Search

Find a vulnerability

Search criteria

    16 vulnerabilities found for internet_directory by oracle

    CVE-2019-0227 (GCVE-0-2019-0227)

    Vulnerability from nvd – Published: 2019-05-01 20:03 – Updated: 2024-08-04 17:44
    VLAI
    Summary
    A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue.
    Severity
    No CVSS data available.
    CWE
    • SSRF
    Assigner
    Impacted products
    Vendor Product Version
    Apache Apache Axis 1.4 Affected: Apache Axis 1.4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:44:15.943Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://rhinosecuritylabs.com/application-security/cve-2019-0227-expired-domain-rce-apache-axis/"
              },
              {
                "name": "[announce] 20200131 Apache Software Foundation Security Report: 2019",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "name": "[axis-java-user] 20210928 [Axis2] Migration Issues",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r3a5baf5d76f1f2181be7f54da3deab70d7a38b5660b387583d05a8cd%40%3Cjava-user.axis.apache.org%3E"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Apache Axis 1.4",
              "vendor": "Apache",
              "versions": [
                {
                  "status": "affected",
                  "version": "Apache Axis 1.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "SSRF",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-21T19:06:44.096Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "url": "https://rhinosecuritylabs.com/application-security/cve-2019-0227-expired-domain-rce-apache-axis/"
            },
            {
              "name": "[announce] 20200131 Apache Software Foundation Security Report: 2019",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "[axis-java-user] 20210928 [Axis2] Migration Issues",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r3a5baf5d76f1f2181be7f54da3deab70d7a38b5660b387583d05a8cd%40%3Cjava-user.axis.apache.org%3E"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2019-0227",
        "datePublished": "2019-05-01T20:03:49.000Z",
        "dateReserved": "2018-11-14T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:44:15.943Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8032 (GCVE-0-2018-8032)

    Vulnerability from nvd – Published: 2018-08-02 13:00 – Updated: 2024-09-16 16:29
    VLAI

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:46:12.311Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[axis-java-dev] 20180708 [jira] [Created] (AXIS-2924) CVE-2018-8032 XSS vulnerability",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3CJIRA.13170716.1531060536000.93536.1531060560060%40Atlassian.JIRA%3E"
              },
              {
                "name": "[axis-java-dev] 20190925 [jira] [Commented] (AXIS-2924) CVE-2018-8032 XSS vulnerability",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/d06ed5e4eeb77d00e8d594ec01ee8ee1cba173a01ac4b18f1579d041%40%3Cjava-dev.axis.apache.org%3E"
              },
              {
                "name": "[axis-java-dev] 20190929 [jira] [Commented] (AXIS-2924) CVE-2018-8032 XSS vulnerability",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/3b89bc9e9d055db7eba8835ff6501f3f5db99d2a0928ec0be9b1d17b%40%3Cjava-dev.axis.apache.org%3E"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://issues.apache.org/jira/browse/AXIS-2924"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "name": "[debian-lts-announce] 20211117 [SECURITY] [DLA 2821-1] axis security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00015.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Apache Axis",
              "vendor": "Apache Software Foundation",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.x up to and including 1.4"
                }
              ]
            }
          ],
          "datePublic": "2018-07-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-21T19:08:01.869Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "name": "[axis-java-dev] 20180708 [jira] [Created] (AXIS-2924) CVE-2018-8032 XSS vulnerability",
              "tags": [
                "mailing-list"
              ],
              "url": "http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3CJIRA.13170716.1531060536000.93536.1531060560060%40Atlassian.JIRA%3E"
            },
            {
              "name": "[axis-java-dev] 20190925 [jira] [Commented] (AXIS-2924) CVE-2018-8032 XSS vulnerability",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/d06ed5e4eeb77d00e8d594ec01ee8ee1cba173a01ac4b18f1579d041%40%3Cjava-dev.axis.apache.org%3E"
            },
            {
              "name": "[axis-java-dev] 20190929 [jira] [Commented] (AXIS-2924) CVE-2018-8032 XSS vulnerability",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/3b89bc9e9d055db7eba8835ff6501f3f5db99d2a0928ec0be9b1d17b%40%3Cjava-dev.axis.apache.org%3E"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "url": "https://issues.apache.org/jira/browse/AXIS-2924"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "[debian-lts-announce] 20211117 [SECURITY] [DLA 2821-1] axis security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00015.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2018-8032",
        "datePublished": "2018-08-02T13:00:00.000Z",
        "dateReserved": "2018-03-09T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:29:01.816Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-2601 (GCVE-0-2018-2601)

