Summary
| Detail | |||
|---|---|---|---|
| Vendor | Oracle | First view | 2014-04-01 |
| Product | Retail Applications | Last view | 2016-01-20 |
| Version | 13.4 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:oracle:retail_applications | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 1.9 | 2016-01-20 | CVE-2016-0438 | Unspecified vulnerability in the Oracle Retail Point-of-Service component in Oracle Retail Applications 13.4, 14.0, and 14.1 allows local users to affect confidentiality via vectors related to Mobile POS, a different vulnerability than CVE-2016-0434, CVE-2016-0436, and CVE-2016-0437. |
| 1.9 | 2016-01-20 | CVE-2016-0437 | Unspecified vulnerability in the Oracle Retail Point-of-Service component in Oracle Retail Applications 13.4, 14.0, and 14.1 allows local users to affect confidentiality via vectors related to Mobile POS, a different vulnerability than CVE-2016-0434, CVE-2016-0436, and CVE-2016-0438. |
| 1.9 | 2016-01-20 | CVE-2016-0436 | Unspecified vulnerability in the Oracle Retail Point-of-Service component in Oracle Retail Applications 13.4, 14.0, and 14.1 allows local users to affect confidentiality via vectors related to Mobile POS, a different vulnerability than CVE-2016-0434, CVE-2016-0437, and CVE-2016-0438. |
| 3.3 | 2016-01-20 | CVE-2016-0435 | Unspecified vulnerability in the Oracle Retail Point-of-Service component in Oracle Retail Applications 13.4, 14.0, and 14.1 allows local users to affect confidentiality and integrity via vectors related to Mobile POS. |
| 1.9 | 2016-01-20 | CVE-2016-0434 | Unspecified vulnerability in the Oracle Retail Point-of-Service component in Oracle Retail Applications 13.4, 14.0, and 14.1 allows local users to affect confidentiality via vectors related to Mobile POS, a different vulnerability than CVE-2016-0436, CVE-2016-0437, and CVE-2016-0438. |
| 4.3 | 2015-04-16 | CVE-2015-0494 | Unspecified vulnerability in the Oracle Retail Central Office component in Oracle Retail Applications 13.1, 13.2, 13.3, 13.4, 14.0, and 14.1 allows remote attackers to affect integrity via unknown vectors. |
| 4.3 | 2015-04-16 | CVE-2015-0466 | Unspecified vulnerability in the Oracle Retail Back Office component in Oracle Retail Applications 12.0, 12.0IN, 13.0, 13.1, 13.2, 13.3, 13.4, 14.0, and 14.1 allows remote attackers to affect integrity via unknown vectors. |
| 7.5 | 2014-04-01 | CVE-2014-0050 | MultipartStream.java in Apache Commons FileUpload before 1.3.1, as used in Apache Tomcat, JBoss Web, and other products, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted Content-Type header that bypasses a loop's intended exit conditions. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 100% (1) | CWE-264 | Permissions, Privileges, and Access Controls |
ExploitDB Exploits
| id | Description |
|---|---|
| 31615 | Apache Commons FileUpload and Apache Tomcat Denial-of-Service |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2014-B-0090 | Multiple Vulnerabilities in VMware vCenter Operations Severity: Category I - VMSKEY: V0052895 |
| 2014-B-0065 | Multiple Vulnerabilities in IBM WebSphere Application Server Severity: Category I - VMSKEY: V0051617 |
| 2014-B-0019 | Multiple Vulnerabilities in Apache Tomcat Severity: Category I - VMSKEY: V0044527 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-03-22 | Apache Tomcat infinite loop denial of service attempt RuleID : 29896 - Type : SERVER-APACHE - Revision : 2 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2015-05-14 | Name: The website content management system installed on the remote host is affecte... File: oracle_webcenter_sites_apr_2015_cpu.nasl - Type: ACT_GATHER_INFO |
| 2015-05-08 | Name: A web application running on the remote host is affected by multiple vulnerab... File: mysql_enterprise_monitor_3_0_11.nasl - Type: ACT_GATHER_INFO |
| 2015-05-08 | Name: A web application running on the remote host is affected by multiple vulnerab... File: mysql_enterprise_monitor_2_3_17.nasl - Type: ACT_GATHER_INFO |
| 2015-03-30 | Name: The remote Mandriva Linux host is missing one or more security updates. File: mandriva_MDVSA-2015-084.nasl - Type: ACT_GATHER_INFO |
| 2015-01-30 | Name: The remote web server contains a web application that uses a Java framework t... File: struts_2_3_16_1_win_local.nasl - Type: ACT_GATHER_INFO |
| 2014-12-15 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201412-29.nasl - Type: ACT_GATHER_INFO |
| 2014-10-24 | Name: The remote host has a virtualization application installed that is affected b... File: vmware_orchestrator_vmsa_2014_0007.nasl - Type: ACT_GATHER_INFO |
| 2014-10-24 | Name: The remote host has a virtualization appliance installed that is affected by ... File: vmware_orchestrator_appliance_vmsa_2014_0007.nasl - Type: ACT_GATHER_INFO |
| 2014-10-21 | Name: The remote host is affected by multiple vulnerabilities. File: oracle_eids_cpu_oct_2014.nasl - Type: ACT_GATHER_INFO |
| 2014-10-17 | Name: The remote database server is affected by multiple vulnerabilities. File: oracle_rdbms_cpu_oct_2014.nasl - Type: ACT_GATHER_INFO |
| 2014-10-12 | Name: The remote Amazon Linux AMI host is missing a security update. File: ala_ALAS-2014-344.nasl - Type: ACT_GATHER_INFO |
| 2014-10-10 | Name: The remote device is missing a vendor-supplied security patch. File: f5_bigip_SOL15189.nasl - Type: ACT_GATHER_INFO |
| 2014-09-17 | Name: The remote host has a virtualization management application installed that is... File: vmware_vcenter_vmsa-2014-0008.nasl - Type: ACT_GATHER_INFO |
| 2014-09-11 | Name: The remote VMware ESXi host is missing a security-related patch. File: vmware_VMSA-2014-0008.nasl - Type: ACT_GATHER_INFO |
| 2014-08-04 | Name: The remote application server is affected by multiple vulnerabilities. File: websphere_8_0_0_9.nasl - Type: ACT_GATHER_INFO |
| 2014-08-01 | Name: The remote application server is affected by multiple vulnerabilities. File: websphere_7_0_0_33.nasl - Type: ACT_GATHER_INFO |
| 2014-07-10 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20140709_tomcat6_on_SL6_x.nasl - Type: ACT_GATHER_INFO |
| 2014-07-10 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2014-0865.nasl - Type: ACT_GATHER_INFO |
| 2014-07-10 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2014-0865.nasl - Type: ACT_GATHER_INFO |
| 2014-07-10 | Name: The remote CentOS host is missing one or more security updates. File: centos_RHSA-2014-0865.nasl - Type: ACT_GATHER_INFO |
| 2014-07-07 | Name: The remote host has a virtualization appliance installed that is affected by ... File: vcenter_operations_manager_vmsa_2014-0007.nasl - Type: ACT_GATHER_INFO |
| 2014-06-26 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2014-0526.nasl - Type: ACT_GATHER_INFO |
| 2014-06-26 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2014-0525.nasl - Type: ACT_GATHER_INFO |
| 2014-06-13 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2014-298.nasl - Type: ACT_GATHER_INFO |
| 2014-06-13 | Name: The remote openSUSE host is missing a security update. File: openSUSE-2014-297.nasl - Type: ACT_GATHER_INFO |
