CVE-2001-1372
https://notcve.org/view.php?id=CVE-2001-1372
Oracle 9i Application Server 1.0.2 allows remote attackers to obtain the physical path of a file under the server root via a request for a non-existent .JSP file, which leaks the pathname in an error message. • http://marc.info/?l=bugtraq&m=100074087824021&w=2 http://marc.info/?l=bugtraq&m=100119633925473&w=2 http://otn.oracle.com/deploy/security/pdf/jspexecute_alert.pdf http://www.cert.org/advisories/CA-2002-08.html http://www.kb.cert.org/vuls/id/278971 http://www.nii.co.in/research.html http://www.securityfocus.com/bid/3341 https://exchange.xforce.ibmcloud.com/vulnerabilities/7135 •
CVE-2001-1371
https://notcve.org/view.php?id=CVE-2001-1371
The default configuration of Oracle Application Server 9iAS 1.0.2.2 enables SOAP and allows anonymous users to deploy applications by default via urn:soap-service-manager and urn:soap-provider-manager. • http://marc.info/?l=bugtraq&m=101301813117562&w=2 http://technet.oracle.com/deploy/security/pdf/ias_soap_alert.pdf http://www.cert.org/advisories/CA-2002-08.html http://www.iss.net/security_center/static/8449.php http://www.kb.cert.org/vuls/id/736923 http://www.nextgenss.com/papers/hpoas.pdf http://www.securityfocus.com/bid/4289 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2001-1217
https://notcve.org/view.php?id=CVE-2001-1217
Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences. Vulneravilidad de atravesamientod de directorios en el módulo de Apache PL/SQL en Oracle 9i Application Server permite a atacantes remotos obtener información sensible mediante una URL dóblemente codificada con secuencias .. (punto punto). • http://otn.oracle.com/deploy/security/pdf/modplsql.pdf http://www.iss.net/security_center/static/7728.php http://www.kb.cert.org/vuls/id/758483 http://www.securityfocus.com/archive/1/246663 http://www.securityfocus.com/bid/3727 •
CVE-2001-1216
https://notcve.org/view.php?id=CVE-2001-1216
Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page. Desbordamiento de buffer en el módulo de Apache PL/SQL en en Oracle 9i Application Server permite a atacantes remotos ejecutar código arbitrario mediante una petición larga a una página de ayuda. • http://otn.oracle.com/deploy/security/pdf/modplsql.pdf http://www.iss.net/security_center/static/7727.php http://www.kb.cert.org/vuls/id/500203 http://www.securityfocus.com/archive/1/246663 http://www.securityfocus.com/bid/3726 •
CVE-2001-0591
https://notcve.org/view.php?id=CVE-2001-0591
Directory traversal vulnerability in Oracle JSP 1.0.x through 1.1.1 and Oracle 8.1.7 iAS Release 1.0.2 can allow a remote attacker to read or execute arbitrary .jsp files via a '..' (dot dot) attack. • http://archives.neohapsis.com/archives/bugtraq/2001-02/0239.html http://www.securityfocus.com/bid/2286 https://exchange.xforce.ibmcloud.com/vulnerabilities/5986 •