CVSS: 5.0EPSS: 2%CPEs: 4EXPL: 0CVE-2002-0102
https://notcve.org/view.php?id=CVE-2002-0102
Oracle9iAS Web Cache 2.0.0.x allows remote attackers to cause a denial of service via (1) a request to TCP ports 1100, 4000, 4001, and 4002 with a large number of null characters, and (2) a request to TCP port 4000 with a large number of "." characters. Oracle9i Web Cache 2.0.0.x permite a atacantes remotos causar una negación de servicio vía: (1) una petición a puertos TCP 1100, 4000, 4001, y 4002 con un número grande de carácteres nulos, (y 2) una petición al puerto 4000 TCP con un número grande de Carácteres "." . • http://otn.oracle.com/deploy/security/pdf/webcache2.pdf http://www.securityfocus.com/bid/3760 http://www.securityfocus.com/bid/3762 https://exchange.xforce.ibmcloud.com/vulnerabilities/7765 •
CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0CVE-2002-1637
https://notcve.org/view.php?id=CVE-2002-1637
Multiple components in Oracle 9i Application Server (9iAS) are installed with over 160 default usernames and passwords, including (1) SYS, (2) SYSTEM, (3) AQJAVA, (4) OWA, (5) IMAGEUSER, (6) USER1, (7) USER2, (8) PLSQL, (9) DEMO, (10) FINANCE, and many others, which allows attackers to gain privileges. • http://www.kb.cert.org/vuls/id/712723 http://www.nextgenss.com/papers/hpoas.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/968 https://exchange.xforce.ibmcloud.com/vulnerabilities/969 https://exchange.xforce.ibmcloud.com/vulnerabilities/970 https://exchange.xforce.ibmcloud.com/vulnerabilities/971 https://exchange.xforce.ibmcloud.com/vulnerabilities/972 •
CVSS: 5.0EPSS: 8%CPEs: 1EXPL: 1CVE-2001-1372
https://notcve.org/view.php?id=CVE-2001-1372
Oracle 9i Application Server 1.0.2 allows remote attackers to obtain the physical path of a file under the server root via a request for a non-existent .JSP file, which leaks the pathname in an error message. • http://marc.info/?l=bugtraq&m=100074087824021&w=2 http://marc.info/?l=bugtraq&m=100119633925473&w=2 http://otn.oracle.com/deploy/security/pdf/jspexecute_alert.pdf http://www.cert.org/advisories/CA-2002-08.html http://www.kb.cert.org/vuls/id/278971 http://www.nii.co.in/research.html http://www.securityfocus.com/bid/3341 https://exchange.xforce.ibmcloud.com/vulnerabilities/7135 •
CVSS: 7.5EPSS: 90%CPEs: 1EXPL: 1CVE-2001-1371
https://notcve.org/view.php?id=CVE-2001-1371
The default configuration of Oracle Application Server 9iAS 1.0.2.2 enables SOAP and allows anonymous users to deploy applications by default via urn:soap-service-manager and urn:soap-provider-manager. • http://marc.info/?l=bugtraq&m=101301813117562&w=2 http://technet.oracle.com/deploy/security/pdf/ias_soap_alert.pdf http://www.cert.org/advisories/CA-2002-08.html http://www.iss.net/security_center/static/8449.php http://www.kb.cert.org/vuls/id/736923 http://www.nextgenss.com/papers/hpoas.pdf http://www.securityfocus.com/bid/4289 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 41%CPEs: 1EXPL: 0CVE-2001-1217
https://notcve.org/view.php?id=CVE-2001-1217
Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences. Vulneravilidad de atravesamientod de directorios en el módulo de Apache PL/SQL en Oracle 9i Application Server permite a atacantes remotos obtener información sensible mediante una URL dóblemente codificada con secuencias .. (punto punto). • http://otn.oracle.com/deploy/security/pdf/modplsql.pdf http://www.iss.net/security_center/static/7728.php http://www.kb.cert.org/vuls/id/758483 http://www.securityfocus.com/archive/1/246663 http://www.securityfocus.com/bid/3727 •