CVSS: 5.0EPSS: 1%CPEs: 4EXPL: 0CVE-2002-1858
https://notcve.org/view.php?id=CVE-2002-1858
Oracle Oracle9i Application Server 1.0.2.2 and 9.0.2 through 9.0.2.0.1, when running on Windows, allows remote attackers to retrieve files in the WEB-INF directory, which contains Java class files and configuration information, via a request to the WEB-INF directory with a trailing dot ("WEB-INF."). • http://online.securityfocus.com/archive/1/279582 http://otn.oracle.com/deploy/security/pdf/2002alert47rev1.pdf http://www.iss.net/security_center/static/9446.php http://www.securityfocus.com/bid/5119 http://www.westpoint.ltd.uk/advisories/wp-02-0002.txt •
CVSS: 6.8EPSS: 97%CPEs: 47EXPL: 1CVE-2002-0840 – Apache 1.3/2.0.x - Server Side Include Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-0840
Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157. Vulnerabilidad de comandos en sitios cruzados (cross-site scripting, XSS) en la página de error por defecto en Apache 2.0 antes de 2.0.43, y en 1.3.x hasta 1.3.26, cuando el parámetro UseCanonicalName está desactivado, y está presente el soporte para comodines DNS, permite a atacantes ejecutar comandos como otro visitante de la página mediante la cabecera Host: • https://www.exploit-db.com/exploits/21885 ftp://patches.sgi.com/support/free/security/advisories/20021105-02-I http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0003.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530 http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2 http://marc.info/?l=bugtraq&m=103357160425708&w=2 http://marc.info/?l=bugtraq&m=103376585508776&w=2 http •
CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0CVE-2002-0843
https://notcve.org/view.php?id=CVE-2002-0843
Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response. Desbordamientos de búfer en el programa de soporte ApacheBench (ab.c) en Apache anteriores a 1.3.27, y Apache 2.x anteriores a 2.0.43, permite a un servidor web malicioso causar una denegación de servicio y posiblemente ejecutar código arbitrario mediante una respuesta larga. • ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I http://archives.neohapsis.com/archives/bugtraq/2002-10/0229.html http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530 http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530 http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2 http://marc.info/?l=bugtraq&m=103376585508776&w=2 http://online.securityfocus.com/advisories/ •
CVSS: 7.5EPSS: 3%CPEs: 9EXPL: 0CVE-2002-0559
https://notcve.org/view.php?id=CVE-2002-0559
Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allow remote attackers to cause a denial of service or execute arbitrary code via (1) a long help page request without a dadname, which overflows the resulting HTTP Location header, (2) a long HTTP request to the plsql module, (3) a long password in the HTTP Authorization, (4) a long Access Descriptor (DAD) password in the addadd form, or (5) a long cache directory name. • http://online.securityfocus.com/archive/1/254426 http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf http://www.cert.org/advisories/CA-2002-08.html http://www.kb.cert.org/vuls/id/313280 http://www.kb.cert.org/vuls/id/659043 http://www.kb.cert.org/vuls/id/750299 http://www.kb.cert.org/vuls/id/878603 http://www.kb.cert.org/vuls/id/923395 http://www.nextgenss.com/papers/hpoas.pdf http://www.securityfocus.com/bid/4032 https:// •
CVSS: 5.0EPSS: 1%CPEs: 9EXPL: 0CVE-2002-0566
https://notcve.org/view.php?id=CVE-2002-0566
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to cause a denial of service (crash) via an HTTP Authorization header without an authentication type. • http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf http://www.cert.org/advisories/CA-2002-08.html http://www.kb.cert.org/vuls/id/805915 http://www.securityfocus.com/bid/4037 https://exchange.xforce.ibmcloud.com/vulnerabilities/8099 •