Internet Directory

internet_directory

Vendor: Oracle • 8 CVEs

CVEs (8)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-0227 2Apache Oracle 37Agile Engineering Data Management Agile Product Lifecycle ManagementApplication Testing Suite+34 more May 8, 2025 May 1, 2019 N/A· v4 7.5 HIGH· v3 5.4 MEDIUM· v2 A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legac...Show more A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2, the latest version is 1.7.9 and is not vulnerable to this issue.Show less
CVE-2018-8032 3Apache DebianOracle 38Agile Engineering Data Management Agile Product Lifecycle ManagementApplication Testing Suite+35 more May 8, 2025 Aug 2, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.
CVE-2018-2601 1Oracle 1Internet Directory Nov 21, 2024 Jan 18, 2018 N/A· v4 8.0 HIGH· v3 6.0 MEDIUM· v2 Vulnerability in the Oracle Internet Directory component of Oracle Fusion Middleware (subcomponent: Oracle Directory Services Manager). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0 and 12.2.1.3.0. Diff...Show more Vulnerability in the Oracle Internet Directory component of Oracle Fusion Middleware (subcomponent: Oracle Directory Services Manager). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0 and 12.2.1.3.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Internet Directory. While the vulnerability is in Oracle Internet Directory, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Internet Directory. CVSS 3.0 Base Score 8.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).Show less
CVE-2001-0974 1Oracle 1Internet Directory Apr 16, 2026 Jul 17, 2001 N/A· v4 N/A· v3 7.5 HIGH· v2 Format string vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
CVE-2001-1321 1Oracle 1Internet Directory Apr 16, 2026 Jul 16, 2001 N/A· v4 N/A· v3 7.5 HIGH· v2 Oracle Internet Directory Server 2.1.1.x and 3.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid encodings of BER OBJECT-IDENTIFIER values, as demonstrated b...Show more Oracle Internet Directory Server 2.1.1.x and 3.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid encodings of BER OBJECT-IDENTIFIER values, as demonstrated by the PROTOS LDAPv3 test suite.Show less
CVE-2001-0975 1Oracle 1Internet Directory Apr 16, 2026 Jul 16, 2001 N/A· v4 N/A· v3 7.5 HIGH· v2 Buffer overflow vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
CVE-2001-0300 1Oracle 1Internet Directory Apr 16, 2026 Jun 2, 2001 N/A· v4 N/A· v3 2.1 LOW· v2 oidldapd 2.1.1.1 in Oracle 8.1.7 records log files in a directory (ldaplog) that has world-writable permissions, which may allow local users to delete logs and/or overwrite other files via a symlink attack.
CVE-2000-0987 1Oracle 2Internet Directory Oracle8i Apr 16, 2026 Dec 19, 2000 N/A· v4 N/A· v3 4.6 MEDIUM· v2 Buffer overflow in oidldapd in Oracle 8.1.6 allow local users to gain privileges via a long "connect" command line parameter.