA1E68EFC1E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07F81AC9-DEBD-4B04-8753-C68BAE509B13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0785C55D-183D-42D8-A9F9-DBD297FE7F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8086BBDC-76BE-47C0-8F11-CEC57A23FC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.1:*:*:*:*:*:*:*",
"matchCriteriaId": "72BAAEF7-74CA-4C4F-8D52-AC4D5DE2E0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EECAE774-22F3-4872-9E05-A14376F3883D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:client_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAA7E8B-263B-40A2-B6D8-8A303A7D4358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:client_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "085FF0CB-B426-4DCB-9411-017A45280A60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ED4991B9-67A9-4EE9-A30F-27950BF3A3DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2201796B-013B-4440-B366-1F2966AA86FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "43C6FFA8-18A6-4EE1-BE10-A1B7F3C1A47E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F90F6C4F-CEF5-4172-97FC-617B71EAA636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FFA2A5C-B289-4505-85F5-7F6F0222B552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E876825-D6E5-4958-B737-4CE43A32BEC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E07567-754A-40C0-9428-D151880EE6F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6233345D-5100-404A-9B61-524D9679D9E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB739C3-A9BD-433F-8547-12BC615DB18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7231B057-9B7E-43CA-9E91-6DF74D6ADAE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D7A3CB-54CC-4CD9-9672-366233BF0CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58DB0B6B-EB97-448A-B63E-E5997382DD45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DA77BC6D-661F-46E9-B144-1587C1192B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "16F9C7F3-8140-4FEF-8319-64CE51B830AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68286D06-9EBA-4FBD-AB0B-D80993895416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C059683-E0A1-4E97-B393-CB6B0EACF7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5675664-7036-48D0-9524-0350F626D4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA9F3EE8-DA8B-4605-B70B-CFCA25B07C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0DE0FB4-3C1A-460D-B48E-11D7AF415A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "597EE9ED-6A95-46C7-BE83-ADEC6AA65341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DCAD9D1D-A7E5-4D88-B93B-C518BF1986AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E46FE2E-CA1A-4970-81FF-0BFFF2CF6849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE7A2B1-A161-4A20-9EEC-B1EF7F2E387C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D65D66A0-23F7-4110-AF71-05CBFB3F92F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F207CBC6-D186-418D-8F11-3E623530E00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB2708A-58D1-4F17-8504-3748D6667788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E83B1C7A-287A-405F-B44E-85F891183D2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34FC1E19-8F20-4215-8D90-E42EF7126BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CB172848-A873-4137-A335-AD034806A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B78BD7D2-7B48-438C-8C24-01C4007C1A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDCC0D1-32AD-4902-8383-2AA169C3F3BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2D4D70A8-A6FE-4F82-82F1-AB1E9C28FB35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7F64908D-FDAA-499B-8060-8A6EC2443418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E77BCF6E-0D09-4DAF-B147-D11FEEE7371C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitrary SQL commands and gain privileges via (1) DBMS_EXPORT_EXTENSION, (2) WK_ACL.GET_ACL, (3) WK_ACL.STORE_ACL, (4) WK_ADM.COMPLETE_ACL_SNAPSHOT, (5) WK_ACL.DELETE_ACLS_WITH_STATEMENT, or (6) DRILOAD.VALIDATE_STMT."
}
],
"id": "CVE-2004-1370",
"lastModified": "2024-11-20T23:50:43.030",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110382596129607\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004H.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110382596129607\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004H.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18665"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-05-12 04:00
Modified
2024-11-20 23:44
Severity ?
Summary
Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a "CREATE DATABASE LINK" query containing a connect string with a long USING parameter.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | database_server | 7.3.3 | |
| oracle | database_server | 7.3.4 | |
| oracle | database_server | 8.0.1 | |
| oracle | database_server | 8.0.2 | |
| oracle | database_server | 8.0.3 | |
| oracle | database_server | 8.0.4 | |
| oracle | database_server | 8.0.5 | |
| oracle | database_server | 8.0.5.1 | |
| oracle | database_server | 8.0.6 | |
| oracle | database_server | 8.1.5 | |
| oracle | database_server | 8.1.6 | |
| oracle | database_server | 8.1.7 | |
| oracle | database_server | 9.2.1 | |
| oracle | database_server | 9.2.2 | |
| oracle | oracle8i | 8.0.6 | |
| oracle | oracle8i | 8.0.6.3 | |
| oracle | oracle8i | 8.0x | |
| oracle | oracle8i | 8.1.5 | |
| oracle | oracle8i | 8.1.6 | |
| oracle | oracle8i | 8.1.7 | |
| oracle | oracle8i | 8.1.7.1 | |
| oracle | oracle8i | 8.1.7.4 | |
| oracle | oracle8i | 8.1x | |
| oracle | oracle9i | 9.0 | |
| oracle | oracle9i | 9.0.1 | |
| oracle | oracle9i | 9.0.1.2 | |
| oracle | oracle9i | 9.0.1.3 | |
| oracle | oracle9i | 9.0.1.4 | |
| oracle | oracle9i | 9.0.2 | |
| oracle | oracle9i | 9.2.0.1 | |
| oracle | oracle9i | 9.2.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database_server:7.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE5CF5D-4649-4E3A-9328-47224065384F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:7.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE07BAF7-3A9A-426B-9536-72EAB8984A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3104552F-31AD-4CBE-8F6E-5E410D2F9EFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F3651861-9C23-4AB1-B795-E44C912B8AB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F232E30-578B-440E-98FE-A52FF171F11E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E7675AD-40A0-4BC5-9823-3AC330EE95CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "92829B90-6F6A-4FAF-85A9-731D4F3212C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6EC6CED6-002B-4C69-A700-70FE667BAB9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "9C84852A-1153-46A7-9B82-D05F4A6043D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BB401046-E029-4CD1-A937-E9E70A081BF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "453891B9-C354-461F-97FA-330165B92255",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ED700CB5-6896-41D1-ABEF-98FC159940F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:9.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "43116210-05B8-4241-9EC3-7697014A69A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:9.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BA359418-31C5-4FCA-AA93-83AF15D3199A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "06DFEC36-C9D3-42C3-8686-4EB2C9728B89",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.0.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "20080479-4A8C-4C12-B7E0-46802804719D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.0x:*:*:*:*:*:*:*",
"matchCriteriaId": "90E55590-6728-49CC-9635-C3580DDD7A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "42AF8B37-C5AA-4B92-A565-214A677C3486",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5EC58370-C10D-4559-81C8-C67B64EE2502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5E0E5C6A-FFEA-4855-AE5D-65806B6AFA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2607015-B358-4963-968C-777E2AE9650D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C6CC9E21-8D32-400F-A1C9-F270C28A8D54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1x:*:*:*:*:*:*:*",
"matchCriteriaId": "6A134A96-A2EA-43C3-962B-5395FC62571A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2720EA-55FB-40B1-BE58-3E16628DA248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BB176D-7A94-4A91-89FC-9971E19FF7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8F012561-EA9E-4665-AD81-0AC7655BA22A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEF5BE7D-BB10-43E5-8910-626CB6032D64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5DA959EE-44EE-4B81-B7D3-E1C4B9B29FAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "330BE6F7-144F-4188-84A4-6597AED71024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79C42FED-8E75-4AAD-9870-CD16508DDF86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34E38EFA-AEFB-4B9E-913C-FFE3C2DABFC7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in Oracle Net Services for Oracle Database Server 9i release 2 and earlier allows attackers to execute arbitrary code via a \"CREATE DATABASE LINK\" query containing a connect string with a long USING parameter."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en la pila en Oracle Net Sevices de Oracle Database Server 9i release 2 y anteriores permite a atacantes ejecutar c\u00f3digo arbitrario mediante una consulta \"CREATE DATABASE LINK\" conteniendo una cadena de conexi\u00f3n con un par\u00e1metro USING largo."
}
],
"id": "CVE-2003-0222",
"lastModified": "2024-11-20T23:44:15.067",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-05-12T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=105162831008176\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=ntbugtraq\u0026m=105163376015735\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert54.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.ciac.org/ciac/bulletins/n-085.shtml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/7453"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11885"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=105162831008176\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=ntbugtraq\u0026m=105163376015735\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert54.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ciac.org/ciac/bulletins/n-085.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/7453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/11885"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-07-30 04:00
Modified
2024-11-20 23:51
Severity ?
Summary
The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD38E99A-864A-4E99-B6A5-12AACDA822E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC62E1B2-6964-4459-A1EF-A6A087C2960F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.2.1s:*:*:*:*:*:*:*",
"matchCriteriaId": "6A6F28FD-6EAD-4EDD-B9A1-0B120D0F0919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DC4ED2EB-1E90-4E99-AAD6-5D838800F9B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C0160E00-D722-40CE-976C-77CB91C1B94D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFAE1E8A-644B-42FD-B149-89AD420BD7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8075E330-5819-4105-9BB7-4DCC3C0EAEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB346764-EDF2-4BE1-A273-C2CE9A173CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E59B89D9-AAF9-40CB-931C-EB4958491B99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C64888FB-133F-4930-8368-1BD2A4FB11A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "87DEB7BD-FB71-4C22-A0FF-89923B263DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BAAD1A33-4333-4AFB-8D49-1274AE345BA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "852BF209-3C6F-403B-920D-50C46D37515B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_portal:3.0.9.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB7896F-B5E6-4182-85F0-11A04A16F961",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_portal:9.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DFEBABBB-DC11-4A8B-8C8A-A05D144F11A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_portal:9.0.2.3a:*:*:*:*:*:*:*",
