CVE-2005-2378

Sažetak

Directory traversal vulnerability in Oracle Reports allows remote attackers to read arbitrary files via an absolute or relative path to the (1) CUSTOMIZE or (2) desformat parameters to rwservlet. NOTE: vector 2 is probably the same as CVE-2006-0289, and fixed in Jan 2006 CPU.

Reference

http://marc.info/?l=bugtraq&m=112181054226520&w=2
http://marc.info/?l=bugtraq&m=112181242916757&w=2
http://secunia.com/advisories/18493
http://secunia.com/advisories/18608
http://securitytracker.com/id?1014525
http://securitytracker.com/id?1014527
http://www.red-database-security.com/advisory/oracle_reports_read_any_file.html
http://www.red-database-security.com/advisory/oracle_reports_read_any_xml_file.html
http://www.securityfocus.com/archive/1/422256/30/7430/threaded
http://www.vupen.com/english/advisories/2006/0323
https://exchange.xforce.ibmcloud.com/vulnerabilities/24321

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

19-10-2018 - 15:32

Objavljeno

26-07-2005 - 04:00