CVE-2014-2479
https://notcve.org/view.php?id=CVE-2014-2479
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS - Web Services. Vulnerabilidad no especificada en el componente Oracle WebLogic Server en Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, y 12.1.2.0 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos relacionados con WLS - Web Services. • http://seclists.org/fulldisclosure/2014/Dec/23 http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.securityfocus.com/archive/1/534161/100/0/threaded http://www.vmware.com/security/advisories/VMSA-2014-0012.html •
CVE-2014-2481
https://notcve.org/view.php?id=CVE-2014-2481
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2014-2480. Vulnerabilidad no especificada en el componente Oracle WebLogic Server en Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, y 12.1.2.0 permite a atacantes remotos afectar la confidencialidad, integridad y disponibilidad a través de vectores desconocidos, una vulnerabilidad diferente a CVE-2014-2480. • http://seclists.org/fulldisclosure/2014/Dec/23 http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.securityfocus.com/archive/1/534161/100/0/threaded http://www.vmware.com/security/advisories/VMSA-2014-0012.html •
CVE-2014-0191 – libxml2: external parameter entity loaded when entity substitution is disabled
https://notcve.org/view.php?id=CVE-2014-0191
The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document. La función xmlParserHandlePEReference en parser.c en libxml2 en versiones anteriores a 2.9.2, como se utiliza en Web Listener en Oracle HTTP Server en Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0 y 12.1.3.0 y otros productos, carga entidades de parámetro externas independientemente de si la sustitución de entidad o la validación están habilitadas, lo que permite a atacantes remotos causar una denegación de servicio (consumo de recursos) a través de un documento XML manipulado. It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked against libxml2 could use this flaw to conduct XML External Entity (XXE) attacks, possibly resulting in a denial of service or an information leak on the system. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html http://rhn.redhat.com/errata/RHSA-2015-0749.html http://www-01.ibm.com/support/docview.wss?uid=swg21678183 http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html http://www.securityfocus.com/ • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2014-2470
https://notcve.org/view.php?id=CVE-2014-2470
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Security. Vulnerabilidad no especificada en el componente Oracle WebLogic Server en Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, y 12.1.2.0 permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores relacionados con WLS Security. • http://secunia.com/advisories/59847 http://www.ibm.com/support/docview.wss?uid=swg21680702 http://www.ibm.com/support/docview.wss?uid=swg24038065 http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html •
CVE-2014-2404
https://notcve.org/view.php?id=CVE-2014-2404
Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 10.1.4.3, 11.1.1.3.0, 11.1.1.5.0, 11.1.1.7.0, 11.1.2.0.0, 11.1.2.1.0, and 11.1.2.2.0 allows remote authenticated users to affect confidentiality via unknown vectors related to WebGate. Vulnerabilidad no especificada en el componente Oracle Access Manager en Oracle Fusion Middleware 10.1.4.3, 11.1.1.3.0, 11.1.1.5.0, 11.1.1.7.0, 11.1.2.0.0, 11.1.2.1.0, y 11.1.2.2.0 permite a usuarios remotos autenticados afectar la confidencialidad a través de vectores desconocidos relacionados con WebGate. • http://packetstormsecurity.com/files/127047/Oracle-Access-Manager-Information-Disclosure.html http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html http://www.securityfocus.com/bid/66862 •