CVSS: 7.5EPSS: 90%CPEs: 1EXPL: 1CVE-2001-1371
https://notcve.org/view.php?id=CVE-2001-1371
The default configuration of Oracle Application Server 9iAS 1.0.2.2 enables SOAP and allows anonymous users to deploy applications by default via urn:soap-service-manager and urn:soap-provider-manager. • http://marc.info/?l=bugtraq&m=101301813117562&w=2 http://technet.oracle.com/deploy/security/pdf/ias_soap_alert.pdf http://www.cert.org/advisories/CA-2002-08.html http://www.iss.net/security_center/static/8449.php http://www.kb.cert.org/vuls/id/736923 http://www.nextgenss.com/papers/hpoas.pdf http://www.securityfocus.com/bid/4289 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 41%CPEs: 1EXPL: 0CVE-2001-1217
https://notcve.org/view.php?id=CVE-2001-1217
Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences. Vulneravilidad de atravesamientod de directorios en el módulo de Apache PL/SQL en Oracle 9i Application Server permite a atacantes remotos obtener información sensible mediante una URL dóblemente codificada con secuencias .. (punto punto). • http://otn.oracle.com/deploy/security/pdf/modplsql.pdf http://www.iss.net/security_center/static/7728.php http://www.kb.cert.org/vuls/id/758483 http://www.securityfocus.com/archive/1/246663 http://www.securityfocus.com/bid/3727 •
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 0CVE-2001-1216
https://notcve.org/view.php?id=CVE-2001-1216
Buffer overflow in PL/SQL Apache module in Oracle 9i Application Server allows remote attackers to execute arbitrary code via a long request for a help page. Desbordamiento de buffer en el módulo de Apache PL/SQL en en Oracle 9i Application Server permite a atacantes remotos ejecutar código arbitrario mediante una petición larga a una página de ayuda. • http://otn.oracle.com/deploy/security/pdf/modplsql.pdf http://www.iss.net/security_center/static/7727.php http://www.kb.cert.org/vuls/id/500203 http://www.securityfocus.com/archive/1/246663 http://www.securityfocus.com/bid/3726 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2001-0591
https://notcve.org/view.php?id=CVE-2001-0591
Directory traversal vulnerability in Oracle JSP 1.0.x through 1.1.1 and Oracle 8.1.7 iAS Release 1.0.2 can allow a remote attacker to read or execute arbitrary .jsp files via a '..' (dot dot) attack. • http://archives.neohapsis.com/archives/bugtraq/2001-02/0239.html http://www.securityfocus.com/bid/2286 https://exchange.xforce.ibmcloud.com/vulnerabilities/5986 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2000-1236
https://notcve.org/view.php?id=CVE-2000-1236
SQL injection vulnerability in mod_sql in Oracle Internet Application Server (IAS) 3.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the query string of the URL. • http://archives.neohapsis.com/archives/bugtraq/2000-12/0339.html http://archives.neohapsis.com/archives/bugtraq/2000-12/0372.html http://archives.neohapsis.com/archives/bugtraq/2000-12/0463.html http://online.securityfocus.com/archive/1/155881 http://www.iss.net/security_center/static/5817.php http://www.securityfocus.com/bid/2150 •