Shodan
Vulnerabilities
Vulnerable Software
Oracle:  >> Application Server  Security Vulnerabilities
CVE-2002-0842
Format string vulnerability in certain third party modifications to mod_dav for logging bad gateway messages (e.g. Oracle9i Application Server 9.0.2) allows remote attackers to execute arbitrary code via a destination URI that forces a "502 Bad Gateway" response, which causes the format string specifiers to be returned from dav_lookup_uri() in mod_dav.c, which is then used in a call to ap_log_rerror().
CVSS Score
7.5
EPSS Score
0.384
Published
2003-03-03
CVE-2002-1630
The sendmail.jsp sample page in Oracle 9i Application Server (9iAS) allows remote attackers to send arbitrary emails.
CVSS Score
7.5
EPSS Score
0.047
Published
2002-12-31
CVE-2002-1631
SQL injection vulnerability in the query.xsql sample page in Oracle 9i Application Server (9iAS) allows remote attackers to execute arbitrary code via the sql parameter.
CVSS Score
7.5
EPSS Score
0.059
Published
2002-12-31
CVE-2002-1632
Oracle 9i Application Server (9iAS) installs multiple sample pages that allow remote attackers to obtain environment variables and other sensitive information via (1) info.jsp, (2) printenv, (3) echo, or (4) echo2.
CVSS Score
6.4
EPSS Score
0.014
Published
2002-12-31
CVE-2002-1635
The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin.
CVSS Score
5.0
EPSS Score
0.01
Published
2002-12-31
CVE-2002-1636
Cross-site scripting (XSS) vulnerability in the htp PL/SQL package for Oracle 9i Application Server (9iAS) allows remote attackers to inject arbitrary web script or HTML via the cbuf parameter to htp.print.
CVSS Score
4.3
EPSS Score
0.003
Published
2002-12-31
CVE-2002-1858
Oracle Oracle9i Application Server 1.0.2.2 and 9.0.2 through 9.0.2.0.1, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF.").
CVSS Score
5.0
EPSS Score
0.004
Published
2002-12-31
CVE-2002-2153
Format string vulnerability in the administrative pages of the PL/SQL module for Oracle Application Server 4.0.8 and 4.0.8 2 allows remote attackers to execute arbitrary code.
CVSS Score
7.5
EPSS Score
0.025
Published
2002-12-31
CVE-2002-2345
Oracle 9i Application Server 9.0.2 stores the web cache administrator interface password in plaintext, which allows remote attackers to gain access.
CVSS Score
7.5
EPSS Score
0.005
Published
2002-12-31
CVE-2002-2347
Cross-site scripting (XSS) vulnerability in Oracle Java Server Page (OJSP) demo files (1) hellouser.jsp, (2) welcomeuser.jsp and (3) usebean.jsp in Oracle 9i Application Server 9.0.2, 1.0.2.2, 1.0.2.1s and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the text entry field.
CVSS Score
4.3
EPSS Score
0.003
Published
2002-12-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved