CVE-2005-2378

Опубликовано: 26 июл. 2005

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

Directory traversal vulnerability in Oracle Reports allows remote attackers to read arbitrary files via an absolute or relative path to the (1) CUSTOMIZE or (2) desformat parameters to rwservlet. NOTE: vector 2 is probably the same as CVE-2006-0289, and fixed in Jan 2006 CPU.

Ссылки

http://marc.info/?l=bugtraq&m=112181054226520&w=2
http://marc.info/?l=bugtraq&m=112181242916757&w=2
http://secunia.com/advisories/18493
Vendor Advisory
http://secunia.com/advisories/18608
Vendor Advisory
http://securitytracker.com/id?1014525
http://securitytracker.com/id?1014527
http://www.red-database-security.com/advisory/oracle_reports_read_any_file.html
Exploit
Vendor Advisory
http://www.red-database-security.com/advisory/oracle_reports_read_any_xml_file.html
Exploit
Vendor Advisory
http://www.securityfocus.com/archive/1/422256/30/7430/threaded
http://www.vupen.com/english/advisories/2006/0323
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/24321
http://marc.info/?l=bugtraq&m=112181054226520&w=2
http://marc.info/?l=bugtraq&m=112181242916757&w=2
http://secunia.com/advisories/18493
Vendor Advisory
http://secunia.com/advisories/18608
Vendor Advisory
http://securitytracker.com/id?1014525
http://securitytracker.com/id?1014527
http://www.red-database-security.com/advisory/oracle_reports_read_any_file.html
Exploit
Vendor Advisory
http://www.red-database-security.com/advisory/oracle_reports_read_any_xml_file.html
Exploit
Vendor Advisory
http://www.securityfocus.com/archive/1/422256/30/7430/threaded

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:oracle:reports:*:*:*:*:*:*:*:*

EPSS

Процентиль: 87%

0.03517

Низкий

5 Medium

CVSS2

Дефекты

CWE-22

Связанные уязвимости

GHSA-3828-jgm6-f988

github

почти 4 года назад