search menu icon-carat-right cmu-wordmark

CERT Coordination Center

CERT/CC Vulnerability Notes Database


Published Public Updated ID CVSS Title
2002-02-28 2002-02-06 2002-03-15 VU#878603 Oracle9i Application Server Apache PL/SQL module vulnerable to buffer overflow via HTTP Authorization header
2002-03-12 2002-01-10 2002-03-15 VU#313280 Oracle9i Application Server Apache PL/SQL module vulnerable to buffer overflow via HTTP Location header
2002-02-28 2002-02-06 2002-03-15 VU#659043 Oracle9i Application Server Apache PL/SQL module vulnerable to buffer overflow via Database Access Descriptor password
2002-01-03 2001-12-13 2002-03-15 VU#500203 Oracle9i Application Server Apache PL/SQL module vulnerable to buffer overflow via help page request
2002-01-09 2001-12-13 2002-03-15 VU#758483 Oracle9i Application Server Apache PL/SQL module does not properly decode URL
2002-02-28 2002-02-06 2002-03-15 VU#923395 Oracle9i Application Server Apache PL/SQL module vulnerable to buffer overflow via cache directory name
2002-03-01 2002-01-10 2002-03-15 VU#193523 Oracle9i Application Server allows unauthenticated access to PL/SQL applications via alternate Database Access Descriptor
2002-02-27 2002-02-06 2002-03-12 VU#547459 Oracle 9iAS creates temporary files when processing JSP requests that are world-readable
2002-03-12 2002-01-10 2002-03-12 VU#736923 Oracle 9iAS SOAP components allow anonymous users to deploy applications by default
2002-02-27 2002-01-10 2002-03-12 VU#717827 Multiple Oracle 9iAS sample pages contain vulnerabilities
2002-03-06 2002-02-06 2002-03-06 VU#977251 Oracle 9iAS XSQL Servlet ignores file permissions allowing arbitrary users to view sensitive configuration files
2002-03-04 2002-02-21 2002-03-06 VU#613459 Squid Proxy Server contains buffer overflow in parsing of the authentication portion of FTP URLs
2002-03-06 2001-09-17 2002-03-06 VU#278971 Oracle 9i Application Server does not adequately handle requests for nonexistent JSP files thereby disclosing web folder path information
2002-03-06 2002-02-06 2002-03-06 VU#798611 Oracle 9iAS contains cross-site scripting vulnerability in "htp.print"
2002-03-06 2002-02-06 2002-03-06 VU#476619 Oracle 9iAS default configuration allows arbitrary users to view sensitive configuration files

Sponsored by CISA.