"matchCriteriaId": "5C5E7916-B077-4EE8-AD9E-FA118019E035",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_portal:9.0.2.3b:*:*:*:*:*:*:*",
"matchCriteriaId": "F03E1EB3-EB24-4A18-9DA1-AB6243C48221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server_lite:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3E33A069-8301-4AD5-BDD3-8371DA394EE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server_lite:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C87F621-3405-4754-8112-87078CDC2554",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server_lite:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC67B4E-CCFE-4ACB-B3FF-7A6133219F5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.5_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D96A60B5-7B83-4E94-AF2B-AF3DF28EE1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5C8D47-953E-41DF-9852-955611F6D387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6_.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4798CAE-9AAA-4623-85B2-309DB46DD28A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "121CF7A1-1710-4DA1-B7B6-028557D3FA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "616AD7A7-C8F3-4125-8E26-64109EA40730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7365AA-ACDA-461A-A84C-6B4FF04F295F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42C22E50-FDB8-4314-9F36-70D0130EAA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C65AC14-2AA0-4475-9932-E4AEA410CBCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA730ABB-F315-4F7F-B820-33C5558B05DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CE4E08-4892-419D-AC51-68DD42073092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C65C2671-2FFE-4461-A570-72E3BBC312D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6_.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA59E72F-ACC1-44F3-AE63-B42F1EB83F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CB4061-855C-4DAA-BDAD-AA1E68EFC1E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07F81AC9-DEBD-4B04-8753-C68BAE509B13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0785C55D-183D-42D8-A9F9-DBD297FE7F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8086BBDC-76BE-47C0-8F11-CEC57A23FC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.1:*:*:*:*:*:*:*",
"matchCriteriaId": "72BAAEF7-74CA-4C4F-8D52-AC4D5DE2E0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EECAE774-22F3-4872-9E05-A14376F3883D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:client_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAA7E8B-263B-40A2-B6D8-8A303A7D4358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:client_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "085FF0CB-B426-4DCB-9411-017A45280A60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2201796B-013B-4440-B366-1F2966AA86FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "43C6FFA8-18A6-4EE1-BE10-A1B7F3C1A47E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F90F6C4F-CEF5-4172-97FC-617B71EAA636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FFA2A5C-B289-4505-85F5-7F6F0222B552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E876825-D6E5-4958-B737-4CE43A32BEC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E07567-754A-40C0-9428-D151880EE6F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6233345D-5100-404A-9B61-524D9679D9E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB739C3-A9BD-433F-8547-12BC615DB18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D7A3CB-54CC-4CD9-9672-366233BF0CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58DB0B6B-EB97-448A-B63E-E5997382DD45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DA77BC6D-661F-46E9-B144-1587C1192B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "16F9C7F3-8140-4FEF-8319-64CE51B830AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68286D06-9EBA-4FBD-AB0B-D80993895416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C059683-E0A1-4E97-B393-CB6B0EACF7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5675664-7036-48D0-9524-0350F626D4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA9F3EE8-DA8B-4605-B70B-CFCA25B07C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0DE0FB4-3C1A-460D-B48E-11D7AF415A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E46FE2E-CA1A-4970-81FF-0BFFF2CF6849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE7A2B1-A161-4A20-9EEC-B1EF7F2E387C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D65D66A0-23F7-4110-AF71-05CBFB3F92F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F207CBC6-D186-418D-8F11-3E623530E00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB2708A-58D1-4F17-8504-3748D6667788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E83B1C7A-287A-405F-B44E-85F891183D2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34FC1E19-8F20-4215-8D90-E42EF7126BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CB172848-A873-4137-A335-AD034806A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B78BD7D2-7B48-438C-8C24-01C4007C1A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDCC0D1-32AD-4902-8383-2AA169C3F3BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2D4D70A8-A6FE-4F82-82F1-AB1E9C28FB35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7F64908D-FDAA-499B-8060-8A6EC2443418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "99255D3E-41FF-4D2F-A11B-9563997F4110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0."
}
],
"id": "CVE-2004-1707",
"lastModified": "2024-11-20T23:51:33.043",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-07-30T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=109147677214087\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12205"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10829"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16839"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=109147677214087\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/12205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10829"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16839"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-08-27 04:00
Modified
2024-11-20 23:45
Severity ?
Summary
Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Oracle9i Database Release 2 and 1, and Oracle 8i, allows authenticated database users, and arbitrary database users in some cases, to execute arbitrary code via a long library name.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | oracle8i | enterprise_8.1.5_.0.0 | |
| oracle | oracle8i | enterprise_8.1.5_.0.2 | |
| oracle | oracle8i | enterprise_8.1.5_.1.0 | |
| oracle | oracle8i | enterprise_8.1.6_.0.0 | |
| oracle | oracle8i | enterprise_8.1.6_.1.0 | |
| oracle | oracle8i | enterprise_8.1.7_.0.0 | |
| oracle | oracle8i | enterprise_8.1.7_.1.0 | |
| oracle | oracle8i | standard_8.1.5 | |
| oracle | oracle8i | standard_8.1.6 | |
| oracle | oracle8i | standard_8.1.7 | |
| oracle | oracle8i | standard_8.1.7_.0.0 | |
| oracle | oracle8i | standard_8.1.7_.1 | |
| oracle | oracle8i | standard_8.1.7_.4 | |
| oracle | oracle9i | client_9.2.0.1 | |
| oracle | oracle9i | client_9.2.0.2 | |
| oracle | oracle9i | enterprise_9.0.1 | |
| oracle | oracle9i | enterprise_9.2.0.1 | |
| oracle | oracle9i | enterprise_9.2.0.2 | |
| oracle | oracle9i | personal_9.0.1 | |
| oracle | oracle9i | personal_9.2.0.1 | |
| oracle | oracle9i | personal_9.2.0.2 | |
| oracle | oracle9i | standard_9.0 | |
| oracle | oracle9i | standard_9.0.1 | |
| oracle | oracle9i | standard_9.0.1.2 | |
| oracle | oracle9i | standard_9.0.1.3 | |
| oracle | oracle9i | standard_9.0.1.4 | |
| oracle | oracle9i | standard_9.0.2 | |
| oracle | oracle9i | standard_9.2.0.1 | |
| oracle | oracle9i | standard_9.2.0.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "121CF7A1-1710-4DA1-B7B6-028557D3FA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "616AD7A7-C8F3-4125-8E26-64109EA40730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7365AA-ACDA-461A-A84C-6B4FF04F295F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42C22E50-FDB8-4314-9F36-70D0130EAA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C65AC14-2AA0-4475-9932-E4AEA410CBCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA730ABB-F315-4F7F-B820-33C5558B05DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CE4E08-4892-419D-AC51-68DD42073092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CB4061-855C-4DAA-BDAD-AA1E68EFC1E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07F81AC9-DEBD-4B04-8753-C68BAE509B13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0785C55D-183D-42D8-A9F9-DBD297FE7F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8086BBDC-76BE-47C0-8F11-CEC57A23FC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.1:*:*:*:*:*:*:*",
"matchCriteriaId": "72BAAEF7-74CA-4C4F-8D52-AC4D5DE2E0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EECAE774-22F3-4872-9E05-A14376F3883D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:client_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAA7E8B-263B-40A2-B6D8-8A303A7D4358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:client_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "085FF0CB-B426-4DCB-9411-017A45280A60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2201796B-013B-4440-B366-1F2966AA86FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E876825-D6E5-4958-B737-4CE43A32BEC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E07567-754A-40C0-9428-D151880EE6F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58DB0B6B-EB97-448A-B63E-E5997382DD45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C059683-E0A1-4E97-B393-CB6B0EACF7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5675664-7036-48D0-9524-0350F626D4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E46FE2E-CA1A-4970-81FF-0BFFF2CF6849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE7A2B1-A161-4A20-9EEC-B1EF7F2E387C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D65D66A0-23F7-4110-AF71-05CBFB3F92F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F207CBC6-D186-418D-8F11-3E623530E00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB2708A-58D1-4F17-8504-3748D6667788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34FC1E19-8F20-4215-8D90-E42EF7126BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B78BD7D2-7B48-438C-8C24-01C4007C1A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDCC0D1-32AD-4902-8383-2AA169C3F3BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Oracle9i Database Release 2 and 1, and Oracle 8i, allows authenticated database users, and arbitrary database users in some cases, to execute arbitrary code via a long library name."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en la pila en EXTPROC de Oracle 9i Database Release 2 y 1, y Oracle 8i, permite a usuarios autenticados de la base de datos, posiblemente s\u00f3lo aquellos con privilegios CREATE LIBRARY o CREATE ANY LIBRARY, ejecutar c\u00f3digo arbitrario mediante un nombre de librer\u00eda largo."
}
],
"id": "CVE-2003-0634",
"lastModified": "2024-11-20T23:45:11.500",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-08-27T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0105.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=105914979629857\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=105916455814904\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=ntbugtraq\u0026m=105915485303327\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert57.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/936868"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/8267"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12721"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0105.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=105914979629857\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=105916455814904\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=ntbugtraq\u0026m=105915485303327\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://otn.oracle.com/deploy/security/pdf/2003alert57.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/936868"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/8267"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12721"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-04 04:00
Modified
2024-11-20 23:50
Severity ?
