This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Oracle First view 2000-12-31
Product Application Server Last view 2018-11-15
Version 1.0.1 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:oracle:application_server

Activity : Overall

Related : CVE

  Date Alert Description
4.7 2018-11-15 CVE-2018-5407

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.

5.9 2018-10-29 CVE-2018-0735

The OpenSSL ECDSA signature algorithm has been shown to be vulnerable to a timing side channel attack. An attacker could use variations in the signing algorithm to recover the private key. Fixed in OpenSSL 1.1.0j (Affected 1.1.0-1.1.0i). Fixed in OpenSSL 1.1.1a (Affected 1.1.1).

7.5 2000-12-31 CVE-2000-1236

SQL injection vulnerability in mod_sql in Oracle Internet Application Server (IAS) 3.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the query string of the URL.

5 2000-12-31 CVE-2000-1235

The default configurations of (1) the port listener and (2) modplsql in Oracle Internet Application Server (IAS) 3.0.7 and earlier allow remote attackers to view privileged database information via HTTP requests for Database Access Descriptor (DAD) files.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-320 Key Management Errors
50% (1) CWE-200 Information Exposure

Open Source Vulnerability Database (OSVDB)

id Description
20190 Oracle Internet Application Server (IAS) WebDB/Portal Component mod_sql URL Q...
20187 Oracle Internet Application Server (IAS) WebDB/Portal Component Port Listener...
706 Oracle Internet Application Server (IAS) WebDB/Portal Component mod_plsql Req...

Nessus® Vulnerability Scanner

id Description
2019-01-18 Name: The remote Fedora host is missing a security update.
File: fedora_2019-a8ffcff7ee.nasl - Type: ACT_GATHER_INFO
2019-01-02 Name: Tenable Nessus running on the remote host is affected by multiple vulnerabili...
File: nessus_tns_2018_16.nasl - Type: ACT_GATHER_INFO
2019-01-02 Name: Tenable Nessus running on the remote host is affected by multiple vulnerabili...
File: nessus_tns_2018_17.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1434.nasl - Type: ACT_GATHER_INFO
2018-12-28 Name: Node.js - JavaScript run-time environment is affected by multiple vulnerabili...
File: nodejs_2018_nov.nasl - Type: ACT_GATHER_INFO
2018-12-20 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4355.nasl - Type: ACT_GATHER_INFO
2018-12-10 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_2a86f45afc3c11e8a41400155d006b02.nasl - Type: ACT_GATHER_INFO
2018-12-01 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4348.nasl - Type: ACT_GATHER_INFO
2018-11-23 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2018-325-01.nasl - Type: ACT_GATHER_INFO
2018-11-23 Name: The remote Debian host is missing a security update.
File: debian_DLA-1586.nasl - Type: ACT_GATHER_INFO
2018-11-13 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_6f170cf2e6b711e8a9a8b499baebfeaf.nasl - Type: ACT_GATHER_INFO
2018-10-30 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_238ae7dedba211e8b713b499baebfeaf.nasl - Type: ACT_GATHER_INFO
2012-01-24 Name: The remote web server may be affected by multiple vulnerabilities.
File: oracle_application_server_pci.nasl - Type: ACT_GATHER_INFO
2002-02-07 Name: Sensitive resources can be accessed.
File: oracle9i_dad_admin.nasl - Type: ACT_GATHER_INFO