    Vulnerability from nvd – Published: 2018-01-18 02:00 – Updated: 2024-10-03 20:42
    VLAI
    Summary
    Vulnerability in the Oracle Internet Directory component of Oracle Fusion Middleware (subcomponent: Oracle Directory Services Manager). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Internet Directory. While the vulnerability is in Oracle Internet Directory, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Internet Directory. CVSS 3.0 Base Score 8.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Internet Directory. While the vulnerability is in Oracle Internet Directory, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Internet Directory.
    Assigner
    References
    URL Tags
    http://www.oracle.com/technetwork/security-adviso… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/102553 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1040208 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    Oracle Corporation Internet Directory Affected: 11.1.1.7.0
    Affected: 11.1.1.9.0
    Affected: 12.2.1.3.0
    Create a notification for this product.
    Date Public
    2018-01-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:21:34.398Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
              },
              {
                "name": "102553",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102553"
              },
              {
                "name": "1040208",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040208"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-2601",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T19:19:39.311154Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T20:42:48.024Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Internet Directory",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.1.1.7.0"
                },
                {
                  "status": "affected",
                  "version": "11.1.1.9.0"
                },
                {
                  "status": "affected",
                  "version": "12.2.1.3.0"
                }
              ]
            }
          ],
          "datePublic": "2018-01-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Vulnerability in the Oracle Internet Directory component of Oracle Fusion Middleware (subcomponent: Oracle Directory Services Manager). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Internet Directory. While the vulnerability is in Oracle Internet Directory, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Internet Directory. CVSS 3.0 Base Score 8.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Internet Directory.  While the vulnerability is in Oracle Internet Directory, attacks may significantly impact additional products.  Successful attacks of this vulnerability can result in takeover of Oracle Internet Directory.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-18T10:57:01.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "name": "102553",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102553"
            },
            {
              "name": "1040208",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040208"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2018-2601",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Internet Directory",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "11.1.1.7.0"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "11.1.1.9.0"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "12.2.1.3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Oracle Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Vulnerability in the Oracle Internet Directory component of Oracle Fusion Middleware (subcomponent: Oracle Directory Services Manager). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Internet Directory. While the vulnerability is in Oracle Internet Directory, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Internet Directory. CVSS 3.0 Base Score 8.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Internet Directory.  While the vulnerability is in Oracle Internet Directory, attacks may significantly impact additional products.  Successful attacks of this vulnerability can result in takeover of Oracle Internet Directory."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
                },
                {
                  "name": "102553",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102553"
                },
                {
                  "name": "1040208",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040208"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2018-2601",
        "datePublished": "2018-01-18T02:00:00.000Z",
        "dateReserved": "2017-12-15T00:00:00.000Z",
        "dateUpdated": "2024-10-03T20:42:48.024Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2001-0974 (GCVE-0-2001-0974)

    Vulnerability from nvd – Published: 2002-02-02 05:00 – Updated: 2024-08-08 04:37
    VLAI
    Summary
    Format string vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/3048 vdb-entryx_refsource_BID
    http://www.cert.org/advisories/CA-2001-18.html third-party-advisoryx_refsource_CERT
    http://www.kb.cert.org/vuls/id/869184 third-party-advisoryx_refsource_CERT-VN
    http://www.ciac.org/ciac/bulletins/l-116.shtml third-party-advisorygovernment-resourcex_refsource_CIAC
    Date Public
    2001-07-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T04:37:07.016Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "oracle-ldap-protos-format-string(6903)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6903"
              },
              {
                "name": "3048",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/3048"
              },
              {
                "name": "CA-2001-18",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.cert.org/advisories/CA-2001-18.html"
              },
              {
                "name": "VU#869184",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/869184"
              },
              {
                "name": "L-116",
                "tags": [
                  "third-party-advisory",
                  "government-resource",
                  "x_refsource_CIAC",
                  "x_transferred"
                ],
                "url": "http://www.ciac.org/ciac/bulletins/l-116.shtml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2001-07-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Format string vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-18T21:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "oracle-ldap-protos-format-string(6903)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6903"
            },
            {
              "name": "3048",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/3048"
            },
            {
              "name": "CA-2001-18",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.cert.org/advisories/CA-2001-18.html"
            },
            {
              "name": "VU#869184",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/869184"
            },
            {
              "name": "L-116",
              "tags": [
                "third-party-advisory",
                "government-resource",
                "x_refsource_CIAC"
              ],
              "url": "http://www.ciac.org/ciac/bulletins/l-116.shtml"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2001-0974",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Format string vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "oracle-ldap-protos-format-string(6903)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6903"
                },
                {
                  "name": "3048",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/3048"
                },
                {
                  "name": "CA-2001-18",
                  "refsource": "CERT",
                  "url": "http://www.cert.org/advisories/CA-2001-18.html"
                },
                {
                  "name": "VU#869184",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/869184"
                },
                {
                  "name": "L-116",
                  "refsource": "CIAC",
                  "url": "http://www.ciac.org/ciac/bulletins/l-116.shtml"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2001-0974",
        "datePublished": "2002-02-02T05:00:00.000Z",
        "dateReserved": "2002-01-31T00:00:00.000Z",
        "dateUpdated": "2024-08-08T04:37:07.016Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2001-1321 (GCVE-0-2001-1321)

