Denial of service in Oracle TNSLSNR SQL*Net Listener via a malformed string to the listener port, aka NERP.
Max CVSS
5.0
EPSS Score
0.25%
Published
2001-03-12
Updated
2008-09-05
Oracle Webserver 2.1, when serving PL/SQL stored procedures, allows remote attackers to cause a denial of service via a long HTTP GET request.
Max CVSS
5.0
EPSS Score
0.22%
Published
1997-07-23
Updated
2016-10-18
Oracle Web Listener for AIX versions 4.0.7.0.0 and 4.0.8.1.0 allows remote attackers to cause a denial of service via a malformed URL.
Max CVSS
5.0
EPSS Score
0.24%
Published
2000-07-05
Updated
2008-09-10
The default configurations of (1) the port listener and (2) modplsql in Oracle Internet Application Server (IAS) 3.0.7 and earlier allow remote attackers to view privileged database information via HTTP requests for Database Access Descriptor (DAD) files.
Max CVSS
5.0
EPSS Score
0.62%
Published
2000-12-31
Updated
2008-09-05
Transparent Network Substrate (TNS) over Net8 (SQLNet) in Oracle 8i 8.1.7 and earlier allows remote attackers to cause a denial of service via a malformed SQLNet connection request with a large offset in the header extension.
Max CVSS
5.0
EPSS Score
0.22%
Published
2001-07-21
Updated
2008-09-10
Oracle listener process on Windows NT redirects connection requests to another port and creates a separate thread to process the request, which allows remote attackers to cause a denial of service by repeatedly connecting to the Oracle listener but not connecting to the redirected port.
Max CVSS
5.0
EPSS Score
2.76%
Published
2001-07-21
Updated
2017-10-10
Oracle Listener in Oracle 7.3 and 8i allows remote attackers to cause a denial of service via a malformed connection packet with a large offset_to_data value.
Max CVSS
5.0
EPSS Score
0.27%
Published
2001-07-21
Updated
2008-09-10
Oracle listener between Oracle 9i and Oracle 8.0 allows remote attackers to cause a denial of service via a malformed connection packet that contains an incorrect requester_version value that does not match an expected offset to the data.
Max CVSS
5.0
EPSS Score
0.27%
Published
2001-07-21
Updated
2008-09-10
Oracle listener in Oracle 8i on Solaris allows remote attackers to cause a denial of service via a malformed connection packet with a maximum transport data size that is set to 0.
Max CVSS
5.0
EPSS Score
2.06%
Published
2001-07-21
Updated
2017-10-10
Oracle listener before Oracle 9i allows attackers to cause a denial of service by repeatedly sending the first portion of a fragmented Oracle command without sending the remainder of the command, which causes the listener to hang.
Max CVSS
5.0
EPSS Score
0.54%
Published
2001-07-21
Updated
2017-10-10
Directory traversal vulnerability in PL/SQL Apache module in Oracle Oracle 9i Application Server allows remote attackers to access sensitive information via a double encoded URL with .. (dot dot) sequences.
Max CVSS
5.0
EPSS Score
41.34%
Published
2001-12-21
Updated
2008-09-05
Oracle 9i Application Server 1.0.2 allows remote attackers to obtain the physical path of a file under the server root via a request for a non-existent .JSP file, which leaks the pathname in an error message.
Max CVSS
5.0
EPSS Score
10.95%
Published
2002-02-06
Updated
2017-10-10
Oracle9iAS Web Cache 2.0.0.x allows remote attackers to cause a denial of service via (1) a request to TCP ports 1100, 4000, 4001, and 4002 with a large number of null characters, and (2) a request to TCP port 4000 with a large number of "." characters.
Max CVSS
5.0
EPSS Score
2.06%
Published
2002-03-25
Updated
2017-12-19
The administration module for Oracle Web Cache in Oracle9iAS (9i Application Suite) 9.0.2 allows remote attackers to cause a denial of service (crash) via (1) an HTTP GET request containing a ".." (dot dot) sequence, or (2) a malformed HTTP GET request with a chunked Transfer-Encoding with missing data.
Max CVSS
5.0
EPSS Score
90.22%
Published
2002-11-04
Updated
2008-09-10
Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a single malformed TCP packet to port 1521.
Max CVSS
5.0
EPSS Score
2.61%
Published
2002-08-12
Updated
2008-09-05
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to obtain sensitive information via the OWA_UTIL stored procedures (1) OWA_UTIL.signature, (2) OWA_UTIL.listprint, or (3) OWA_UTIL.show_query_columns.
Max CVSS
5.0
EPSS Score
84.96%
Published
2002-07-03
Updated
2016-10-18
The default configuration of Oracle 9i Application Server 1.0.2.x running Oracle JSP or SQLJSP stores globals.jsa under the web root, which allows remote attackers to gain sensitive information including usernames and passwords via a direct HTTP request to globals.jsa.
Max CVSS
5.0
EPSS Score
78.13%
Published
2002-07-03
Updated
2016-10-18
The default configuration of Oracle 9i Application Server 1.0.2.x allows remote anonymous users to access sensitive services without authentication, including Dynamic Monitoring Services (1) dms0, (2) dms/DMSDump, (3) servlet/DMSDump, (4) servlet/Spy, (5) soap/servlet/Spy, and (6) dms/AggreSpy; and Oracle Java Process Manager (7) oprocmgr-status and (8) oprocmgr-service, which can be used to control Java processes.
Max CVSS
5.0
EPSS Score
94.12%
Published
2002-07-03
Updated
2017-07-11
Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with world-readable permissions under the web root, which allows remote attackers to obtain sensitive information derived from the JSP code, including usernames and passwords, via a direct HTTP request to _pages.
Max CVSS
5.0
EPSS Score
1.52%
Published
2002-07-03
Updated
2017-12-19
PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows remote attackers to cause a denial of service (crash) via an HTTP Authorization header without an authentication type.
Max CVSS
5.0
EPSS Score
1.39%
Published
2002-07-03
Updated
2018-05-03
The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.
Max CVSS
5.0
EPSS Score
6.61%
Published
2002-08-12
Updated
2008-09-10
SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote attackers to cause a denial of service (crash) via certain debug requests that are not properly handled by the debugging feature.
Max CVSS
5.0
EPSS Score
0.52%
Published
2002-09-05
Updated
2008-09-10
rwcgi60 CGI program in Oracle Reports Server, by design, provides sensitive information such as the full pathname, which could enable remote attackers to use the information in additional attacks.
Max CVSS
5.0
EPSS Score
1.54%
Published
2002-10-04
Updated
2008-09-05
TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and Oracle 8i 8.1.x, allows remote attackers to cause a denial of service (hang or crash) via a SERVICE_CURLOAD command.
Max CVSS
5.0
EPSS Score
10.70%
Published
2002-10-28
Updated
2008-09-11
Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call.
Max CVSS
5.0
EPSS Score
4.04%
Published
2002-12-23
Updated
2019-10-07
1697 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!