CVSS: 5.0EPSS: 96%CPEs: 2EXPL: 1CVE-2014-4210
https://notcve.org/view.php?id=CVE-2014-4210
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0 and 10.3.6.0 allows remote attackers to affect confidentiality via vectors related to WLS - Web Services. Vulnerabilidad no especificad en el componente Oracle WebLogic Server en Oracle Fusion Middleware 10.0.2.0 y 10.3.6.0 permite a atacantes remotos afectar la confidencialidad a través de vectores desconocidos relacionados con WLS - Web Services. • https://github.com/unmanarc/CVE-2014-4210-SSRF-PORTSCANNER-POC http://seclists.org/fulldisclosure/2014/Dec/23 http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html http://www.securityfocus.com/archive/1/534161/100/0/threaded http://www.securityfocus.com/bid/68629 http://www.vmware.com/security/advisories/VMSA-2014-0012.html https://exchange.xforce.ibmcloud.com/vulnerabilities/94554 •
CVSS: 4.3EPSS: 2%CPEs: 3EXPL: 0CVE-2014-0191 – libxml2: external parameter entity loaded when entity substitution is disabled
https://notcve.org/view.php?id=CVE-2014-0191
The xmlParserHandlePEReference function in parser.c in libxml2 before 2.9.2, as used in Web Listener in Oracle HTTP Server in Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0, and 12.1.3.0 and other products, loads external parameter entities regardless of whether entity substitution or validation is enabled, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XML document. La función xmlParserHandlePEReference en parser.c en libxml2 en versiones anteriores a 2.9.2, como se utiliza en Web Listener en Oracle HTTP Server en Oracle Fusion Middleware 11.1.1.7.0, 12.1.2.0 y 12.1.3.0 y otros productos, carga entidades de parámetro externas independientemente de si la sustitución de entidad o la validación están habilitadas, lo que permite a atacantes remotos causar una denegación de servicio (consumo de recursos) a través de un documento XML manipulado. It was discovered that libxml2 loaded external parameter entities even when entity substitution was disabled. A remote attacker able to provide a specially crafted XML file to an application linked against libxml2 could use this flaw to conduct XML External Entity (XXE) attacks, possibly resulting in a denial of service or an information leak on the system. • http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.apple.com/archives/security-announce/2015/Aug/msg00002.html http://lists.opensuse.org/opensuse-updates/2015-12/msg00120.html http://rhn.redhat.com/errata/RHSA-2015-0749.html http://www-01.ibm.com/support/docview.wss?uid=swg21678183 http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html http://www.securityfocus.com/ • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2426
https://notcve.org/view.php?id=CVE-2014-2426
Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect integrity and availability via unknown vectors related to Admin Console. Vulnerabilidad no especificada en el componente Oracle OpenSSO en Oracle Fusion Middleware 8.0 Update 2 Patch 5 permite a usuarios remotos autenticados afectar a la integridad y la disponibilidad de la información a través de vectores desconocidos relacionados con la consola de administración. • http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html •
CVSS: 7.5EPSS: 3%CPEs: 4EXPL: 0CVE-2014-2470
https://notcve.org/view.php?id=CVE-2014-2470
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, and 12.1.2.0 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to WLS Security. Vulnerabilidad no especificada en el componente Oracle WebLogic Server en Oracle Fusion Middleware 10.0.2.0, 10.3.6.0, 12.1.1.0, y 12.1.2.0 permite a atacantes remotos afectar a la confidencialidad, integridad y disponibilidad a través de vectores relacionados con WLS Security. • http://secunia.com/advisories/59847 http://www.ibm.com/support/docview.wss?uid=swg21680702 http://www.ibm.com/support/docview.wss?uid=swg24038065 http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html •
CVSS: 4.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-2425
https://notcve.org/view.php?id=CVE-2014-2425
Unspecified vulnerability in the Oracle OpenSSO component in Oracle Fusion Middleware 8.0 Update 2 Patch 5 allows remote authenticated users to affect confidentiality via unknown vectors. Vulnerabilidad no especificada en el componente Oracle OpenSSO en Oracle Fusion Middleware 8.0 Update 2 Patch 5 permite a usuarios remotos autenticados afectar a la confidencialidad de los datos a través de vectores desconocidos. • http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html •