    Vulnerability from nvd – Published: 2002-05-03 04:00 – Updated: 2024-08-08 04:51
    VLAI
    Summary
    Oracle Internet Directory Server 2.1.1.x and 3.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid encodings of BER OBJECT-IDENTIFIER values, as demonstrated by the PROTOS LDAPv3 test suite.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.cert.org/advisories/CA-2001-18.html third-party-advisoryx_refsource_CERT
    http://www.ee.oulu.fi/research/ouspg/protos/testi… x_refsource_MISC
    http://ciac.llnl.gov/ciac/bulletins/l-116.shtml third-party-advisorygovernment-resourcex_refsource_CIAC
    http://www.kb.cert.org/vuls/id/869184 third-party-advisoryx_refsource_CERT-VN
    http://www.kb.cert.org/vuls/id/JPLA-4WESNV x_refsource_CONFIRM
    Date Public
    2001-07-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T04:51:08.423Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "CA-2001-18",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.cert.org/advisories/CA-2001-18.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/"
              },
              {
                "name": "L-116",
                "tags": [
                  "third-party-advisory",
                  "government-resource",
                  "x_refsource_CIAC",
                  "x_transferred"
                ],
                "url": "http://ciac.llnl.gov/ciac/bulletins/l-116.shtml"
              },
              {
                "name": "VU#869184",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/869184"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/JPLA-4WESNV"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2001-07-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Oracle Internet Directory Server 2.1.1.x and 3.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid encodings of BER OBJECT-IDENTIFIER values, as demonstrated by the PROTOS LDAPv3 test suite."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2002-05-09T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "CA-2001-18",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.cert.org/advisories/CA-2001-18.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/"
            },
            {
              "name": "L-116",
              "tags": [
                "third-party-advisory",
                "government-resource",
                "x_refsource_CIAC"
              ],
              "url": "http://ciac.llnl.gov/ciac/bulletins/l-116.shtml"
            },
            {
              "name": "VU#869184",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/869184"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kb.cert.org/vuls/id/JPLA-4WESNV"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2001-1321",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Oracle Internet Directory Server 2.1.1.x and 3.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid encodings of BER OBJECT-IDENTIFIER values, as demonstrated by the PROTOS LDAPv3 test suite."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "CA-2001-18",
                  "refsource": "CERT",
                  "url": "http://www.cert.org/advisories/CA-2001-18.html"
                },
                {
                  "name": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/",
                  "refsource": "MISC",
                  "url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/"
                },
                {
                  "name": "L-116",
                  "refsource": "CIAC",
                  "url": "http://ciac.llnl.gov/ciac/bulletins/l-116.shtml"
                },
                {
                  "name": "VU#869184",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/869184"
                },
                {
                  "name": "http://www.kb.cert.org/vuls/id/JPLA-4WESNV",
                  "refsource": "CONFIRM",
                  "url": "http://www.kb.cert.org/vuls/id/JPLA-4WESNV"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2001-1321",
        "datePublished": "2002-05-03T04:00:00.000Z",
        "dateReserved": "2002-05-01T00:00:00.000Z",
        "dateUpdated": "2024-08-08T04:51:08.423Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2001-0975 (GCVE-0-2001-0975)

    Vulnerability from nvd – Published: 2002-02-02 05:00 – Updated: 2024-08-08 04:37
    VLAI
    Summary
    Buffer overflow vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.cert.org/advisories/CA-2001-18.html third-party-advisoryx_refsource_CERT
    http://otn.oracle.com/deploy/security/pdf/oid_cer… x_refsource_CONFIRM
    http://www.kb.cert.org/vuls/id/869184 third-party-advisoryx_refsource_CERT-VN
    http://www.securityfocus.com/bid/3047 vdb-entryx_refsource_BID
    http://www.ciac.org/ciac/bulletins/l-116.shtml third-party-advisorygovernment-resourcex_refsource_CIAC
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2001-07-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T04:37:07.064Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "CA-2001-18",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.cert.org/advisories/CA-2001-18.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://otn.oracle.com/deploy/security/pdf/oid_cert_bof.pdf"
              },
              {
                "name": "VU#869184",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/869184"
              },
              {
                "name": "3047",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/3047"
              },
              {
                "name": "L-116",
                "tags": [
                  "third-party-advisory",
                  "government-resource",
                  "x_refsource_CIAC",
                  "x_transferred"
                ],
                "url": "http://www.ciac.org/ciac/bulletins/l-116.shtml"
              },
              {
                "name": "oracle-ldap-protos-bo(6902)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6902"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2001-07-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-18T21:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "CA-2001-18",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.cert.org/advisories/CA-2001-18.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://otn.oracle.com/deploy/security/pdf/oid_cert_bof.pdf"
            },
            {
              "name": "VU#869184",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/869184"
            },
            {
              "name": "3047",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/3047"
            },
            {
              "name": "L-116",
              "tags": [
                "third-party-advisory",
                "government-resource",
                "x_refsource_CIAC"
              ],
              "url": "http://www.ciac.org/ciac/bulletins/l-116.shtml"
            },
            {
              "name": "oracle-ldap-protos-bo(6902)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6902"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2001-0975",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "CA-2001-18",
                  "refsource": "CERT",
                  "url": "http://www.cert.org/advisories/CA-2001-18.html"
                },
                {
                  "name": "http://otn.oracle.com/deploy/security/pdf/oid_cert_bof.pdf",
                  "refsource": "CONFIRM",
                  "url": "http://otn.oracle.com/deploy/security/pdf/oid_cert_bof.pdf"
                },
                {
                  "name": "VU#869184",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/869184"
                },
                {
                  "name": "3047",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/3047"
                },
                {
                  "name": "L-116",
                  "refsource": "CIAC",
                  "url": "http://www.ciac.org/ciac/bulletins/l-116.shtml"
                },
                {
                  "name": "oracle-ldap-protos-bo(6902)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6902"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2001-0975",
        "datePublished": "2002-02-02T05:00:00.000Z",
        "dateReserved": "2002-01-31T00:00:00.000Z",
        "dateUpdated": "2024-08-08T04:37:07.064Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2001-0300 (GCVE-0-2001-0300)

