CVSS: 4.3EPSS: 1%CPEs: 4EXPL: 0CVE-2002-2347
https://notcve.org/view.php?id=CVE-2002-2347
Cross-site scripting (XSS) vulnerability in Oracle Java Server Page (OJSP) demo files (1) hellouser.jsp, (2) welcomeuser.jsp and (3) usebean.jsp in Oracle 9i Application Server 9.0.2, 1.0.2.2, 1.0.2.1s and 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the text entry field. • http://otn.oracle.com/deploy/security/pdf/2002alert41rev1.pdf http://www.iss.net/security_center/static/9842.php http://www.securityfocus.com/bid/5452 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 90%CPEs: 1EXPL: 2CVE-2002-0386 – Oracle 9i Application Server 9.0.2 Web Cache Administration Tool - Denial of Service
https://notcve.org/view.php?id=CVE-2002-0386
The administration module for Oracle Web Cache in Oracle9iAS (9i Application Suite) 9.0.2 allows remote attackers to cause a denial of service (crash) via (1) an HTTP GET request containing a ".." (dot dot) sequence, or (2) a malformed HTTP GET request with a chunked Transfer-Encoding with missing data. El módulo de administración de Oracle Web Cache en Oracle9iAS (9i Application Suite) 9.0.2 permite a atacantes remotos causar una denegación de servicio (caída) mediante una petición HTTP GET conteniendo una secuencia ".." (punto punto), o una petición HTTP GET con un Transfer-Encoding troceado al que le faltan datos. • https://www.exploit-db.com/exploits/21911 http://otn.oracle.com/deploy/security/pdf/2002alert43rev1.pdf http://www.atstake.com/research/advisories/2002/a102802-1.txt http://www.iss.net/security_center/static/10284.php http://www.securityfocus.com/bid/5902 •
CVSS: 6.8EPSS: 97%CPEs: 47EXPL: 1CVE-2002-0840 – Apache 1.3/2.0.x - Server Side Include Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-0840
Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157. Vulnerabilidad de comandos en sitios cruzados (cross-site scripting, XSS) en la página de error por defecto en Apache 2.0 antes de 2.0.43, y en 1.3.x hasta 1.3.26, cuando el parámetro UseCanonicalName está desactivado, y está presente el soporte para comodines DNS, permite a atacantes ejecutar comandos como otro visitante de la página mediante la cabecera Host: • https://www.exploit-db.com/exploits/21885 ftp://patches.sgi.com/support/free/security/advisories/20021105-02-I http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0003.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530 http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2 http://marc.info/?l=bugtraq&m=103357160425708&w=2 http://marc.info/?l=bugtraq&m=103376585508776&w=2 http •
CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0CVE-2002-0843
https://notcve.org/view.php?id=CVE-2002-0843
Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response. Desbordamientos de búfer en el programa de soporte ApacheBench (ab.c) en Apache anteriores a 1.3.27, y Apache 2.x anteriores a 2.0.43, permite a un servidor web malicioso causar una denegación de servicio y posiblemente ejecutar código arbitrario mediante una respuesta larga. • ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I http://archives.neohapsis.com/archives/bugtraq/2002-10/0229.html http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530 http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530 http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2 http://marc.info/?l=bugtraq&m=103376585508776&w=2 http://online.securityfocus.com/advisories/ •
CVSS: 7.5EPSS: 7%CPEs: 2EXPL: 0CVE-2002-0947
https://notcve.org/view.php?id=CVE-2002-0947
Buffer overflow in rwcgi60 CGI program for Oracle Reports Server 6.0.8.18.0 and earlier, as used in Oracle9iAS and other products, allows remote attackers to execute arbitrary code via a long database name parameter. • http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0097.html http://online.securityfocus.com/archive/1/276524 http://technet.oracle.com/deploy/security/pdf/reports6i_alert.pdf http://www.iss.net/security_center/static/9289.php http://www.kb.cert.org/vuls/id/997403 http://www.nextgenss.com/vna/ora-reports.txt http://www.securityfocus.com/bid/4848 •