CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 1CVE-2002-0842
https://notcve.org/view.php?id=CVE-2002-0842
Format string vulnerability in certain third party modifications to mod_dav for logging bad gateway messages (e.g. Oracle9i Application Server 9.0.2) allows remote attackers to execute arbitrary code via a destination URI that forces a "502 Bad Gateway" response, which causes the format string specifiers to be returned from dav_lookup_uri() in mod_dav.c, which is then used in a call to ap_log_rerror(). Vulnerabilidad de cadena de formato en ciertas modificaciones de terceros a mod_dav para el registro de mesajes de pasarela erroneos (por ejemplo Oracle 9i Application Server 9.0.2) permite a atacantes remotos ejecutar código arbitrario mediante una URI de destino que fuerza una respuesta "502 Bad Gateway", lo que causa que los especificadores de cadena de formato sean devueltos de dav_lookup_uri() en mod_dav.c, que es entonces usado para llamar a ap_log_error(). • http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0076.html http://marc.info/?l=bugtraq&m=104549708626309&w=2 http://marc.info/?l=bugtraq&m=104559446010858&w=2 http://marc.info/?l=bugtraq&m=104560577227981&w=2 http://otn.oracle.com/deploy/security/pdf/2003alert52.pdf http://www.cert.org/advisories/CA-2003-05.html http://www.ciac.org/ciac/bulletins/n-046.shtml http://www.iss.net/security_center/static/11330.php http://www.kb.cert.org/vuls/id/8499 •
CVSS: 5.0EPSS: 1%CPEs: 1EXPL: 0CVE-2002-1635
https://notcve.org/view.php?id=CVE-2002-1635
The Apache configuration file (httpd.conf) in Oracle 9i Application Server (9iAS) uses a Location alias for /perl directory instead of a ScriptAlias, which allows remote attackers to read the source code of arbitrary CGI files via a URL containing the /perl directory instead of /cgi-bin. • http://www.kb.cert.org/vuls/id/936507 http://www.nextgenss.com/papers/hpoas.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/10716 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2002-2153
https://notcve.org/view.php?id=CVE-2002-2153
Format string vulnerability in the administrative pages of the PL/SQL module for Oracle Application Server 4.0.8 and 4.0.8 2 allows remote attackers to execute arbitrary code. • http://otn.oracle.com/deploy/security/pdf/ias_modplsql_alert.pdf http://www.kb.cert.org/vuls/id/467555 http://www.nextgenss.com/vna/ora-ias.txt http://www.securityfocus.com/bid/4844 https://exchange.xforce.ibmcloud.com/vulnerabilities/10183 •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 0CVE-2002-2345
https://notcve.org/view.php?id=CVE-2002-2345
Oracle 9i Application Server 9.0.2 stores the web cache administrator interface password in plaintext, which allows remote attackers to gain access. • http://otn.oracle.com/deploy/security/pdf/2002alert39rev1.pdf http://www.iss.net/security_center/static/9841.php http://www.securityfocus.com/bid/7395 • CWE-255: Credentials Management Errors •
CVSS: 6.4EPSS: 0%CPEs: 5EXPL: 0CVE-2002-1632
https://notcve.org/view.php?id=CVE-2002-1632
Oracle 9i Application Server (9iAS) installs multiple sample pages that allow remote attackers to obtain environment variables and other sensitive information via (1) info.jsp, (2) printenv, (3) echo, or (4) echo2. • http://www.kb.cert.org/vuls/id/717827 http://www.kb.cert.org/vuls/id/SVIM-576QLZ http://www.nextgenss.com/papers/hpoas.pdf http://www.oracle.com/technology/deploy/security/pdf/ias_modplsql_alert.pdf http://www.securityfocus.com/bid/6556 https://exchange.xforce.ibmcloud.com/vulnerabilities/8665 •