Summary
Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD38E99A-864A-4E99-B6A5-12AACDA822E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFAE1E8A-644B-42FD-B149-89AD420BD7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8075E330-5819-4105-9BB7-4DCC3C0EAEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB346764-EDF2-4BE1-A273-C2CE9A173CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E59B89D9-AAF9-40CB-931C-EB4958491B99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C64888FB-133F-4930-8368-1BD2A4FB11A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "87DEB7BD-FB71-4C22-A0FF-89923B263DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BAAD1A33-4333-4AFB-8D49-1274AE345BA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "852BF209-3C6F-403B-920D-50C46D37515B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "335143DB-4538-49F4-BAFB-C47802318667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6A3E2D8-617C-4740-B662-F8884CE26BF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFBB096-523E-4634-ADC4-6CFB03F9577B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:collaboration_suite:release_1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D1A1DC8-A38C-4061-A825-C6CC2ED453E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBD7B7B5-4C37-4EC7-8B1D-66C1E5043E11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E237E5-9E1A-4F20-9A3D-E3418E3B1329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F57A5AE0-90B5-410E-8878-BD514C3B7946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7EAC35-E890-444A-B070-C91382F2E242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69568B66-122B-4946-B630-2960DAA1885E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6E1838-B4DA-4F62-8713-9E8D7E79CDF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3E4A5C-8D0F-4105-8618-26586BEDE84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D07FEA4F-B1C7-4250-81FD-AC1289769348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "78408427-3FFB-45C4-82EF-C8D636B3A718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager:9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3595689-13AE-4349-8684-D73D33D4A9FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53F57A30-BE27-4F93-B8E4-B0956007F625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_database_control:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F074FCED-60D9-4B07-8A6F-85A89C8CFC33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_grid_control:10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "016AFE8B-049D-4BA9-9270-E18DFDFDC61F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BF667575-AD5F-43D6-B7BF-F255C1A14A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C033CC3-1840-49A1-AB6E-3EC8CE1F0BEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6CEA97EC-FC86-4F53-A134-B98F25892BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_10.1_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E41C0DB6-CD92-4FDC-A705-83CFB92C062A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC43855-2664-42CC-87DD-3C90DB1430C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25A4D091-1D89-484E-A3F7-0F98F8814686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.5_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D96A60B5-7B83-4E94-AF2B-AF3DF28EE1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5C8D47-953E-41DF-9852-955611F6D387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6_.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4798CAE-9AAA-4623-85B2-309DB46DD28A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "121CF7A1-1710-4DA1-B7B6-028557D3FA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "616AD7A7-C8F3-4125-8E26-64109EA40730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7365AA-ACDA-461A-A84C-6B4FF04F295F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42C22E50-FDB8-4314-9F36-70D0130EAA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C65AC14-2AA0-4475-9932-E4AEA410CBCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA730ABB-F315-4F7F-B820-33C5558B05DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CE4E08-4892-419D-AC51-68DD42073092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF52682E-0AB7-4C3F-94D4-7B4A7E08F2C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C65C2671-2FFE-4461-A570-72E3BBC312D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6_.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA59E72F-ACC1-44F3-AE63-B42F1EB83F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CB4061-855C-4DAA-BDAD-AA1E68EFC1E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07F81AC9-DEBD-4B04-8753-C68BAE509B13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0785C55D-183D-42D8-A9F9-DBD297FE7F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8086BBDC-76BE-47C0-8F11-CEC57A23FC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.1:*:*:*:*:*:*:*",
"matchCriteriaId": "72BAAEF7-74CA-4C4F-8D52-AC4D5DE2E0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EECAE774-22F3-4872-9E05-A14376F3883D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:client_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAA7E8B-263B-40A2-B6D8-8A303A7D4358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:client_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "085FF0CB-B426-4DCB-9411-017A45280A60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ED4991B9-67A9-4EE9-A30F-27950BF3A3DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2201796B-013B-4440-B366-1F2966AA86FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "43C6FFA8-18A6-4EE1-BE10-A1B7F3C1A47E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F90F6C4F-CEF5-4172-97FC-617B71EAA636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FFA2A5C-B289-4505-85F5-7F6F0222B552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E876825-D6E5-4958-B737-4CE43A32BEC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E07567-754A-40C0-9428-D151880EE6F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6233345D-5100-404A-9B61-524D9679D9E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB739C3-A9BD-433F-8547-12BC615DB18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7231B057-9B7E-43CA-9E91-6DF74D6ADAE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D7A3CB-54CC-4CD9-9672-366233BF0CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58DB0B6B-EB97-448A-B63E-E5997382DD45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DA77BC6D-661F-46E9-B144-1587C1192B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "16F9C7F3-8140-4FEF-8319-64CE51B830AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68286D06-9EBA-4FBD-AB0B-D80993895416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C059683-E0A1-4E97-B393-CB6B0EACF7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5675664-7036-48D0-9524-0350F626D4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA9F3EE8-DA8B-4605-B70B-CFCA25B07C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0DE0FB4-3C1A-460D-B48E-11D7AF415A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "597EE9ED-6A95-46C7-BE83-ADEC6AA65341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DCAD9D1D-A7E5-4D88-B93B-C518BF1986AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E46FE2E-CA1A-4970-81FF-0BFFF2CF6849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE7A2B1-A161-4A20-9EEC-B1EF7F2E387C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D65D66A0-23F7-4110-AF71-05CBFB3F92F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F207CBC6-D186-418D-8F11-3E623530E00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB2708A-58D1-4F17-8504-3748D6667788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E83B1C7A-287A-405F-B44E-85F891183D2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34FC1E19-8F20-4215-8D90-E42EF7126BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CB172848-A873-4137-A335-AD034806A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B78BD7D2-7B48-438C-8C24-01C4007C1A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDCC0D1-32AD-4902-8383-2AA169C3F3BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2D4D70A8-A6FE-4F82-82F1-AB1E9C28FB35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7F64908D-FDAA-499B-8060-8A6EC2443418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E77BCF6E-0D09-4DAF-B147-D11FEEE7371C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Oracle 10g Database Server, when installed with a password that contains an exclamation point (\"!\") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password."
