Oracle Secure Global Desktop 5.3

CPE Details

Oracle Secure Global Desktop 5.3
oracle
secure_global_desktop
5.3
2019-03-28
16h51 +00:00
2021-04-21
12h36 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:oracle:secure_global_desktop:5.3:*:*:*:*:*:*:*

Informations

Vendor

oracle

Product

secure_global_desktop

Version

5.3

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2018-1304 2018-02-28 20h00 +00:00 The URL pattern of "" (the empty string) which exactly maps to the context root was not correctly handled in Apache Tomcat 9.0.0.M1 to 9.0.4, 8.5.0 to 8.5.27, 8.0.0.RC1 to 8.0.49 and 7.0.0 to 7.0.84 when used as part of a security constraint definition. This caused the constraint to be ignored. It was, therefore, possible for unauthorised users to gain access to web application resources that should have been protected. Only security constraints with a URL pattern of the empty string were affected.
5.9
Medium
CVE-2017-9788 2017-07-13 16h00 +00:00 In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.
9.1
Critical
CVE-2017-3167 2017-06-19 23h00 +00:00 In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.
9.8
Critical
CVE-2017-7668 2017-06-19 23h00 +00:00 The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.
7.5
High