Oracle Application Server vulnerabilities

CVE-2007-0222 [MEDIUM] CVE-2007-0222: Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Se Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors, probably "\.." sequences in the beanId parameter. NOTE: this is likely a duplicate of another CVE that Oracle addressed in CPU Jan 2007, but due to lack of details by Oracle, it is un

CVE-2007-0281 [MEDIUM] CVE-2007-0281: Multiple unspecified vulnerabilities in Oracle HTTP Server 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3; Multiple unspecified vulnerabilities in Oracle HTTP Server 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.1, 10.1.2.0.2, 10.1.2.1, and 10.1.3.0; and Collaboration Suite 9.0.4.2 and 10.1.2; have unknown impact and attack vectors related to the Oracle HTTP Server, aka (1) OHS03 and (2) OHS04.

CVE-2007-0289 [MEDIUM] CVE-2007-0289: Multiple unspecified vulnerabilities in Oracle Collaboration Suite 9.0.4.2 have unknown impact and a Multiple unspecified vulnerabilities in Oracle Collaboration Suite 9.0.4.2 have unknown impact and attack vectors related to Oracle Containers for J2EE, aka (1) OC4J01, (2) OC4J05, and (3) OC4J06.

CVE-2007-0287 [LOW] CVE-2007-0287: Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.0, and 10.1.2.0.2; and Coll Unspecified vulnerability in Oracle Application Server 9.0.4.3, 10.1.2.0.0, and 10.1.2.0.2; and Collaboration Suite 9.0.4.2 and 10.1.2; has unknown impact and attack vectors related to Containers for J2EE, aka OC4J08.

CVE-2007-0282 [LOW] CVE-2007-0282: Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.2 and 10.1.2.0.0, Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application Server 9.0.4.2 and 10.1.2.0.0, and Collaboration Suite 9.0.4.2 has unknown impact and attack vectors related to the Oracle Process Mgmt & Notification component, aka OPMN02.

CVE-2007-0288 [LOW] CVE-2007-0288: Unspecified vulnerability in Oracle Application Server 10.1.4.0 has unknown impact and attack vector Unspecified vulnerability in Oracle Application Server 10.1.4.0 has unknown impact and attack vectors related to Oracle Internet Directory, aka OID01.

CVE-2007-0286 [LOW] CVE-2007-0286: Unspecified vulnerability in Oracle Application Server 10.1.2.0.2 and 10.1.3.0, and Collaboration Su Unspecified vulnerability in Oracle Application Server 10.1.2.0.2 and 10.1.3.0, and Collaboration Suite 10.1.2, has unknown impact and attack vectors related to Containers for J2EE, aka OC4J07.

CVE-2007-0275 [LOW] CWE-79 CVE-2007-0275: Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartridge (RWCGI60) in the Workflow C Cross-site scripting (XSS) vulnerability in Oracle Reports Web Cartridge (RWCGI60) in the Workflow Cartridge component, as used in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.2; Collaboration Suite 10.1.2; and Oracle E-Business Suite and Applications 11.5.10CU2; allows remote authenticated users to i

CVE-2006-5358 [CRITICAL] CVE-2006-5358: Unspecified vulnerability in Oracle Forms component in Oracle Application Server 9.0.4.3 and 10.1.2. Unspecified vulnerability in Oracle Forms component in Oracle Application Server 9.0.4.3 and 10.1.2.0.2 has unknown impact and remote attack vectors, aka Vuln# FORM01.

CVE-2006-5355 [CRITICAL] CVE-2006-5355: Unspecified vulnerability in Oracle Single Sign-On component in Oracle Application Server 9.0.4.3, 1 Unspecified vulnerability in Oracle Single Sign-On component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.1.0, Collaboration Suite 9.0.4.2 and 10.1.2, and Oracle E-Business Suite and Applications 11.5.10CU2 has unknown impact and remote attack vectors, aka Vuln# SSO01.

CVE-2006-5354 [CRITICAL] CVE-2006-5354: Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and 10.1.0.5, Application Server 9.0.4.3, 10 Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and 10.1.0.5, Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0, racle Collaboration Suite 9.0.4.2 and 10.1.2, and Oracle E-Business Suite and Applications 11.5.10CU2 has unknown impact and remote attack vectors, aka Vuln# OHS06.

CVE-2006-5353 [CRITICAL] CVE-2006-5353: Unspecified vulnerability in Oracle HTTP Server component in Oracle Application Server 9.0.4.3, 10.1 Unspecified vulnerability in Oracle HTTP Server component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, and Oracle Collaboration Suite 9.0.4.2 and 10.1.2, has unknown impact and remote attack vectors related to the Mod_rewrite Module, aka Vuln# OHS01.

CVE-2006-5356 [CRITICAL] CVE-2006-5356: Unspecified vulnerability in Oracle Containers for J2EE component in Oracle Application Server 9.0.4 Unspecified vulnerability in Oracle Containers for J2EE component in Oracle Application Server 9.0.4.3, 10.1.2.0.2, and 10.1.2.1.0, and Collaboration Suite 9.0.4.2 and 10.1.2, has unknown impact and remote attack vectors, aka Vuln# OC4J02.

CVE-2006-5359 [CRITICAL] CVE-2006-5359: Multiple unspecified vulnerabilities in Oracle Reports Developer component in Oracle Application Ser Multiple unspecified vulnerabilities in Oracle Reports Developer component in Oracle Application Server 9.0.4.3 and 10.1.2.0.2, and Oracle E-Business Suite and Applications 11.5.10CU2, have unknown impact and remote attack vectors, aka Vuln# (1) REP01 and (2) REP02. NOTE: as of 20061027, Oracle has not disputed reports from a reliable researcher that these

CVE-2006-5362 [CRITICAL] CVE-2006-5362: Unspecified vulnerability in Oracle Containers for J2EE component in Oracle Application Server 10.1. Unspecified vulnerability in Oracle Containers for J2EE component in Oracle Application Server 10.1.3.0.0 has unknown impact and remote attack vectors, aka Vuln# OC4J04.

CVE-2006-5366 [CRITICAL] CVE-2006-5366: Multiple unspecified vulnerabilities in Oracle Collaboration Suite 9.0.4.2 have unknown impact and r Multiple unspecified vulnerabilities in Oracle Collaboration Suite 9.0.4.2 have unknown impact and remote attack vectors related to (1) Oracle Containers for J2EE, aka Vuln# OC4J01, and (2) Oracle Process Mgmt & Notification, aka OPMN01.

CVE-2006-5357 [CRITICAL] CVE-2006-5357: Unspecified vulnerability in Oracle HTTP Server component in Oracle Application Server 10.1.2.0.1, 1 Unspecified vulnerability in Oracle HTTP Server component in Oracle Application Server 10.1.2.0.1, 10.1.2.0.2, and 10.1.2.1.0 has unknown impact and remote attack vectors related to the PHP Module, aka Vuln# OHS03.

CVE-2006-5361 [CRITICAL] CVE-2006-5361: Unspecified vulnerability in Oracle Containers for J2EE in Oracle Application Server 9.0.4.3, 10.1.2 Unspecified vulnerability in Oracle Containers for J2EE in Oracle Application Server 9.0.4.3, 10.1.2.0.0, and 10.1.2.0.1, and Oracle Collaboration Suite 9.0.4.2 and 10.1.2, has unknown impact and remote attack vectors, aka Vuln# OC4J03.

CVE-2006-5365 [CRITICAL] CVE-2006-5365: Unspecified vulnerability in Oracle Forms in Oracle Application Server 9.0.4.3 and 10.1.2.0.2, and E Unspecified vulnerability in Oracle Forms in Oracle Application Server 9.0.4.3 and 10.1.2.0.2, and E-Business Suite and Applications 11.5.10CU2, has unknown impact and remote attack vectors, aka Vuln# FORM02.

CVE-2006-5360 [CRITICAL] CVE-2006-5360: Unspecified vulnerability in Oracle Forms component in Oracle Application Server 9.0.4.2 has unknown Unspecified vulnerability in Oracle Forms component in Oracle Application Server 9.0.4.2 has unknown impact and remote attack vectors, aka Vuln# FORM03.