}
],
"id": "CVE-2004-1367",
"lastModified": "2024-11-20T23:50:42.547",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110382247308064\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004D.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110382247308064\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004D.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.oracle.com/technology/deploy/security/pdf/2004alert68.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2001-07-21 04:00
Modified
2024-11-20 23:35
Severity ?
Summary
Buffer overflow in Transparent Network Substrate (TNS) Listener in Oracle 8i 8.1.7 and earlier allows remote attackers to gain privileges via a long argument to the commands (1) STATUS, (2) PING, (3) SERVICES, (4) TRC_FILE, (5) SAVE_CONFIG, or (6) RELOAD.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:oracle8i:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9459AC46-5095-4EEF-BD8B-4BBA3A5CE7B4",
"versionEndIncluding": "8.1.7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in Transparent Network Substrate (TNS) Listener in Oracle 8i 8.1.7 and earlier allows remote attackers to gain privileges via a long argument to the commands (1) STATUS, (2) PING, (3) SERVICES, (4) TRC_FILE, (5) SAVE_CONFIG, or (6) RELOAD."
}
],
"id": "CVE-2001-0499",
"lastModified": "2024-11-20T23:35:30.940",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2001-07-21T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2001-16.html"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/620495"
},
{
"source": "cve@mitre.org",
"url": "http://www.nai.com/research/covert/advisories/050.asp"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/2941"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2001-16.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/620495"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nai.com/research/covert/advisories/050.asp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/2941"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6758"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1999-08-16 04:00
Modified
2024-11-20 23:29
Severity ?
Summary
dbsnmp in Oracle Intelligent Agent allows local users to gain privileges by setting the ORACLE_HOME environmental variable, which dbsnmp uses to find the nmiconf.tcl script.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database_server:7.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE5CF5D-4649-4E3A-9328-47224065384F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:7.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE07BAF7-3A9A-426B-9536-72EAB8984A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "44F4BD05-8A36-4C17-AA00-01CE12A66137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BF68DBCB-377C-476A-9373-5A85AA20916C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F492716-428E-41DF-AC50-1C8A84DBA2DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE91CC68-D396-4437-886C-370D30A771CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "42AF8B37-C5AA-4B92-A565-214A677C3486",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "dbsnmp in Oracle Intelligent Agent allows local users to gain privileges by setting the ORACLE_HOME environmental variable, which dbsnmp uses to find the nmiconf.tcl script."
}
],
"id": "CVE-1999-0888",
"lastModified": "2024-11-20T23:29:46.603",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1999-08-16T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/585"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/585"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-09-05 04:00
Modified
2024-11-20 23:40
Severity ?
Summary
Format string vulnerabilities in Oracle Listener Control utility (lsnrctl) for Oracle 9.2 and 9.0, 8.1, and 7.3.4, allow remote attackers to execute arbitrary code on the Oracle DBA system by placing format strings into certain entries in the listener.ora configuration file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | database_server | 7.3.4 | |
| oracle | database_server | 9.0 | |
| oracle | database_server | 9.2 | |
| oracle | oracle8i | 8.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:database_server:7.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE07BAF7-3A9A-426B-9536-72EAB8984A4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC3C795-3914-4941-9244-D4FB9C12C7F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3D159781-4109-4A9B-A46B-241021FED68E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "44943278-DF79-4C58-AA98-B3FEA6CB8F21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerabilities in Oracle Listener Control utility (lsnrctl) for Oracle 9.2 and 9.0, 8.1, and 7.3.4, allow remote attackers to execute arbitrary code on the Oracle DBA system by placing format strings into certain entries in the listener.ora configuration file."
},
{
"lang": "es",
"value": "Vulnerabilidad de formato de cadenas en la utilidad Oracle Listener Control (lsnrctl) en Oracle 9.2, 9.0, 8.1 y 7.3.4 permite a atacantes remotos ejecutar c\u00f3digo arbitrario el sitstema Oracle DBA mediante la introducci\u00f3n de cadenas de formato en ciertas entradas en fichero de configuraci\u00f3n listener.ora"
}
],
"id": "CVE-2002-0857",
"lastModified": "2024-11-20T23:40:02.597",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-09-05T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=102933735716634\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2002alert40rev1.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1005037"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/301059"
},
{
"source": "cve@mitre.org",
"url": "http://www.ngssoftware.com/advisories/ora-lsnrfmtstr.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/5460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=102933735716634\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://otn.oracle.com/deploy/security/pdf/2002alert40rev1.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1005037"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/301059"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ngssoftware.com/advisories/ora-lsnrfmtstr.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/5460"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2002-07-03 04:00
Modified
2024-11-20 23:39
Severity ?
