CVE-2005-0701

Опубликовано: 07 мар. 2005

Источник: nvd

CVSS2: 5

EPSS Средний

Описание

Directory traversal vulnerability in Oracle Database Server 8i and 9i allows remote attackers to read or rename arbitrary files via "\.\.." (modified dot dot backslash) sequences to UTL_FILE functions such as (1) UTL_FILE.FOPEN or (2) UTL_FILE.frename.

Ссылки

http://lists.grok.org.uk/pipermail/full-disclosure/2005-March/032273.html
Exploit
Patch
Vendor Advisory
http://marc.info/?l=bugtraq&m=111023635928211&w=2
http://www.argeniss.com/research/ARGENISS-ADV-030501.txt
Exploit
Patch
Vendor Advisory
http://lists.grok.org.uk/pipermail/full-disclosure/2005-March/032273.html
Exploit
Patch
Vendor Advisory
http://marc.info/?l=bugtraq&m=111023635928211&w=2
http://www.argeniss.com/research/ARGENISS-ADV-030501.txt
Exploit
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:oracle:database_server:*:*:*:*:*:*:*:*

EPSS

Процентиль: 96%

0.2878

Средний

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-rmg9-6gq2-f582

github

почти 4 года назад

Directory traversal vulnerability in Oracle Database Server 8i and 9i allows remote attackers to read or rename arbitrary files via "\\.\\.." (modified dot dot backslash) sequences to UTL_FILE functions such as (1) UTL_FILE.FOPEN or (2) UTL_FILE.frename.