CVE Description | CVSSv2 Base Score | Component | Product and Resolution |
CVE-2007-5333 Information Exposure vulnerability |
5.0 |
Apache Tomcat |
|
CVE-2007-5342 Permissions, Privileges, and Access Controls vulnerability |
6.4 |
CVE-2007-6286 Request handling vulnerability |
4.3 |
CVE-2008-0002 Information disclosure vulnerability |
5.8 |
CVE-2008-1232 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability |
4.3 |
CVE-2008-1947 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability |
4.3 |
CVE-2008-2370 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability |
5.0 |
CVE-2008-2938 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability |
4.3 |
CVE-2008-5515 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability |
5.0 |
CVE-2009-0033 Improper Input Validation vulnerability |
5.0 |
CVE-2009-0580 Information Exposure vulnerability |
4.3 |
CVE-2009-0781 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability |
4.3 |
CVE-2009-0783 Information Exposure vulnerability |
4.6 |
CVE-2009-2693 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability |
5.8 |
CVE-2009-2901 Permissions, Privileges, and Access Controls vulnerability |
4.3 |
CVE-2009-2902 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability |
4.3 |
CVE-2009-3548 Credentials Management vulnerability |
7.5 |
CVE-2010-1157 Information Exposure vulnerability |
2.6 |
CVE-2010-2227 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability |
6.4 |
CVE-2010-3718 Directory traversal vulnerability |
1.2 |
CVE-2010-4172 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability |
4.3 |
CVE-2010-4312 Configuration vulnerability |
6.4 |
CVE-2011-0013 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability |
4.3 |
CVE-2011-0534 Resource Management Errors vulnerability |
5.0 |
CVE-2011-1184 Permissions, Privileges, and Access Controls vulnerability |
5.0 |
CVE-2011-2204 Information Exposure vulnerability |
1.9 |
CVE-2011-2526 Improper Input Validation vulnerability |
4.4 |
CVE-2011-3190 Permissions, Privileges, and Access Controls vulnerability |
7.5 |
CVE-2011-4858 Resource Management Errors vulnerability |
5.0 |
CVE-2011-5062 Permissions, Privileges, and Access Controls vulnerability |
5.0 |
CVE-2011-5063 Improper Authentication vulnerability |
4.3 |
CVE-2011-5064 Cryptographic Issues vulnerability |
4.3 |
CVE-2012-0022 Numeric Errors vulnerability |
5.0 |
This notification describes vulnerabilities fixed in third-party components that are included in Oracle's product distributions.
Information about vulnerabilities affecting Oracle products can be found on Oracle Critical Patch Updates and Security Alerts page.