Summary
Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via (1) a long help page request without a dadname, which overflows the resulting HTTP Location header, (2) a long HTTP request to the plsql module, (3) a long password in the HTTP Authorization, (4) a long Access Descriptor (DAD) password in the addadd form, or (5) a long cache directory name.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | application_server | 1.0.2 | |
| oracle | application_server_web_cache | 2.0.0.0 | |
| oracle | application_server_web_cache | 2.0.0.1 | |
| oracle | application_server_web_cache | 2.0.0.2 | |
| oracle | application_server_web_cache | 2.0.0.3 | |
| oracle | oracle8i | 8.1.7 | |
| oracle | oracle8i | 8.1.7.1 | |
| oracle | oracle9i | 9.0 | |
| oracle | oracle9i | 9.0.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC62E1B2-6964-4459-A1EF-A6A087C2960F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C272DE0-3717-40D0-99A6-2B4108BF85A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4959B7CD-218F-47A3-A604-629B69E1905B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6659ECF3-D355-4357-BB15-DAFA427FCD12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server_web_cache:2.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7B34A419-42C2-44FC-84C7-65699BA07120",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5E0E5C6A-FFEA-4855-AE5D-65806B6AFA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F2607015-B358-4963-968C-777E2AE9650D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C2720EA-55FB-40B1-BE58-3E16628DA248",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D9BB176D-7A94-4A91-89FC-9971E19FF7C6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via (1) a long help page request without a dadname, which overflows the resulting HTTP Location header, (2) a long HTTP request to the plsql module, (3) a long password in the HTTP Authorization, (4) a long Access Descriptor (DAD) password in the addadd form, or (5) a long cache directory name."
}
],
"id": "CVE-2002-0559",
"lastModified": "2024-11-20T23:39:21.953",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2002-07-03T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://online.securityfocus.com/archive/1/254426"
},
{
"source": "cve@mitre.org",
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/313280"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/659043"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/750299"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/878603"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/923395"
},
{
"source": "cve@mitre.org",
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4032"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8095"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8096"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8097"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://online.securityfocus.com/archive/1/254426"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.cert.org/advisories/CA-2002-08.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/313280"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/659043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/750299"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/878603"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/923395"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nextgenss.com/papers/hpoas.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/4032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8095"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8096"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/8098"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1999-04-29 04:00
Modified
2024-11-20 23:29
Severity ?
Summary
The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix allows local users to execute Tcl commands as root.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "44F4BD05-8A36-4C17-AA00-01CE12A66137",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BF68DBCB-377C-476A-9373-5A85AA20916C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0F492716-428E-41DF-AC50-1C8A84DBA2DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.0.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE91CC68-D396-4437-886C-370D30A771CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:8.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "42AF8B37-C5AA-4B92-A565-214A677C3486",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix allows local users to execute Tcl commands as root."
}
],
"id": "CVE-1999-0711",
"lastModified": "2024-11-20T23:29:17.430",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "1999-04-29T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=92609807906778\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?t=92550157100002\u0026w=2\u0026r=1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=92609807906778\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?t=92550157100002\u0026w=2\u0026r=1"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-04 04:00
Modified
2024-11-20 23:50
Severity ?
Summary
Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local users to execute arbitrary commands as the Oracle user.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:application_server:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AD38E99A-864A-4E99-B6A5-12AACDA822E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CFAE1E8A-644B-42FD-B149-89AD420BD7A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8075E330-5819-4105-9BB7-4DCC3C0EAEF9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB346764-EDF2-4BE1-A273-C2CE9A173CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E59B89D9-AAF9-40CB-931C-EB4958491B99",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C64888FB-133F-4930-8368-1BD2A4FB11A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "87DEB7BD-FB71-4C22-A0FF-89923B263DC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BAAD1A33-4333-4AFB-8D49-1274AE345BA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "852BF209-3C6F-403B-920D-50C46D37515B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "335143DB-4538-49F4-BAFB-C47802318667",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6A3E2D8-617C-4740-B662-F8884CE26BF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_server:9.0.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4FFBB096-523E-4634-ADC4-6CFB03F9577B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:collaboration_suite:release_1:*:*:*:*:*:*:*",
"matchCriteriaId": "3D1A1DC8-A38C-4061-A825-C6CC2ED453E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBD7B7B5-4C37-4EC7-8B1D-66C1E5043E11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E237E5-9E1A-4F20-9A3D-E3418E3B1329",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F57A5AE0-90B5-410E-8878-BD514C3B7946",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EA7EAC35-E890-444A-B070-C91382F2E242",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69568B66-122B-4946-B630-2960DAA1885E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "EB6E1838-B4DA-4F62-8713-9E8D7E79CDF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3E4A5C-8D0F-4105-8618-26586BEDE84B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D07FEA4F-B1C7-4250-81FD-AC1289769348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:e-business_suite:11.5.9:*:*:*:*:*:*:*",
"matchCriteriaId": "78408427-3FFB-45C4-82EF-C8D636B3A718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager:9:*:*:*:*:*:*:*",
"matchCriteriaId": "E3595689-13AE-4349-8684-D73D33D4A9FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "53F57A30-BE27-4F93-B8E4-B0956007F625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_database_control:10.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F074FCED-60D9-4B07-8A6F-85A89C8CFC33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_grid_control:10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "016AFE8B-049D-4BA9-9270-E18DFDFDC61F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BF667575-AD5F-43D6-B7BF-F255C1A14A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:enterprise_10.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0C033CC3-1840-49A1-AB6E-3EC8CE1F0BEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6CEA97EC-FC86-4F53-A134-B98F25892BB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:personal_10.1_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E41C0DB6-CD92-4FDC-A705-83CFB92C062A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_9.0.4_.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC43855-2664-42CC-87DD-3C90DB1430C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle10g:standard_10.1_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "25A4D091-1D89-484E-A3F7-0F98F8814686",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.5_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D96A60B5-7B83-4E94-AF2B-AF3DF28EE1D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0C5C8D47-953E-41DF-9852-955611F6D387",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.0.6_.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4798CAE-9AAA-4623-85B2-309DB46DD28A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "121CF7A1-1710-4DA1-B7B6-028557D3FA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "616AD7A7-C8F3-4125-8E26-64109EA40730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.5_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3C7365AA-ACDA-461A-A84C-6B4FF04F295F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42C22E50-FDB8-4314-9F36-70D0130EAA6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.6_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2C65AC14-2AA0-4475-9932-E4AEA410CBCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BA730ABB-F315-4F7F-B820-33C5558B05DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4CE4E08-4892-419D-AC51-68DD42073092",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:enterprise_8.1.7_.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EF52682E-0AB7-4C3F-94D4-7B4A7E08F2C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C65C2671-2FFE-4461-A570-72E3BBC312D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.0.6_.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CA59E72F-ACC1-44F3-AE63-B42F1EB83F3D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B5CB4061-855C-4DAA-BDAD-AA1E68EFC1E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "07F81AC9-DEBD-4B04-8753-C68BAE509B13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0785C55D-183D-42D8-A9F9-DBD297FE7F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8086BBDC-76BE-47C0-8F11-CEC57A23FC27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.1:*:*:*:*:*:*:*",
"matchCriteriaId": "72BAAEF7-74CA-4C4F-8D52-AC4D5DE2E0E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle8i:standard_8.1.7_.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EECAE774-22F3-4872-9E05-A14376F3883D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:client_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DFAA7E8B-263B-40A2-B6D8-8A303A7D4358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:client_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "085FF0CB-B426-4DCB-9411-017A45280A60",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "ED4991B9-67A9-4EE9-A30F-27950BF3A3DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2201796B-013B-4440-B366-1F2966AA86FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "43C6FFA8-18A6-4EE1-BE10-A1B7F3C1A47E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F90F6C4F-CEF5-4172-97FC-617B71EAA636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2FFA2A5C-B289-4505-85F5-7F6F0222B552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E876825-D6E5-4958-B737-4CE43A32BEC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E07567-754A-40C0-9428-D151880EE6F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6233345D-5100-404A-9B61-524D9679D9E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB739C3-A9BD-433F-8547-12BC615DB18D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:enterprise_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7231B057-9B7E-43CA-9E91-6DF74D6ADAE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D7A3CB-54CC-4CD9-9672-366233BF0CCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58DB0B6B-EB97-448A-B63E-E5997382DD45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DA77BC6D-661F-46E9-B144-1587C1192B8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "16F9C7F3-8140-4FEF-8319-64CE51B830AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68286D06-9EBA-4FBD-AB0B-D80993895416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0C059683-E0A1-4E97-B393-CB6B0EACF7C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A5675664-7036-48D0-9524-0350F626D4CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EA9F3EE8-DA8B-4605-B70B-CFCA25B07C1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D0DE0FB4-3C1A-460D-B48E-11D7AF415A94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:personal_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "597EE9ED-6A95-46C7-BE83-ADEC6AA65341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_8.1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "DCAD9D1D-A7E5-4D88-B93B-C518BF1986AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E46FE2E-CA1A-4970-81FF-0BFFF2CF6849",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3EE7A2B1-A161-4A20-9EEC-B1EF7F2E387C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D65D66A0-23F7-4110-AF71-05CBFB3F92F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F207CBC6-D186-418D-8F11-3E623530E00B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2FB2708A-58D1-4F17-8504-3748D6667788",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E83B1C7A-287A-405F-B44E-85F891183D2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "34FC1E19-8F20-4215-8D90-E42EF7126BD9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CB172848-A873-4137-A335-AD034806A5EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B78BD7D2-7B48-438C-8C24-01C4007C1A32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDCC0D1-32AD-4902-8383-2AA169C3F3BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2D4D70A8-A6FE-4F82-82F1-AB1E9C28FB35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7F64908D-FDAA-499B-8060-8A6EC2443418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oracle9i:standard_9.2.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E77BCF6E-0D09-4DAF-B147-D11FEEE7371C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local users to execute arbitrary commands as the Oracle user."
}
],
"id": "CVE-2004-1365",
"lastModified": "2024-11-20T23:50:42.227",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-04T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=110382471608835\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004C.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18662"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=110382471608835\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-101782-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/316206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.ngssoftware.com/advisories/oracle23122004C.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/10871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA04-245A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18662"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}