Oracle HTTP Server

CPE Details

Oracle HTTP Server
oracle
http_server
-
2007-08-23
19h05 +00:00
2009-06-03
17h42 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:oracle:http_server:-:*:*:*:*:*:*:*

Informations

Vendor

oracle

Product

http_server

Version

-

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-44224 2021-12-20 10h20 +00:00 A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to 2.4.51 (included).
8.2
High
CVE-2009-1955 2009-06-06 16h00 +00:00 The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
7.5
High
CVE-1999-1125 2001-09-12 02h00 +00:00 Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file.
10