CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0CVE-2014-4222
https://notcve.org/view.php?id=CVE-2014-4222
Unspecified vulnerability in the Oracle HTTP Server component in Oracle Fusion Middleware 11.1.1.7.0 and 12.1.2.0 allows remote authenticated users to affect confidentiality via vectors related to plugin 1.1. Vulnerabilidad no especificada en el componente Oracle HTTP Server en Oracle Fusion Middleware 11.1.1.7.0 y 12.1.2.0 permite a usuarios remotos autenticados afectar a la confidencialidad a través de vectores relacionados con el plugin 1.1. • http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/59204 http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.securityfocus.com/archive/1/534161/100/0/threaded http://www.securityfocus.com/bid/68652 http://www.securitytracker.com/id/1030594 http://www.vmware.com/security/advisories/VMSA-2014-0012.html https://exchange.xforce.ibmcloud.com/vulnerabilities/94561 •
CVSS: 4.3EPSS: 2%CPEs: 3EXPL: 0CVE-2014-0191 – libxml2: external parameter entity loaded when entity substitution is disabled
https://notcve.org/view.php?id=CVE-2014-0191
The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document. La función xmlParserHandlePEReference en parser.c en libxml2 en versiones anteriores a 2.9.2, como se utiliza en Web Listener en Oracle HTTP Server en Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0 y 12.1.3.0 y otros productos, carga entidades de parámetro externas independientemente de si la sustitución de entidad o la validación están habilitadas, lo que permite a atacantes remotos causar una denegación de servicio (consumo de recursos) a través de un documento XML manipulado. It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked against libxml2 could use this flaw to conduct XML External Entity (XXE) attacks, possibly resulting in a denial of service or an information leak on the system. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html http://rhn.redhat.com/errata/RHSA-2015-0749.html http://www-01.ibm.com/support/docview.wss?uid=swg21678183 http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html http://www.securityfocus.com/ • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 3%CPEs: 4EXPL: 0CVE-2014-2470
https://notcve.org/view.php?id=CVE-2014-2470
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Security. Vulnerabilidad no especificada en el componente Oracle WebLogic Server en Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, y 12.1.2.0 permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores relacionados con WLS Security. • http://secunia.com/advisories/59847 http://www.ibm.com/support/docview.wss?uid=swg21680702 http://www.ibm.com/support/docview.wss?uid=swg24038065 http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html •
CVSS: 4.0EPSS: 0%CPEs: 7EXPL: 0CVE-2014-2404
https://notcve.org/view.php?id=CVE-2014-2404
Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 10.1.4.3, 11.1.1.3.0, 11.1.1.5.0, 11.1.1.7.0, 11.1.2.0.0, 11.1.2.1.0, and 11.1.2.2.0 allows remote authenticated users to affect confidentiality via unknown vectors related to WebGate. Vulnerabilidad no especificada en el componente Oracle Access Manager en Oracle Fusion Middleware 10.1.4.3, 11.1.1.3.0, 11.1.1.5.0, 11.1.1.7.0, 11.1.2.0.0, 11.1.2.1.0, y 11.1.2.2.0 permite a usuarios remotos autenticados afectar la confidencialidad a través de vectores desconocidos relacionados con WebGate. • http://packetstormsecurity.com/files/127047/Oracle-Access-Manager-Information-Disclosure.html http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html http://www.securityfocus.com/bid/66862 •
CVSS: 3.5EPSS: 0%CPEs: 2EXPL: 0CVE-2014-0383
https://notcve.org/view.php?id=CVE-2014-0383
Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.2.0 and 11.1.2.1 allows remote authenticated users to affect confidentiality via unknown vectors related to Identity Console. Vulnerabilidad no especificada en el componente Oracle Identity Manager en Oracle Fusion Middleware 11.1.2.0 y 11.1.2.1 que permite a usuarios remotos autenticados afectar a la confidencialidad a través de vectores desconocidos relacionados con la consola de Identidad. • http://osvdb.org/102102 http://secunia.com/advisories/56459 http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html http://www.securityfocus.com/bid/64758 http://www.securityfocus.com/bid/64842 http://www.securitytracker.com/id/1029613 •