Vulnerability Name: CVE-2007-0281 (CCN-31541) Assigned: 2007-01-16 Published: 2007-01-16 Updated: 2017-07-29 Summary: Multiple unspecified vulnerabilities in Oracle HTTP Server 9.0.1.5, 9.2.0.8, 10.1.0.5, and 10.2.0.3; Application Server 9.0.4.3, 10.1.2.0.0, 10.1.2.0.1, 10.1.2.0.2, 10.1.2.1, and 10.1.3.0; and Collaboration Suite 9.0.4.2 and 10.1.2; have unknown impact and attack vectors related to the Oracle HTTP Server, aka (1) OHS03 and (2) OHS04. CVSS v3 Severity: 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): LowAvailibility (A): None
CVSS v2 Severity: 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
Vulnerability Type: CWE-Other Vulnerability Consequences: Informational References: Source: MITRECVE-2007-0268 CVE-2007-0269 CVE-2007-0270 CVE-2007-0271 CVE-2007-0272 CVE-2007-0273 CVE-2007-0274 CVE-2007-0275 CVE-2007-0276 CVE-2007-0277 CVE-2007-0278 CVE-2007-0279 CVE-2007-0280 CVE-2007-0281 CVE-2007-0282 CVE-2007-0283 CVE-2007-0284 CVE-2007-0285 CVE-2007-0286 CVE-2007-0287 CVE-2007-0288 CVE-2007-0289 CVE-2007-0290 CVE-2007-0291 CVE-2007-0292 CVE-2007-0293 CVE-2007-0294 CVE-2007-0295 CVE-2007-0296 CVE-2007-0297 32883 32884 Oracle Products Multiple Vulnerabilities 23794 Oracle Database and Other Products Have 52 Unspecified Vulnerabilities With Unspecified Impact 1017522 Oracle SYS.DBMS_AQ package vulnerable to PL/SQL injection Oracle Critical Patch Update Advisory - January 2007 http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html Oracle PeopleSoft PeopleTools PIA Component HTTP Unspecified Remote DoS Oracle PeopleSoft PeopleTools PIA Component HTTP Unspecified Information Disclosure Oracle PeopleSoft PeopleTools HTTP Unspecified Authenticated XSS Oracle Enterprise Manager Cloning & Data Guard Management Unspecified Information Disclosure Oracle HTTP Server SSL Module Unspecified Remote Issue (OHS01) Oracle HTTP Server SSL Module Unspecified Remote Issue (OHS02) Oracle HTTP Server Unspecified Issue (OHS03) Oracle HTTP Server Unspecified Issue (OHS04) Oracle HTTP Server SSL Module Unspecified Remote DoS (OHS05) Oracle HTTP Server SSL Module Unspecified Remote DoS (OHS06) Oracle HTTP Server Unspecified Information Disclosure Oracle E-Business Suite Application Object Library HTTP Authenticated Unspecified Issue Oracle E-Business Suite Exchange HTTP Negotiations User Unspecified Information Disclosure Oracle E-Business Suite Human Resources Administrator Unspecified Information Disclosure Oracle E-Business Suite Payables User Account Unspecified Information Disclosure Oracle E-Business Suite Trading Community Architecture Administrator Unspecified Information Disclosure Oracle E-Business Suite Web Applications Desktop Integrator Unspecified Issue Oracle Multiple Products Reports Developer HTTP Unspecified Issue Oracle Multiple Products Containers for J2EE HTTP Unspecified Issue (OC4J01) Oracle Multiple Products Containers for J2EE HTTP Unspecified Issue (OC4J02) Oracle Multiple Products Containers for J2EE HTTP Unspecified Information Disclosure (OC4J03) Oracle Multiple Products Containers for J2EE HTTP Unspecified Issue (OC4J04) Oracle Collaboration Suite Containers for J2EE HTTP Unspecified Information Disclosure (OC4J05) Oracle Collaboration Suite Containers for J2EE HTTP Unspecified Issue (OC4J06) Oracle Multiple Products Containers for J2EE Unauthenticated Unspecified Information Disclosure Oracle Multiple Products Containers for J2EE jazn.jar Local Information Disclosure Oracle Application Server Internet Directory LDAP Unspecified Information Disclosure Oracle Multiple Products Process Mgmt & Notification ONS OPMN Daemon Remote Format String (OPMN02) Oracle Multiple Products Workflow Cartridge rwcgi60 genuser Parameter XSS Oracle Database Change Data Capture sys.dbms_cdc_subscribe Unspecified Issue Oracle Database Advanced Security Option oklist / okdstry Unspecified Local Issue Oracle Database Export expdp / impdp Unspecified Local Issue Oracle Database NLS Runtime lmsgen Unspecified Local Issue Oracle Database Net Services tnslsnr Unspecified Local Issue Oracle Database Text ctxkbtc Unspecified Local Issue Oracle Database Recovery Manager oklist Unspecified Local Issue Details Oracle Critical Patch Update January 2007 Retired: Oracle January 2007 Advance Notification Multiple Vulnerabilities 22083 Oracle Releases Patches for Multiple Vulnerabilities TA07-017A oracle-cpu-jan2007(31541) oracle-cpu-jan2007(31541) Oracle Application Server EmChartBean directory traversal Vulnerable Configuration: Configuration 1 :cpe:/a:oracle:application_server:9.0.4.3:*:*:*:*:*:*:* OR cpe:/a:oracle:application_server:10.1.2.0.2:*:*:*:*:*:*:* OR cpe:/a:oracle:application_server:10.1.2.2:*:*:*:*:*:*:* OR cpe:/a:oracle:collaboration_suite:9.0.4.2:*:*:*:*:*:*:* OR cpe:/a:oracle:collaboration_suite:10.1.2:*:*:*:*:*:*:* OR cpe:/a:oracle:http_server:9.0.1.5:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:oracle:application_server:1.0.2.2:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:8.1.7.4:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:9.2.0.6:r2:*:*:*:*:*:* OR cpe:/a:oracle:database_server:10.1.0.3:r1:*:*:*:*:*:* OR cpe:/a:oracle:application_server:9.0.4.1:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:9.0.1.5::fips:*:*:*:*:* OR cpe:/a:oracle:database_server:10.1.0.4:r1:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:11.0:*:*:*:*:*:*:* OR cpe:/a:oracle:enterprise_manager_grid_control:10.1.0.3:*:*:*:*:*:*:* OR cpe:/a:oracle:application_server:9.0.4.2:*:*:*:*:*:*:* OR cpe:/a:oracle:enterprise_manager_grid_control:10.1.0.4:*:*:*:*:*:*:* OR cpe:/a:oracle:application_server:10.1.2.0.0:r2:*:*:*:*:*:* OR cpe:/a:oracle:application_server:10.1.2.0.1:r2:*:*:*:*:*:* OR cpe:/a:oracle:application_server:10.1.2.0.2:r2:*:*:*:*:*:* OR cpe:/a:oracle:database_server:10.2.0.1:r2:*:*:*:*:*:* OR cpe:/a:oracle:database_server:10.1.0.5:r1:*:*:*:*:*:* OR cpe:/a:oracle:database_server:9.2.0.7:r2:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:11.5.10:*:*:*:*:*:*:* OR cpe:/a:oracle:developer_suite:6i:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:10.2.0.2:r2:*:*:*:*:*:* OR cpe:/a:oracle:enterprise_manager_grid_control:10.2.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:application_server:9.0.4.3:*:*:*:*:*:*:* OR cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.22:*:*:*:*:*:*:* OR cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.47:*:*:*:*:*:*:* OR cpe:/a:oracle:peoplesoft_enterprise_peopletools:8.48:*:*:*:*:*:*:* OR cpe:/a:oracle:developer_suite:9.0.4.3:*:*:*:*:*:*:* OR cpe:/a:oracle:developer_suite:10.1.2.0.2:*:*:*:*:*:*:* OR cpe:/a:oracle:database_server:9.2.0.8:r2:*:*:*:*:*:* OR cpe:/a:oracle:database_server:10.2.0.3:r2:*:*:*:*:*:* OR cpe:/a:oracle:identity_management_10g:10.1.4.0.1:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:11.5.7:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:11.5.8:*:*:*:*:*:*:* OR cpe:/a:oracle:e-business_suite:11.5.9:*:*:*:*:*:*:* BACK
oracle application server 9.0.4.3
oracle application server 10.1.2.0.2
oracle application server 10.1.2.2
oracle collaboration suite 9.0.4.2
oracle collaboration suite 10.1.2
oracle http server 9.0.1.5
oracle application server 1.0.2.2
oracle database server 8.1.7.4
oracle database server 9.2.0.6 r2
oracle database server 10.1.0.3 r1
oracle application server 9.0.4.1
oracle database server 9.0.1.5
oracle database server 10.1.0.4 r1
oracle e-business suite 11.0
oracle enterprise manager grid control 10.1.0.3
oracle application server 9.0.4.2
oracle enterprise manager grid control 10.1.0.4
oracle application server 10.1.2.0.0 r2
oracle application server 10.1.2.0.1 r2
oracle application server 10.1.2.0.2 r2
oracle database server 10.2.0.1 r2
oracle database server 10.1.0.5 r1
oracle database server 9.2.0.7 r2
oracle e-business suite 11.5.10
oracle developer suite 6i
oracle database server 10.2.0.2 r2
oracle enterprise manager grid control 10.2.0.1
oracle application server 9.0.4.3
oracle peoplesoft enterprise peopletools 8.22
oracle peoplesoft enterprise peopletools 8.47
oracle peoplesoft enterprise peopletools 8.48
oracle developer suite 9.0.4.3
oracle developer suite 10.1.2.0.2
oracle database server 9.2.0.8 r2
oracle database server 10.2.0.3 r2
oracle identity management 10g 10.1.4.0.1
oracle e-business suite 11.5.7
oracle e-business suite 11.5.8
oracle e-business suite 11.5.9
Denotes that component is vulnerable