Latest oracle http server Vulnerabilities

CVE-2023-22019
Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows u...
Oracle HTTP Server=12.2.1.4.0
CVE-2022-21593
Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: OHS Config MBeans). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulne...
Oracle HTTP Server=12.2.1.3.0
Oracle HTTP Server=12.2.1.4.0
CVE-2020-35167
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.
Dell Bsafe Crypto-c-micro-edition<4.1.5
Dell Bsafe Micro-edition-suite<4.6
Oracle Database=12.1.0.2
Oracle Database=19c
Oracle Database=21c
Oracle HTTP Server=12.2.1.3.0
and 5 more
CVE-2020-35163
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain a Use of Insufficiently Random Values Vulnerability.
Dell Bsafe Crypto-c-micro-edition<4.1.5
Dell Bsafe Micro-edition-suite<4.6
Oracle Database=12.1.0.2
Oracle Database=19c
Oracle Database=21c
Oracle HTTP Server=12.2.1.3.0
and 5 more
CVE-2020-35168
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.
Dell Bsafe Crypto-c-micro-edition<4.1.5
Dell Bsafe Micro-edition-suite<4.6
Oracle Database=12.1.0.2
Oracle Database=19c
Oracle Database=21c
Oracle HTTP Server=12.2.1.3.0
and 5 more
CVE-2020-35164
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.
Dell Bsafe Crypto-c-micro-edition<4.1.5
Dell Bsafe Micro-edition-suite<4.6
Oracle Database=12.1.0.2
Oracle Database=19c
Oracle Database=21c
Oracle HTTP Server=12.2.1.3.0
and 5 more
CVE-2020-35169
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Improper Input Validation Vulnerability.
Dell Bsafe Crypto-c-micro-edition<4.1.5
Dell Bsafe Micro-edition-suite<4.5.2
Oracle Database=12.1.0.2
Oracle Database=19c
Oracle Database=21c
Oracle HTTP Server=12.2.1.3.0
and 5 more
CVE-2020-29508
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Improper Input Validation Vulnerability.
Dell Bsafe Crypto-c-micro-edition<4.1.5
Dell Bsafe Micro-edition-suite<4.6
Oracle Database=12.1.0.2
Oracle Database=19c
Oracle Database=21c
Oracle HTTP Server=12.2.1.3.0
and 5 more
CVE-2020-29506
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Observable Timing Discrepancy Vulnerability.
Dell Bsafe Crypto-c-micro-edition<4.1.5
Dell Bsafe Micro-edition-suite<4.5.2
Oracle Database=12.1.0.2
Oracle Database=19c
Oracle Database=21c
Oracle HTTP Server=12.2.1.3.0
and 5 more
CVE-2020-29507
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.4, and Dell BSAFE Micro Edition Suite, versions before 4.4, contain an Improper Input Validation Vulnerability.
Dell Bsafe Crypto-c-micro-edition<4.1.4
Dell Bsafe Micro-edition-suite<4.4
Oracle Database=12.1.0.2
Oracle Database=19c
Oracle Database=21c
Oracle HTTP Server=12.2.1.3.0
and 5 more
CVE-2020-26184
Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain an Improper Certificate Validation vulnerability.
Dell Bsafe Micro-edition-suite<4.5.1
Oracle HTTP Server=12.2.1.3.0
Oracle HTTP Server=12.2.1.4.0
Oracle Security Service=12.2.1.3.0
Oracle Security Service=12.2.1.4.0
Oracle Weblogic Server Proxy Plug-in=12.2.1.3.0
and 1 more
CVE-2020-26185
Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain a Buffer Over-Read Vulnerability.
Dell Bsafe Micro-edition-suite<4.5.1
Oracle Database=12.1.0.2
Oracle Database=19c
Oracle Database=21c
Oracle HTTP Server=12.2.1.3.0
Oracle HTTP Server=12.2.1.4.0
and 4 more
CVE-2022-22719
A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.
Apple Catalina
Apple macOS Big Sur<11.6.6
Apple macOS Monterey<12.4
Apache HTTP server<=2.4.52
Debian Debian Linux=9.0
Fedoraproject Fedora=34
and 24 more
CVE-2022-23943
An out-of-bounds read/write vulnerability was found in the mod_sed module of httpd. This flaw allows an attacker to overwrite the memory of an httpd instance that is using mod_sed with data provided b...
redhat/httpd<2.4.53
redhat/jbcs-httpd24-httpd<0:2.4.51-37.el8
redhat/jbcs-httpd24-httpd<0:2.4.51-37.el7
redhat/httpd<0:2.4.53-7.el9
redhat/httpd24-httpd<0:2.4.34-23.el7.5
Apache HTTP server>=2.4.0<=2.4.52
and 7 more
CVE-2022-22720
A flaw was found in httpd. The inbound connection is not closed when it fails to discard the request body, which may expose the server to HTTP request smuggling.
redhat/jbcs-httpd24-apr-util<0:1.6.1-91.el8
redhat/jbcs-httpd24-curl<0:7.78.0-3.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-80.el8
redhat/jbcs-httpd24-nghttp2<0:1.39.2-41.el8
redhat/jbcs-httpd24-openssl<1:1.1.1g-11.el8
redhat/jbcs-httpd24-openssl-chil<0:1.0.0-11.el8
and 42 more
CVE-2022-22721
A flaw was found in httpd, where it incorrectly limits the value of the LimitXMLRequestBody option. This issue can lead to an integer overflow and later causes an out-of-bounds write.
Apple Catalina
Apple macOS Big Sur<11.6.6
<12.4
Apache HTTP server<=2.4.52
Fedoraproject Fedora=34
Fedoraproject Fedora=35
and 26 more
CVE-2022-21716
### Impact The Twisted SSH client and server implementation naively accepted an infinite amount of data for the peer's SSH version identifier. A malicious peer can trivially craft a request that us...
Twistedmatrix Twisted>=21.7.0<22.2.0
Debian Debian Linux=9.0
Oracle HTTP Server=12.2.1.3.0
Oracle HTTP Server=12.2.1.4.0
Oracle ZFS Storage Appliance Kit=8.8
Fedoraproject Fedora=35
and 1 more
CVE-2022-25313
A flaw was found in expat. A stack exhaustion in doctype parsing could be triggered by a file with a large number of opening braces, resulting in a denial of service.
redhat/expat<2.4.5
redhat/mingw-expat<0:2.4.8-1.el8
redhat/expat<0:2.2.5-8.el8_6.2
redhat/expat<0:2.2.10-12.el9_0.2
debian/expat
Libexpat Project Libexpat<2.4.5
and 8 more
CVE-2022-25315
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in storeRawNames.
redhat/expat<2.4.5
redhat/expat<0:2.0.1-14.el6_10
redhat/firefox<0:91.7.0-3.el7_9
redhat/thunderbird<0:91.7.0-2.el7_9
redhat/expat<0:2.1.0-14.el7_9
redhat/firefox<0:91.7.0-3.el8_5
and 23 more
CVE-2022-25314
In Expat (aka libexpat) before 2.4.5, there is an integer overflow in copyString.
Google Android
Libexpat Project Libexpat<2.4.5
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Fedoraproject Fedora=34
Fedoraproject Fedora=35
and 8 more
CVE-2022-25236
xmlparse.c in Expat (aka libexpat) before 2.4.5 allows attackers to insert namespace-separator characters into namespace URIs.
redhat/expat<0:2.0.1-14.el6_10
redhat/firefox<0:91.7.0-3.el7_9
redhat/thunderbird<0:91.7.0-2.el7_9
redhat/expat<0:2.1.0-14.el7_9
redhat/firefox<0:91.7.0-3.el8_5
redhat/thunderbird<0:91.7.0-2.el8_5
and 40 more
CVE-2022-25235
xmltok_impl.c in Expat (aka libexpat) before 2.4.5 lacks certain validation of encoding, such as checks for whether a UTF-8 character is valid in a certain context.
redhat/expat<0:2.0.1-14.el6_10
redhat/firefox<0:91.7.0-3.el7_9
redhat/thunderbird<0:91.7.0-2.el7_9
redhat/expat<0:2.1.0-14.el7_9
redhat/firefox<0:91.7.0-3.el8_5
redhat/thunderbird<0:91.7.0-2.el8_5
and 47 more
CVE-2022-21375
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with lo...
Oracle HTTP Server=12.2.1.3.0
Oracle HTTP Server=12.2.1.4.0
Oracle ZFS Storage Appliance Kit=8.8
Oracle Solaris=11
CVE-2022-21271
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13;...
Oracle GraalVM=20.3.4
Oracle GraalVM=21.3.0
Oracle HTTP Server=12.2.1.3.0
Oracle HTTP Server=12.2.1.4.0
Oracle JDK=1.7.0-update321
Oracle JDK=1.8.0-update311
and 21 more
CVE-2021-4184
Infinite loop in the BitTorrent DHT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
Wireshark Wireshark>=3.4.0<=3.4.10
Wireshark Wireshark=3.6.0
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Debian Debian Linux=9.0
Oracle HTTP Server=12.2.1.3.0
and 2 more
CVE-2021-4183
Crash in the pcapng file parser in Wireshark 3.6.0 allows denial of service via crafted capture file
Wireshark Wireshark=3.6.0
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Oracle HTTP Server=12.2.1.3.0
Oracle HTTP Server=12.2.1.4.0
Oracle ZFS Storage Appliance Kit=8.8
CVE-2021-4182
Crash in the RFC 7468 dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
Wireshark Wireshark>=3.4.0<3.4.11
Wireshark Wireshark=3.6.0
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Oracle HTTP Server=12.2.1.3.0
Oracle HTTP Server=12.2.1.4.0
and 1 more
CVE-2021-4181
Crash in the Sysdig Event dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
Wireshark Wireshark>=3.4.0<3.4.11
Wireshark Wireshark=3.6.0
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Debian Debian Linux=9.0
Oracle HTTP Server=12.2.1.3.0
and 2 more
CVE-2021-4185
Infinite loop in the RTMPT dissector in Wireshark 3.6.0 and 3.4.0 to 3.4.10 allows denial of service via packet injection or crafted capture file
Wireshark Wireshark>=3.4.0<3.4.11
Wireshark Wireshark=3.6.0
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Debian Debian Linux=9.0
Oracle HTTP Server=12.2.1.3.0
and 2 more
CVE-2021-44224
apache. Multiple issues were addressed by updating apache to version 2.4.53.
Apple Catalina
Apple macOS Big Sur<11.6.6
<12.4
Apache HTTP server>=2.4.7<2.4.52
Fedoraproject Fedora=34
Fedoraproject Fedora=35
and 39 more
CVE-2021-44790
apache. Multiple issues were addressed by updating apache to version 2.4.53.
Apple Catalina
Apple macOS Big Sur<11.6.6
<12.4
Apache HTTP server<=2.4.51
Fedoraproject Fedora=34
Fedoraproject Fedora=35
and 40 more
CVE-2021-43818
lxml is a library for processing XML and HTML in the Python language. Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain crafted script content pass through, as well as script content ...
redhat/python-lxml<4.6.5
redhat/python-lxml<0:4.2.3-4.el8
redhat/python-lxml<0:4.7.1-1.el8
redhat/rh-python38-python-lxml<0:4.4.1-8.el7
debian/lxml
Lxml Lxml<4.6.5
and 15 more
CVE-2021-42717
ModSecurity 3.x through 3.0.5 mishandles excessively nested JSON objects. Crafted JSON objects with nesting tens-of-thousands deep could result in the web server being unable to service legitimate req...
Trustwave ModSecurity>=2.0.0<2.9.5
Trustwave ModSecurity>=3.0.0<3.0.6
F5 Nginx Modsecurity Waf=r24
F5 Nginx Modsecurity Waf=r25
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 10 more
CVE-2021-4034
Red Hat Polkit Out-of-Bounds Read and Write Vulnerability
redhat/polkit<0:0.96-11.el6_10.2
redhat/polkit<0:0.112-26.el7_9.1
redhat/polkit<0:0.112-12.el7_3.1
redhat/polkit<0:0.112-12.el7_4.2
redhat/polkit<0:0.112-18.el7_6.3
redhat/polkit<0:0.112-22.el7_7.2
and 62 more
CVE-2021-25219
In BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIN...
debian/bind9
ISC BIND>=9.3.0<9.11.36
ISC BIND>=9.12.0<9.16.22
ISC BIND>=9.17.0<9.17.19
ISC BIND=9.9.3-s1
ISC BIND=9.9.12-s1
and 46 more
CVE-2021-35666
Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: OSSL Module). The supported version that is affected is 11.1.1.9.0. Difficult to exploit vulnerability allows un...
Oracle HTTP Server=11.1.1.9.0
CVE-2021-2480
Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). The supported version that is affected is 11.1.1.9.0. Difficult to exploit vulnerability allows u...
Oracle HTTP Server=11.1.1.9.0
CVE-2021-41617
sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs f...
debian/openssh<=1:7.9p1-10+deb10u2<=1:7.9p1-10<=1:8.4p1-5<=1:8.4p1-6
ubuntu/openssh<1:8.2
ubuntu/openssh<8.8
ubuntu/openssh<1:7.2
Openbsd Openssh>=6.2<8.8
Fedoraproject Fedora=33
and 21 more
CVE-2021-39275
ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affec...
Apache HTTP server<=2.4.48
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Debian Debian Linux=9.0
Debian Debian Linux=10.0
Debian Debian Linux=11.0
and 16 more
CVE-2021-40438
Apache HTTP Server-Side Request Forgery (SSRF)
Apache HTTP server<=2.4.48
Fedoraproject Fedora=34
Fedoraproject Fedora=35
Debian Debian Linux=9.0
Debian Debian Linux=10.0
and 27 more
CVE-2021-36160
A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS). This issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).
redhat/httpd<2.4.49
redhat/jbcs-httpd24-httpd<0:2.4.51-28.el8
redhat/jbcs-httpd24-httpd<0:2.4.51-28.el7
redhat/httpd24-httpd<0:2.4.34-23.el7.5
debian/apache2
debian/uwsgi<=2.0.18-1<=2.0.19.1-7.1<=2.0.21-5.1<=2.0.22-4
and 20 more
CVE-2021-34798
Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.
redhat/jbcs-httpd24-apr<0:1.6.3-107.el8
redhat/jbcs-httpd24-apr-util<0:1.6.1-84.el8
redhat/jbcs-httpd24-curl<0:7.78.0-2.el8
redhat/jbcs-httpd24-httpd<0:2.4.37-78.el8
redhat/jbcs-httpd24-nghttp2<0:1.39.2-39.el8
redhat/jbcs-httpd24-openssl<1:1.1.1g-8.el8
and 38 more
CVE-2021-35940
Apache Portable Runtime=1.7.0
Oracle HTTP Server=12.2.1.3.0
Oracle HTTP Server=12.2.1.4.0
CVE-2021-2315
Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitabl...
Oracle HTTP Server=11.1.1.9.0
Oracle HTTP Server=12.2.1.3.0
Oracle HTTP Server=12.2.1.4.0
CVE-2022-0391
Python could provide weaker than expected security, cause by a improper input validation by the urllib.parse module. By sending a specially-crafted request using \r and \n characters in the URL path. ...
redhat/python3<0:3.6.8-47.el8_6
redhat/rh-python38-babel<0:2.7.0-12.el7
redhat/rh-python38-python<0:3.8.11-2.el7
redhat/rh-python38-python-cryptography<0:2.8-5.el7
redhat/rh-python38-python-jinja2<0:2.10.3-6.el7
redhat/rh-python38-python-lxml<0:4.4.1-7.el7
and 31 more
CVE-2020-5360
Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to a Buffer Under-Read Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability resulting in...
Dell Bsafe Micro-edition-suite<4.5
Oracle Database=12.1.0.2
Oracle Database=12.2.0.1
Oracle Database=18c
Oracle Database=19c
Oracle HTTP Server=11.1.1.9.0
and 8 more
CVE-2020-1971
A null pointer dereference flaw was found in openssl. A remote attacker, able to control the arguments of the GENERAL_NAME_cmp function, could cause the application, compiled with openssl to crash res...
redhat/jbcs-httpd24-brotli<0:1.0.6-40.jbcs.el7
redhat/jbcs-httpd24-httpd<0:2.4.37-66.jbcs.el7
redhat/jbcs-httpd24-nghttp2<0:1.39.2-35.jbcs.el7
redhat/jbcs-httpd24-openssl<1:1.1.1g-3.jbcs.el7
redhat/jbcs-httpd24-openssl-chil<0:1.0.0-3.jbcs.el7
redhat/jbcs-httpd24-openssl-pkcs11<0:0.4.10-18.jbcs.el7
and 95 more
CVE-2020-24977
GNOME libxml2 is vulnerable to a buffer overflow, caused by improper bounds checking by the xmlEncodeEntitiesInternal function in libxml2/entities.c. By persuading a victim to open a specially-crafted...
IBM Security Verify Access<=10.0.0
Xmlsoft Libxml2=2.9.10
Debian Debian Linux=9.0
Fedoraproject Fedora=31
Fedoraproject Fedora=32
Fedoraproject Fedora=33
and 22 more
CVE-2020-35166
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability.
Dell Bsafe Crypto-c-micro-edition<4.1.5
Dell Bsafe Micro-edition-suite<4.6
Oracle Database=12.1.0.2
Oracle Database=19c
Oracle Database=21c
Oracle HTTP Server=12.2.1.3.0
and 5 more
CVE-2020-1967
Server or client applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake may crash due to a NULL pointer dereference as a result of incorrect handling of the "signatu...
debian/openssl
OpenSSL OpenSSL>=1.1.1d<=1.1.1f
Debian Debian Linux=9.0
Debian Debian Linux=10.0
FreeBSD FreeBSD=12.1
Fedoraproject Fedora=30
and 33 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203