Multiple vulnerabilities in Oracle Java Web Console
Posted
by RitwikGhoshal
on Oracle Blogs
See other posts from Oracle Blogs
or by RitwikGhoshal
Published on Wed, 19 Sep 2012 02:13:47 +0000
Indexed on
2012/09/19
3:45 UTC
Read the original article
Hit count: 381
Filed under:
/Alerts
| CVE Description | CVSSv2 Base Score | Component | Product and Resolution | ||
|---|---|---|---|---|---|
| CVE-2007-5333 Information Exposure vulnerability | 5.0 | Apache Tomcat |
|
||
| CVE-2007-5342 Permissions, Privileges, and Access Controls vulnerability | 6.4 | ||||
| CVE-2007-6286 Request handling vulnerability | 4.3 | ||||
| CVE-2008-0002 Information disclosure vulnerability | 5.8 | ||||
| CVE-2008-1232 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability | 4.3 | ||||
| CVE-2008-1947 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability | 4.3 | ||||
| CVE-2008-2370 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability | 5.0 | ||||
| CVE-2008-2938 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability | 4.3 | ||||
| CVE-2008-5515 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability | 5.0 | ||||
| CVE-2009-0033 Improper Input Validation vulnerability | 5.0 | ||||
| CVE-2009-0580 Information Exposure vulnerability | 4.3 | ||||
| CVE-2009-0781 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability | 4.3 | ||||
| CVE-2009-0783 Information Exposure vulnerability | 4.6 | ||||
| CVE-2009-2693 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability | 5.8 | ||||
| CVE-2009-2901 Permissions, Privileges, and Access Controls vulnerability | 4.3 | ||||
| CVE-2009-2902 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability | 4.3 | ||||
| CVE-2009-3548 Credentials Management vulnerability | 7.5 | ||||
| CVE-2010-1157 Information Exposure vulnerability | 2.6 | ||||
| CVE-2010-2227 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability | 6.4 | ||||
| CVE-2010-3718 Directory traversal vulnerability | 1.2 | ||||
| CVE-2010-4172 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability | 4.3 | ||||
| CVE-2010-4312 Configuration vulnerability | 6.4 | ||||
| CVE-2011-0013 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability | 4.3 | ||||
| CVE-2011-0534 Resource Management Errors vulnerability | 5.0 | ||||
| CVE-2011-1184 Permissions, Privileges, and Access Controls vulnerability | 5.0 | ||||
| CVE-2011-2204 Information Exposure vulnerability | 1.9 | ||||
| CVE-2011-2526 Improper Input Validation vulnerability | 4.4 | ||||
| CVE-2011-3190 Permissions, Privileges, and Access Controls vulnerability | 7.5 | ||||
| CVE-2011-4858 Resource Management Errors vulnerability | 5.0 | ||||
| CVE-2011-5062 Permissions, Privileges, and Access Controls vulnerability | 5.0 | ||||
| CVE-2011-5063 Improper Authentication vulnerability | 4.3 | ||||
| CVE-2011-5064 Cryptographic Issues vulnerability | 4.3 | ||||
| CVE-2012-0022 Numeric Errors vulnerability | 5.0 |
This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.
© Oracle Blogs or respective owner
