National Vulnerability Database

National Vulnerability Database

National Vulnerability

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:oracle:application_server:
There are 22 matching records.
Displaying matches 21 through 22.
Vuln ID Summary CVSS Severity

Multiple components in Oracle 9i Application Server (9iAS) are installed with over 160 default usernames and passwords, including (1) SYS, (2) SYSTEM, (3) AQJAVA, (4) OWA, (5) IMAGEUSER, (6) USER1, (7) USER2, (8) PLSQL, (9) DEMO, (10) FINANCE, and many others, which allows attackers to gain privileges.

Published: February 26, 2002; 12:00:00 AM -05:00
    V2: 4.6 MEDIUM

Buffer overflow in shared library for iPlanet Web Server (iWS) 4.1, when used as a web listener for Oracle application server, allows remote attackers to execute arbitrary commands via a long HTTP request that is passed to the application server, such as /jsp/.

Published: July 02, 2001; 12:00:00 AM -04:00
    V2: 7.5 HIGH