CVSS: 5.0EPSS: 90%CPEs: 1EXPL: 2CVE-2002-0386 – Oracle 9i Application Server 9.0.2 Web Cache Administration Tool - Denial of Service
https://notcve.org/view.php?id=CVE-2002-0386
The administration module for Oracle Web Cache in Oracle9iAS (9i Application Suite) 9.0.2 allows remote attackers to cause a denial of service (crash) via (1) an HTTP GET request containing a ".." (dot dot) sequence, or (2) a malformed HTTP GET request with a chunked Transfer-Encoding with missing data. El módulo de administración de Oracle Web Cache en Oracle9iAS (9i Application Suite) 9.0.2 permite a atacantes remotos causar una denegación de servicio (caída) mediante una petición HTTP GET conteniendo una secuencia ".." (punto punto), o una petición HTTP GET con un Transfer-Encoding troceado al que le faltan datos. • https://www.exploit-db.com/exploits/21911 http://otn.oracle.com/deploy/security/pdf/2002alert43rev1.pdf http://www.atstake.com/research/advisories/2002/a102802-1.txt http://www.iss.net/security_center/static/10284.php http://www.securityfocus.com/bid/5902 •
CVSS: 6.8EPSS: 97%CPEs: 47EXPL: 1CVE-2002-0840 – Apache 1.3/2.0.x - Server Side Include Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2002-0840
Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157. Vulnerabilidad de comandos en sitios cruzados (cross-site scripting, XSS) en la página de error por defecto en Apache 2.0 antes de 2.0.43, y en 1.3.x hasta 1.3.26, cuando el parámetro UseCanonicalName está desactivado, y está presente el soporte para comodines DNS, permite a atacantes ejecutar comandos como otro visitante de la página mediante la cabecera Host: • https://www.exploit-db.com/exploits/21885 ftp://patches.sgi.com/support/free/security/advisories/20021105-02-I http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0003.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530 http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2 http://marc.info/?l=bugtraq&m=103357160425708&w=2 http://marc.info/?l=bugtraq&m=103376585508776&w=2 http •
CVSS: 7.5EPSS: 0%CPEs: 30EXPL: 0CVE-2002-0843
https://notcve.org/view.php?id=CVE-2002-0843
Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response. Desbordamientos de búfer en el programa de soporte ApacheBench (ab.c) en Apache anteriores a 1.3.27, y Apache 2.x anteriores a 2.0.43, permite a un servidor web malicioso causar una denegación de servicio y posiblemente ejecutar código arbitrario mediante una respuesta larga. • ftp://patches.sgi.com/support/free/security/advisories/20021105-01-I http://archives.neohapsis.com/archives/bugtraq/2002-10/0229.html http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530 http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000530 http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2 http://marc.info/?l=bugtraq&m=103376585508776&w=2 http://online.securityfocus.com/advisories/ •
CVSS: 7.5EPSS: 7%CPEs: 2EXPL: 0CVE-2002-0947
https://notcve.org/view.php?id=CVE-2002-0947
Buffer overflow in rwcgi60 CGI program for Oracle Reports Server 6.0.8.18.0 and earlier, as used in Oracle9iAS and other products, allows remote attackers to execute arbitrary code via a long database name parameter. • http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0097.html http://online.securityfocus.com/archive/1/276524 http://technet.oracle.com/deploy/security/pdf/reports6i_alert.pdf http://www.iss.net/security_center/static/9289.php http://www.kb.cert.org/vuls/id/997403 http://www.nextgenss.com/vna/ora-reports.txt http://www.securityfocus.com/bid/4848 •
CVSS: 5.0EPSS: 1%CPEs: 3EXPL: 1CVE-2002-1089 – Oracle Reports Server 6.0.8/9.0.2 - Information Disclosure
https://notcve.org/view.php?id=CVE-2002-1089
rwcgi60 CGI program in Oracle Reports Server, by design, provides sensitive information such as the full pathname, which could enable remote attackers to use the information in additional attacks. • https://www.exploit-db.com/exploits/21627 http://archives.neohapsis.com/archives/bugtraq/2002-07/0203.html http://www.iss.net/security_center/static/9628.php http://www.securityfocus.com/bid/5262 •