    Vulnerability from nvd – Published: 2001-04-04 04:00 – Updated: 2024-08-08 04:14
    VLAI
    Summary
    oidldapd 2.1.1.1 in Oracle 8.1.7 records log files in a directory (ldaplog) that has world-writable permissions, which may allow local users to delete logs and/or overwrite other files via a symlink attack.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://archives.neohapsis.com/archives/bugtraq/20… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.kb.cert.org/vuls/id/610904 third-party-advisoryx_refsource_CERT-VN
    Date Public
    2000-12-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T04:14:07.425Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20001222 vulnerability #2 in Oracle Internet Directory 2.1.1.1 in Oracle 8.1.7",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2000-12/0434.html"
              },
              {
                "name": "oracle-oidldap-write-permission(5804)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5804"
              },
              {
                "name": "VU#610904",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/610904"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2000-12-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "oidldapd 2.1.1.1 in Oracle 8.1.7 records log files in a directory (ldaplog) that has world-writable permissions, which may allow local users to delete logs and/or overwrite other files via a symlink attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20001222 vulnerability #2 in Oracle Internet Directory 2.1.1.1 in Oracle 8.1.7",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2000-12/0434.html"
            },
            {
              "name": "oracle-oidldap-write-permission(5804)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5804"
            },
            {
              "name": "VU#610904",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/610904"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2001-0300",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "oidldapd 2.1.1.1 in Oracle 8.1.7 records log files in a directory (ldaplog) that has world-writable permissions, which may allow local users to delete logs and/or overwrite other files via a symlink attack."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20001222 vulnerability #2 in Oracle Internet Directory 2.1.1.1 in Oracle 8.1.7",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2000-12/0434.html"
                },
                {
                  "name": "oracle-oidldap-write-permission(5804)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5804"
                },
                {
                  "name": "VU#610904",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/610904"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2001-0300",
        "datePublished": "2001-04-04T04:00:00.000Z",
        "dateReserved": "2001-04-04T00:00:00.000Z",
        "dateUpdated": "2024-08-08T04:14:07.425Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2000-0987 (GCVE-0-2000-0987)

    Vulnerability from nvd – Published: 2000-11-29 05:00 – Updated: 2024-08-08 05:37
    VLAI
    Summary
    Buffer overflow in oidldapd in Oracle 8.1.6 allow local users to gain privileges via a long "connect" command line parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/140340 mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/140709 mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2000-10-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T05:37:32.210Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20001018 vulnerability in Oracle Internet Directory in Oracle 8.1.6",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/140340"
              },
              {
                "name": "20001020 In response to posting 10/18/2000 vulnerability in Oracle Internet Directory in Oracle 8.1.6",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/140709"
              },
              {
                "name": "oracle-oidldap-bo(5401)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5401"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2000-10-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in oidldapd in Oracle 8.1.6 allow local users to gain privileges via a long \"connect\" command line parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-18T21:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20001018 vulnerability in Oracle Internet Directory in Oracle 8.1.6",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/140340"
            },
            {
              "name": "20001020 In response to posting 10/18/2000 vulnerability in Oracle Internet Directory in Oracle 8.1.6",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/140709"
            },
            {
              "name": "oracle-oidldap-bo(5401)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5401"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2000-0987",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in oidldapd in Oracle 8.1.6 allow local users to gain privileges via a long \"connect\" command line parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20001018 vulnerability in Oracle Internet Directory in Oracle 8.1.6",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/140340"
                },
                {
                  "name": "20001020 In response to posting 10/18/2000 vulnerability in Oracle Internet Directory in Oracle 8.1.6",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/140709"
                },
                {
                  "name": "oracle-oidldap-bo(5401)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5401"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2000-0987",
        "datePublished": "2000-11-29T05:00:00.000Z",
        "dateReserved": "2000-11-24T00:00:00.000Z",
        "dateUpdated": "2024-08-08T05:37:32.210Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0227 (GCVE-0-2019-0227)

    Vulnerability from cvelistv5 – Published: 2019-05-01 20:03 – Updated: 2024-08-04 17:44
    VLAI
    Summary
    A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue.
    Severity
    No CVSS data available.
    CWE
    • SSRF
    Assigner
    Impacted products
    Vendor Product Version
    Apache Apache Axis 1.4 Affected: Apache Axis 1.4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:44:15.943Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://rhinosecuritylabs.com/application-security/cve-2019-0227-expired-domain-rce-apache-axis/"
              },
              {
                "name": "[announce] 20200131 Apache Software Foundation Security Report: 2019",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "name": "[axis-java-user] 20210928 [Axis2] Migration Issues",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/r3a5baf5d76f1f2181be7f54da3deab70d7a38b5660b387583d05a8cd%40%3Cjava-user.axis.apache.org%3E"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Apache Axis 1.4",
              "vendor": "Apache",
              "versions": [
                {
                  "status": "affected",
                  "version": "Apache Axis 1.4"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "SSRF",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-21T19:06:44.096Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "url": "https://rhinosecuritylabs.com/application-security/cve-2019-0227-expired-domain-rce-apache-axis/"
            },
            {
              "name": "[announce] 20200131 Apache Software Foundation Security Report: 2019",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "[axis-java-user] 20210928 [Axis2] Migration Issues",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/r3a5baf5d76f1f2181be7f54da3deab70d7a38b5660b387583d05a8cd%40%3Cjava-user.axis.apache.org%3E"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2019-0227",
        "datePublished": "2019-05-01T20:03:49.000Z",
        "dateReserved": "2018-11-14T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:44:15.943Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-8032 (GCVE-0-2018-8032)

    Vulnerability from cvelistv5 – Published: 2018-08-02 13:00 – Updated: 2024-09-16 16:29
    VLAI

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T06:46:12.311Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "[axis-java-dev] 20180708 [jira] [Created] (AXIS-2924) CVE-2018-8032 XSS vulnerability",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3CJIRA.13170716.1531060536000.93536.1531060560060%40Atlassian.JIRA%3E"
              },
              {
                "name": "[axis-java-dev] 20190925 [jira] [Commented] (AXIS-2924) CVE-2018-8032 XSS vulnerability",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/d06ed5e4eeb77d00e8d594ec01ee8ee1cba173a01ac4b18f1579d041%40%3Cjava-dev.axis.apache.org%3E"
              },
              {
                "name": "[axis-java-dev] 20190929 [jira] [Commented] (AXIS-2924) CVE-2018-8032 XSS vulnerability",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.apache.org/thread.html/3b89bc9e9d055db7eba8835ff6501f3f5db99d2a0928ec0be9b1d17b%40%3Cjava-dev.axis.apache.org%3E"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://issues.apache.org/jira/browse/AXIS-2924"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
              },
              {
                "name": "[debian-lts-announce] 20211117 [SECURITY] [DLA 2821-1] axis security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00015.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Apache Axis",
              "vendor": "Apache Software Foundation",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.x up to and including 1.4"
                }
              ]
            }
          ],
          "datePublic": "2018-07-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site Scripting",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-06-21T19:08:01.869Z",
            "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
            "shortName": "apache"
          },
          "references": [
            {
              "name": "[axis-java-dev] 20180708 [jira] [Created] (AXIS-2924) CVE-2018-8032 XSS vulnerability",
              "tags": [
                "mailing-list"
              ],
              "url": "http://mail-archives.apache.org/mod_mbox/axis-java-dev/201807.mbox/%3CJIRA.13170716.1531060536000.93536.1531060560060%40Atlassian.JIRA%3E"
            },
            {
              "name": "[axis-java-dev] 20190925 [jira] [Commented] (AXIS-2924) CVE-2018-8032 XSS vulnerability",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/d06ed5e4eeb77d00e8d594ec01ee8ee1cba173a01ac4b18f1579d041%40%3Cjava-dev.axis.apache.org%3E"
            },
            {
              "name": "[axis-java-dev] 20190929 [jira] [Commented] (AXIS-2924) CVE-2018-8032 XSS vulnerability",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.apache.org/thread.html/3b89bc9e9d055db7eba8835ff6501f3f5db99d2a0928ec0be9b1d17b%40%3Cjava-dev.axis.apache.org%3E"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "url": "https://issues.apache.org/jira/browse/AXIS-2924"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "[debian-lts-announce] 20211117 [SECURITY] [DLA 2821-1] axis security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00015.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "assignerShortName": "apache",
        "cveId": "CVE-2018-8032",
        "datePublished": "2018-08-02T13:00:00.000Z",
        "dateReserved": "2018-03-09T00:00:00.000Z",
        "dateUpdated": "2024-09-16T16:29:01.816Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-2601 (GCVE-0-2018-2601)

    Vulnerability from cvelistv5 – Published: 2018-01-18 02:00 – Updated: 2024-10-03 20:42
    VLAI
    Summary
    Vulnerability in the Oracle Internet Directory component of Oracle Fusion Middleware (subcomponent: Oracle Directory Services Manager). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Internet Directory. While the vulnerability is in Oracle Internet Directory, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Internet Directory. CVSS 3.0 Base Score 8.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Internet Directory. While the vulnerability is in Oracle Internet Directory, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Internet Directory.
    Assigner
    References
    URL Tags
    http://www.oracle.com/technetwork/security-adviso… x_refsource_CONFIRM
    http://www.securityfocus.com/bid/102553 vdb-entryx_refsource_BID
    http://www.securitytracker.com/id/1040208 vdb-entryx_refsource_SECTRACK
    Impacted products
    Vendor Product Version
    Oracle Corporation Internet Directory Affected: 11.1.1.7.0
    Affected: 11.1.1.9.0
    Affected: 12.2.1.3.0
    Create a notification for this product.
    Date Public
    2018-01-03 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T04:21:34.398Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
              },
              {
                "name": "102553",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/102553"
              },
              {
                "name": "1040208",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://www.securitytracker.com/id/1040208"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2018-2601",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-03T19:19:39.311154Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-03T20:42:48.024Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Internet Directory",
              "vendor": "Oracle Corporation",
              "versions": [
                {
                  "status": "affected",
                  "version": "11.1.1.7.0"
                },
                {
                  "status": "affected",
                  "version": "11.1.1.9.0"
                },
                {
                  "status": "affected",
                  "version": "12.2.1.3.0"
                }
              ]
            }
          ],
          "datePublic": "2018-01-03T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Vulnerability in the Oracle Internet Directory component of Oracle Fusion Middleware (subcomponent: Oracle Directory Services Manager). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Internet Directory. While the vulnerability is in Oracle Internet Directory, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Internet Directory. CVSS 3.0 Base Score 8.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Internet Directory.  While the vulnerability is in Oracle Internet Directory, attacks may significantly impact additional products.  Successful attacks of this vulnerability can result in takeover of Oracle Internet Directory.",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-01-18T10:57:01.000Z",
            "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
            "shortName": "oracle"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "name": "102553",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/102553"
            },
            {
              "name": "1040208",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://www.securitytracker.com/id/1040208"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert_us@oracle.com",
              "ID": "CVE-2018-2601",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Internet Directory",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "=",
                                "version_value": "11.1.1.7.0"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "11.1.1.9.0"
                              },
                              {
                                "version_affected": "=",
                                "version_value": "12.2.1.3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Oracle Corporation"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Vulnerability in the Oracle Internet Directory component of Oracle Fusion Middleware (subcomponent: Oracle Directory Services Manager). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Internet Directory. While the vulnerability is in Oracle Internet Directory, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Internet Directory. CVSS 3.0 Base Score 8.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Internet Directory.  While the vulnerability is in Oracle Internet Directory, attacks may significantly impact additional products.  Successful attacks of this vulnerability can result in takeover of Oracle Internet Directory."
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
                },
                {
                  "name": "102553",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/102553"
                },
                {
                  "name": "1040208",
                  "refsource": "SECTRACK",
                  "url": "http://www.securitytracker.com/id/1040208"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "assignerShortName": "oracle",
        "cveId": "CVE-2018-2601",
        "datePublished": "2018-01-18T02:00:00.000Z",
        "dateReserved": "2017-12-15T00:00:00.000Z",
        "dateUpdated": "2024-10-03T20:42:48.024Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2001-1321 (GCVE-0-2001-1321)

    Vulnerability from cvelistv5 – Published: 2002-05-03 04:00 – Updated: 2024-08-08 04:51
    VLAI
    Summary
    Oracle Internet Directory Server 2.1.1.x and 3.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid encodings of BER OBJECT-IDENTIFIER values, as demonstrated by the PROTOS LDAPv3 test suite.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.cert.org/advisories/CA-2001-18.html third-party-advisoryx_refsource_CERT
    http://www.ee.oulu.fi/research/ouspg/protos/testi… x_refsource_MISC
    http://ciac.llnl.gov/ciac/bulletins/l-116.shtml third-party-advisorygovernment-resourcex_refsource_CIAC
    http://www.kb.cert.org/vuls/id/869184 third-party-advisoryx_refsource_CERT-VN
    http://www.kb.cert.org/vuls/id/JPLA-4WESNV x_refsource_CONFIRM
    Date Public
    2001-07-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T04:51:08.423Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "CA-2001-18",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.cert.org/advisories/CA-2001-18.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/"
              },
              {
                "name": "L-116",
                "tags": [
                  "third-party-advisory",
                  "government-resource",
                  "x_refsource_CIAC",
                  "x_transferred"
                ],
                "url": "http://ciac.llnl.gov/ciac/bulletins/l-116.shtml"
              },
              {
                "name": "VU#869184",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/869184"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/JPLA-4WESNV"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2001-07-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Oracle Internet Directory Server 2.1.1.x and 3.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid encodings of BER OBJECT-IDENTIFIER values, as demonstrated by the PROTOS LDAPv3 test suite."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2002-05-09T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "CA-2001-18",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.cert.org/advisories/CA-2001-18.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/"
            },
            {
              "name": "L-116",
              "tags": [
                "third-party-advisory",
                "government-resource",
                "x_refsource_CIAC"
              ],
              "url": "http://ciac.llnl.gov/ciac/bulletins/l-116.shtml"
            },
            {
              "name": "VU#869184",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/869184"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kb.cert.org/vuls/id/JPLA-4WESNV"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2001-1321",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Oracle Internet Directory Server 2.1.1.x and 3.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid encodings of BER OBJECT-IDENTIFIER values, as demonstrated by the PROTOS LDAPv3 test suite."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "CA-2001-18",
                  "refsource": "CERT",
                  "url": "http://www.cert.org/advisories/CA-2001-18.html"
                },
                {
                  "name": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/",
                  "refsource": "MISC",
                  "url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c06/ldapv3/"
                },
                {
                  "name": "L-116",
                  "refsource": "CIAC",
                  "url": "http://ciac.llnl.gov/ciac/bulletins/l-116.shtml"
                },
                {
                  "name": "VU#869184",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/869184"
                },
                {
                  "name": "http://www.kb.cert.org/vuls/id/JPLA-4WESNV",
                  "refsource": "CONFIRM",
                  "url": "http://www.kb.cert.org/vuls/id/JPLA-4WESNV"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2001-1321",
        "datePublished": "2002-05-03T04:00:00.000Z",
        "dateReserved": "2002-05-01T00:00:00.000Z",
        "dateUpdated": "2024-08-08T04:51:08.423Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2001-0975 (GCVE-0-2001-0975)

    Vulnerability from cvelistv5 – Published: 2002-02-02 05:00 – Updated: 2024-08-08 04:37
    VLAI
    Summary
    Buffer overflow vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.cert.org/advisories/CA-2001-18.html third-party-advisoryx_refsource_CERT
    http://otn.oracle.com/deploy/security/pdf/oid_cer… x_refsource_CONFIRM
    http://www.kb.cert.org/vuls/id/869184 third-party-advisoryx_refsource_CERT-VN
    http://www.securityfocus.com/bid/3047 vdb-entryx_refsource_BID
    http://www.ciac.org/ciac/bulletins/l-116.shtml third-party-advisorygovernment-resourcex_refsource_CIAC
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2001-07-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T04:37:07.064Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "CA-2001-18",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.cert.org/advisories/CA-2001-18.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://otn.oracle.com/deploy/security/pdf/oid_cert_bof.pdf"
              },
              {
                "name": "VU#869184",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/869184"
              },
              {
                "name": "3047",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/3047"
              },
              {
                "name": "L-116",
                "tags": [
                  "third-party-advisory",
                  "government-resource",
                  "x_refsource_CIAC",
                  "x_transferred"
                ],
                "url": "http://www.ciac.org/ciac/bulletins/l-116.shtml"
              },
              {
                "name": "oracle-ldap-protos-bo(6902)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6902"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2001-07-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-18T21:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "CA-2001-18",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.cert.org/advisories/CA-2001-18.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://otn.oracle.com/deploy/security/pdf/oid_cert_bof.pdf"
            },
            {
              "name": "VU#869184",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/869184"
            },
            {
              "name": "3047",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/3047"
            },
            {
              "name": "L-116",
              "tags": [
                "third-party-advisory",
                "government-resource",
                "x_refsource_CIAC"
              ],
              "url": "http://www.ciac.org/ciac/bulletins/l-116.shtml"
            },
            {
              "name": "oracle-ldap-protos-bo(6902)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6902"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2001-0975",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "CA-2001-18",
                  "refsource": "CERT",
                  "url": "http://www.cert.org/advisories/CA-2001-18.html"
                },
                {
                  "name": "http://otn.oracle.com/deploy/security/pdf/oid_cert_bof.pdf",
                  "refsource": "CONFIRM",
                  "url": "http://otn.oracle.com/deploy/security/pdf/oid_cert_bof.pdf"
                },
                {
                  "name": "VU#869184",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/869184"
                },
                {
                  "name": "3047",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/3047"
                },
                {
                  "name": "L-116",
                  "refsource": "CIAC",
                  "url": "http://www.ciac.org/ciac/bulletins/l-116.shtml"
                },
                {
                  "name": "oracle-ldap-protos-bo(6902)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6902"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2001-0975",
        "datePublished": "2002-02-02T05:00:00.000Z",
        "dateReserved": "2002-01-31T00:00:00.000Z",
        "dateUpdated": "2024-08-08T04:37:07.064Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2001-0974 (GCVE-0-2001-0974)

    Vulnerability from cvelistv5 – Published: 2002-02-02 05:00 – Updated: 2024-08-08 04:37
    VLAI
    Summary
    Format string vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.securityfocus.com/bid/3048 vdb-entryx_refsource_BID
    http://www.cert.org/advisories/CA-2001-18.html third-party-advisoryx_refsource_CERT
    http://www.kb.cert.org/vuls/id/869184 third-party-advisoryx_refsource_CERT-VN
    http://www.ciac.org/ciac/bulletins/l-116.shtml third-party-advisorygovernment-resourcex_refsource_CIAC
    Date Public
    2001-07-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T04:37:07.016Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "oracle-ldap-protos-format-string(6903)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6903"
              },
              {
                "name": "3048",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/3048"
              },
              {
                "name": "CA-2001-18",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT",
                  "x_transferred"
                ],
                "url": "http://www.cert.org/advisories/CA-2001-18.html"
              },
              {
                "name": "VU#869184",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/869184"
              },
              {
                "name": "L-116",
                "tags": [
                  "third-party-advisory",
                  "government-resource",
                  "x_refsource_CIAC",
                  "x_transferred"
                ],
                "url": "http://www.ciac.org/ciac/bulletins/l-116.shtml"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2001-07-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Format string vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-18T21:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "oracle-ldap-protos-format-string(6903)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6903"
            },
            {
              "name": "3048",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/3048"
            },
            {
              "name": "CA-2001-18",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT"
              ],
              "url": "http://www.cert.org/advisories/CA-2001-18.html"
            },
            {
              "name": "VU#869184",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/869184"
            },
            {
              "name": "L-116",
              "tags": [
                "third-party-advisory",
                "government-resource",
                "x_refsource_CIAC"
              ],
              "url": "http://www.ciac.org/ciac/bulletins/l-116.shtml"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2001-0974",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Format string vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "oracle-ldap-protos-format-string(6903)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6903"
                },
                {
                  "name": "3048",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/3048"
                },
                {
                  "name": "CA-2001-18",
                  "refsource": "CERT",
                  "url": "http://www.cert.org/advisories/CA-2001-18.html"
                },
                {
                  "name": "VU#869184",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/869184"
                },
                {
                  "name": "L-116",
                  "refsource": "CIAC",
                  "url": "http://www.ciac.org/ciac/bulletins/l-116.shtml"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2001-0974",
        "datePublished": "2002-02-02T05:00:00.000Z",
        "dateReserved": "2002-01-31T00:00:00.000Z",
        "dateUpdated": "2024-08-08T04:37:07.016Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2001-0300 (GCVE-0-2001-0300)

    Vulnerability from cvelistv5 – Published: 2001-04-04 04:00 – Updated: 2024-08-08 04:14
    VLAI
    Summary
    oidldapd 2.1.1.1 in Oracle 8.1.7 records log files in a directory (ldaplog) that has world-writable permissions, which may allow local users to delete logs and/or overwrite other files via a symlink attack.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://archives.neohapsis.com/archives/bugtraq/20… mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    http://www.kb.cert.org/vuls/id/610904 third-party-advisoryx_refsource_CERT-VN
    Date Public
    2000-12-22 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T04:14:07.425Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20001222 vulnerability #2 in Oracle Internet Directory 2.1.1.1 in Oracle 8.1.7",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2000-12/0434.html"
              },
              {
                "name": "oracle-oidldap-write-permission(5804)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5804"
              },
              {
                "name": "VU#610904",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_CERT-VN",
                  "x_transferred"
                ],
                "url": "http://www.kb.cert.org/vuls/id/610904"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2000-12-22T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "oidldapd 2.1.1.1 in Oracle 8.1.7 records log files in a directory (ldaplog) that has world-writable permissions, which may allow local users to delete logs and/or overwrite other files via a symlink attack."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-07-10T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20001222 vulnerability #2 in Oracle Internet Directory 2.1.1.1 in Oracle 8.1.7",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2000-12/0434.html"
            },
            {
              "name": "oracle-oidldap-write-permission(5804)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5804"
            },
            {
              "name": "VU#610904",
              "tags": [
                "third-party-advisory",
                "x_refsource_CERT-VN"
              ],
              "url": "http://www.kb.cert.org/vuls/id/610904"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2001-0300",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "oidldapd 2.1.1.1 in Oracle 8.1.7 records log files in a directory (ldaplog) that has world-writable permissions, which may allow local users to delete logs and/or overwrite other files via a symlink attack."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20001222 vulnerability #2 in Oracle Internet Directory 2.1.1.1 in Oracle 8.1.7",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2000-12/0434.html"
                },
                {
                  "name": "oracle-oidldap-write-permission(5804)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5804"
                },
                {
                  "name": "VU#610904",
                  "refsource": "CERT-VN",
                  "url": "http://www.kb.cert.org/vuls/id/610904"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2001-0300",
        "datePublished": "2001-04-04T04:00:00.000Z",
        "dateReserved": "2001-04-04T00:00:00.000Z",
        "dateUpdated": "2024-08-08T04:14:07.425Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2000-0987 (GCVE-0-2000-0987)

    Vulnerability from cvelistv5 – Published: 2000-11-29 05:00 – Updated: 2024-08-08 05:37
    VLAI
    Summary
    Buffer overflow in oidldapd in Oracle 8.1.6 allow local users to gain privileges via a long "connect" command line parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/archive/1/140340 mailing-listx_refsource_BUGTRAQ
    http://www.securityfocus.com/archive/1/140709 mailing-listx_refsource_BUGTRAQ
    https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
    Date Public
    2000-10-18 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-08T05:37:32.210Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "20001018 vulnerability in Oracle Internet Directory in Oracle 8.1.6",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/140340"
              },
              {
                "name": "20001020 In response to posting 10/18/2000 vulnerability in Oracle Internet Directory in Oracle 8.1.6",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/140709"
              },
              {
                "name": "oracle-oidldap-bo(5401)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5401"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2000-10-18T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in oidldapd in Oracle 8.1.6 allow local users to gain privileges via a long \"connect\" command line parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2017-12-18T21:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "20001018 vulnerability in Oracle Internet Directory in Oracle 8.1.6",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/140340"
            },
            {
              "name": "20001020 In response to posting 10/18/2000 vulnerability in Oracle Internet Directory in Oracle 8.1.6",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/140709"
            },
            {
              "name": "oracle-oidldap-bo(5401)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5401"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2000-0987",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in oidldapd in Oracle 8.1.6 allow local users to gain privileges via a long \"connect\" command line parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "20001018 vulnerability in Oracle Internet Directory in Oracle 8.1.6",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/140340"
                },
                {
                  "name": "20001020 In response to posting 10/18/2000 vulnerability in Oracle Internet Directory in Oracle 8.1.6",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/140709"
                },
                {
                  "name": "oracle-oidldap-bo(5401)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5401"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2000-0987",
        "datePublished": "2000-11-29T05:00:00.000Z",
        "dateReserved": "2000-11-24T00:00:00.000Z",
        "dateUpdated": "2024-08-08T05:37:32.210Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }