CVE-2004-0204
CVSS7.5
发布时间 :2004-08-06 00:00:00
修订时间 :2016-10-17 22:41:48
NMCOES    

[原文]Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.


[CNNVD]Business Objects Crystal Reports Web表单查看器目录遍历漏洞(CNNVD-200408-088)

        
        Crystal Reports和Crystal Enterprise是Business Objects公司的报告和数据演示解决方案。
        Crystal Reports和Crystal Enterprise提交图象文件的模块存在问题,远程攻击者可以利用这个漏洞访问任意系统文件或进行拒绝服务攻击。
        1、任意文件访问和删除
        WEB报告引擎使用crystalimagehandler.aspx模块处理图象问,此模块接收dynamicimage参数指定临时建立的图象文件名,此文件提交给客户然后默认会从磁盘中删除,一般请求如下:
        http://foo.bar/crystalreportviewers/crystalimagehandler.aspx?dynamicimag
        e=2a7173aa-a2e4-4f96-b9e1-11332c696bbd.png
        但是由于对用户提交的数据缺少充分过滤,攻击者提交包含多个'../'字符的数据可绕过WEB ROOT限制,以WEB进程访问系统上任意文件内容。
        2、磁盘耗尽漏洞:
        Crystal Reports Web提交模块依靠图象提交模块来处理图象,然后从硬盘上清理,但是如果攻击者持续请求此模块而没有获取任何相关图象(如使用PERL脚本),就会导致报告引擎在图象文件夹中消耗大量空间,造成拒绝服务问题。
        使用 Business Contact Manager,和Business Solutions CRM 1.2的Microsoft Visual Studio .NET 2003, Outlook 2003也受此漏洞影响。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:bea:weblogic_server:8.1::win32
cpe:/a:bea:weblogic_server:8.1::express
cpe:/a:bea:weblogic_server:8.1:sp2:win32BEA Systems WebLogic Server 8.1 SP2 Win32
cpe:/a:microsoft:visual_studio_.net:2003:goldMicrosoft Visual Studio .NET 2003 Gold
cpe:/a:businessobjects:crystal_enterprise:9businessobjects Crystal Enterprise 9
cpe:/a:businessobjects:crystal_enterprise_java_sdk:8.5businessobjects Crystal Enterprise Java SDK 8.5
cpe:/a:bea:weblogic_server:8.1:sp1:win32BEA Systems WebLogic Server 8.1 SP1 Win32
cpe:/a:businessobjects:crystal_enterprise:10businessobjects Crystal Enterprise 10
cpe:/a:borland_software:j_builder
cpe:/a:bea:weblogic_server:8.1BEA Systems WebLogic Server 8.1
cpe:/a:bea:weblogic_server:8.1:sp1:expressBEA Systems WebLogic Express 8.1 SP1
cpe:/a:bea:weblogic_server:8.1:sp2:expressBEA Systems WebLogic Express 8.1 SP2
cpe:/a:bea:weblogic_server:8.1:sp1BEA Systems WebLogic Server 8.1 SP1
cpe:/a:businessobjects:crystal_enterprise_ras:8.5::unix
cpe:/a:bea:weblogic_server:8.1:sp2BEA Systems WebLogic Server 8.1 SP2
cpe:/a:microsoft:outlook:2003::business_contact_manager
cpe:/a:microsoft:business_solutions_crm:1.2Microsoft business_solutions_crm 1.2
cpe:/a:businessobjects:crystal_reports:9businessobjects Crystal Reports 9.0
cpe:/a:businessobjects:crystal_reports:10businessobjects Crystal Reports 10.0

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:1157Crystal Reports Business Objects Directory Traversal
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0204
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0204
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200408-088
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=108360413811017&w=2
(UNKNOWN)  BUGTRAQ  20040502 Crystal Reports Vulnerabilities
http://marc.info/?l=bugtraq&m=108671836127360&w=2
(UNKNOWN)  BUGTRAQ  20040608 Vulnerability: Arbitrary File Access & DoS in Crystal Reports
http://support.businessobjects.com/fix/hot/critical/bulletins/security_bulletin_june04.asp
(UNKNOWN)  CONFIRM  http://support.businessobjects.com/fix/hot/critical/bulletins/security_bulletin_june04.asp
http://www.microsoft.com/technet/security/bulletin/ms04-017.asp
(UNKNOWN)  MS  MS04-017
http://www.securityfocus.com/bid/10260
(VENDOR_ADVISORY)  BID  10260
http://xforce.iss.net/xforce/xfdb/16044
(VENDOR_ADVISORY)  XF  crystalreports-file-deletion(16044)

- 漏洞信息

Business Objects Crystal Reports Web表单查看器目录遍历漏洞
高危 输入验证
2004-08-06 00:00:00 2005-10-20 00:00:00
远程  
        
        Crystal Reports和Crystal Enterprise是Business Objects公司的报告和数据演示解决方案。
        Crystal Reports和Crystal Enterprise提交图象文件的模块存在问题,远程攻击者可以利用这个漏洞访问任意系统文件或进行拒绝服务攻击。
        1、任意文件访问和删除
        WEB报告引擎使用crystalimagehandler.aspx模块处理图象问,此模块接收dynamicimage参数指定临时建立的图象文件名,此文件提交给客户然后默认会从磁盘中删除,一般请求如下:
        http://foo.bar/crystalreportviewers/crystalimagehandler.aspx?dynamicimag
        e=2a7173aa-a2e4-4f96-b9e1-11332c696bbd.png
        但是由于对用户提交的数据缺少充分过滤,攻击者提交包含多个'../'字符的数据可绕过WEB ROOT限制,以WEB进程访问系统上任意文件内容。
        2、磁盘耗尽漏洞:
        Crystal Reports Web提交模块依靠图象提交模块来处理图象,然后从硬盘上清理,但是如果攻击者持续请求此模块而没有获取任何相关图象(如使用PERL脚本),就会导致报告引擎在图象文件夹中消耗大量空间,造成拒绝服务问题。
        使用 Business Contact Manager,和Business Solutions CRM 1.2的Microsoft Visual Studio .NET 2003, Outlook 2003也受此漏洞影响。
        

- 公告与补丁

        厂商补丁:
        Business Objects
        ----------------
        目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
        BEA Systems WebLogic Server for Win32 8.1 SP 2:
        Business Objects Upgrade bea81_critical_update_win.zip
        ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/bea81_critical_update_win.zip
        For Windows.
        BEA Systems Weblogic Server 8.1 SP 2:
        Business Objects Upgrade bea81_critical_update_unix.tar.gz
        ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/bea81_critical_update_unix.tar.gz
        For Solaris.
        Business Objects Upgrade bea81_critical_update_unix.tar.gz
        ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/bea81_critical_update_unix.tar.gz
        For Linux.
        BEA Systems Weblogic Server 8.1 SP 1:
        Business Objects Upgrade bea81_critical_update_unix.tar.gz
        ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/bea81_critical_update_unix.tar.gz
        For Solaris.
        Business Objects Upgrade bea81_critical_update_unix.tar.gz
        ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/bea81_critical_update_unix.tar.gz
        For Linux.
        BEA Systems WebLogic Server for Win32 8.1 SP 1:
        Business Objects Upgrade bea81_critical_update_win.zip
        ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/bea81_critical_update_win.zip
        For Windows.
        BEA Systems WebLogic Server for Win32 8.1:
        Business Objects Upgrade bea81_critical_update_win.zip
        ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/bea81_critical_update_win.zip
        For Windows.
        BEA Systems Weblogic Server 8.1:
        Business Objects Upgrade bea81_critical_update_unix.tar.gz
        ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/bea81_critical_update_unix.tar.gz
        For Solaris.
        Business Objects Upgrade bea81_critical_update_unix.tar.gz
        ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/bea81_critical_update_unix.tar.gz
        For Linux.
        Borland J Builder :
        Business Objects Upgrade cr10jbuilder_critical_update_win.zip
        ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/cr10jbuilder_critical_update_win.zip
        For Windows.
        Business Objects Upgrade crjbuilder10critical_update_sol.tar.gz
        ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/crjbuilder10critical_update_sol.tar.gz
        For Solaris.
        Business Objects Upgrade crjbuilder10critical_update_lnx.tar.gz
        ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/crjbuilder10critical_update_lnx.tar.gz
        For Linux.
        Business Objects Crystal Enterprise Java SDK 8.5:
        Business Objects Upgrade v85_critical_update_win.zip
        ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/v85_critical_update_win.zip
        For Windows.
        Business Objects Upgrade ce85critical_update_jcesol.tar.gz
        ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce85critical_update_jcesol.tar.gz
        For Solaris.
        Business Objects Upgrade ce85critical_update_jceaix.tar.gz
        ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce85critical_update_jceaix.tar.gz
        For AIX.
        Business Objects Crystal Enterprise RAS for UNIX 8.5:
        Business Objects Upgrade ras85critical_update_sol.tar.gz
        ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ras85critical_update_sol.tar.gz
        For Solaris.
        Business Objects Crystal Reports 9.0:
        Business Objects Upgrade v9_critical_update_win.zip
        ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/v9_critical_update_win.zip
        For Windows.
        Business Objects Crystal Enterprise 9.0:
        Business Objects Upgrade v9_critical_update_win.zip
        ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/v9_critical_update_win.zip
        For Windows.
        Business Objects Crystal Enterprise 10.0:
        Business Objects Upgrade v10_critical_update_win.zip
        ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/v10_critical_update_win.zip
        For Windows.
        Business Objects Upgrade ce10critical_update_sol.tar.gz
        ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce10critical_update_sol.tar.gz
        For Solaris.
        Business Objects Upgrade ce10critical_update_aix.tar.gz
        ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce10critical_update_aix.tar.gz
        For AIX.
        Business Objects Crystal Reports 10.0:
        Business Objects Upgrade v10_critical_update_win.zip
        ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/v10_critical_update_win.zip
        For Windows.
        Microsoft Visual Studio .NET 2003 :
        Microsoft Upgrade Visual Studio .NET 2003 Crystal Reports Security Update
        
        http://www.microsoft.com/downloads/details.aspx?FamilyId=659CA40E-808D-431D-A7D3-33BC3ACE922D&displaylang=en

        Microsoft Outlook 2003 with Business Contact Manager :
        Microsoft Upgrade Business Contact Manager for Outlook 2003 Security Update: KB842496
        
        http://www.microsoft.com/downloads/details.aspx?FamilyId=9016B9F3-BA86-4A95-9D89-E120EF2E85E3&displaylang=en

        Microsoft Business Solutions CRM 1.2:
        Business Objects Upgrade mscrm12_critical_update_win.zip
        ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/mscrm12_critical_update_win.zip

- 漏洞信息 (24077)

Business Objects Crystal Reports 9/10 Web Form Viewer Directory Traversal Vulnerability (EDBID:24077)
windows remote
2004-05-03 Verified
0 Imperva Application Defense Center
N/A [点击下载]
source: http://www.securityfocus.com/bid/10260/info

Crystal Reports and Crystal Enterprise Web Form Viewer is prone to a directory traversal vulnerability. This issue can allow an attacker to retrieve and delete files, allowing for information disclosure and denial of service attacks.

An attacker can exploit this issue by sending directory traversal sequences and requesting a file through a vulnerable parameter of one of the affected modules. 

Microsoft Visual Studio .NET 2003, Outlook 2003 with Business Contact Manager, and Business Solutions CRM 1.2 are also vulnerable to this issue as Microsoft re-distributes Crystal Reports.

http://www.example.com/crystalreportviewers/crystalimagehandler.aspx?dynamicimage=..\..\..\..\..\mydocuments\private\passwords.txt		

- 漏洞信息

6748
Business Objects Crystal Reports/Enterprise crystalimagehandler.aspx Arbitrary File Manipulation
Remote / Network Access Input Manipulation
Loss of Confidentiality, Loss of Integrity, Loss of Availability
Exploit Public Vendor Verified

- 漏洞描述

Crystal Reports and Crystal Enterprise contain a flaw that allows a remote attacker to access or delete files outside of the web path. The issue is due to the crystalimagehandler.aspx script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "dynamicimage" variable.

- 时间线

2004-06-08 2004-04-20
2004-06-08 Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Business Objects has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

- 漏洞信息

Business Objects Crystal Reports Web Form Viewer Directory Traversal Vulnerability
Input Validation Error 10260
Yes No
2004-05-03 12:00:00 2009-07-12 04:07:00
Discovery is credited to Imperva Application Defense Center <adc@imperva.com>.

- 受影响的程序版本

Microsoft Visual Studio .NET 2003
+ Microsoft Visual Basic .NET Standard 2003
+ Microsoft Visual C# .NET Standard 2003
+ Microsoft Visual C++ .NET Standard 2003
+ Microsoft Visual J# .NET Standard 2003
Microsoft Outlook 2003 with Business Contact Manager
Microsoft Business Solutions CRM 1.2
Business Objects Crystal Reports 10.0
Business Objects Crystal Reports 9.0
Business Objects Crystal Enterprise RAS for UNIX 8.5
Business Objects Crystal Enterprise Java SDK 8.5
Business Objects Crystal Enterprise 10.0
Business Objects Crystal Enterprise 9.0
Borland J Builder
BEA Systems WebLogic Server for Win32 8.1 SP 2
BEA Systems WebLogic Server for Win32 8.1 SP 1
BEA Systems WebLogic Server for Win32 8.1
BEA Systems WebLogic Server for Win32 7.0 SP 5
BEA Systems WebLogic Server for Win32 7.0 SP 4
BEA Systems WebLogic Server for Win32 7.0 SP 3
BEA Systems WebLogic Server for Win32 7.0 SP 2
BEA Systems WebLogic Server for Win32 7.0 SP 1
BEA Systems WebLogic Server for Win32 7.0
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
BEA Systems Weblogic Server 8.1 SP 2
BEA Systems Weblogic Server 8.1 SP 1
BEA Systems Weblogic Server 8.1
BEA Systems Weblogic Server 7.0 SP 5
BEA Systems Weblogic Server 7.0 SP 4
BEA Systems Weblogic Server 7.0 SP 3
BEA Systems Weblogic Server 7.0 SP 2
BEA Systems Weblogic Server 7.0 SP 1
BEA Systems Weblogic Server 7.0
- HP HP-UX 11.0
- HP HP-UX 11i v1
- IBM AIX 4.3.3
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- RedHat Linux 7.1 i386
- RedHat Linux 6.2 i386
- Sun Solaris 8_sparc
- Sun Solaris 2.7_sparc
- Sun Solaris 2.6_sparc
BEA Systems WebLogic Express for Win32 8.1 SP 2
BEA Systems WebLogic Express for Win32 8.1 SP 1
BEA Systems WebLogic Express for Win32 8.1
BEA Systems WebLogic Express for Win32 7.0 SP 5
BEA Systems WebLogic Express for Win32 7.0 SP 4
BEA Systems WebLogic Express for Win32 7.0 SP 3
BEA Systems WebLogic Express for Win32 7.0 SP 2
BEA Systems WebLogic Express for Win32 7.0 SP 1
BEA Systems WebLogic Express for Win32 7.0
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Terminal Services SP2
- Microsoft Windows 2000 Terminal Services SP1
- Microsoft Windows 2000 Terminal Services
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Enterprise Server 4.0 SP3
- Microsoft Windows NT Enterprise Server 4.0 SP2
- Microsoft Windows NT Enterprise Server 4.0 SP1
- Microsoft Windows NT Enterprise Server 4.0
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP3
- Microsoft Windows NT Server 4.0 SP2
- Microsoft Windows NT Server 4.0 SP1
- Microsoft Windows NT Server 4.0
- Microsoft Windows NT Terminal Server 4.0 SP6
- Microsoft Windows NT Terminal Server 4.0 SP5
- Microsoft Windows NT Terminal Server 4.0 SP4
- Microsoft Windows NT Terminal Server 4.0 SP3
- Microsoft Windows NT Terminal Server 4.0 SP2
- Microsoft Windows NT Terminal Server 4.0 SP1
- Microsoft Windows NT Terminal Server 4.0
- Microsoft Windows NT Workstation 4.0 SP6a
- Microsoft Windows NT Workstation 4.0 SP6
- Microsoft Windows NT Workstation 4.0 SP5
- Microsoft Windows NT Workstation 4.0 SP4
- Microsoft Windows NT Workstation 4.0 SP3
- Microsoft Windows NT Workstation 4.0 SP2
- Microsoft Windows NT Workstation 4.0 SP1
- Microsoft Windows NT Workstation 4.0
BEA Systems WebLogic Express 8.1 SP 2
BEA Systems WebLogic Express 8.1 SP 1
BEA Systems WebLogic Express 8.1
BEA Systems WebLogic Express 7.0 SP 5
BEA Systems WebLogic Express 7.0 SP 4
BEA Systems WebLogic Express 7.0 SP 3
BEA Systems WebLogic Express 7.0 SP 2
BEA Systems WebLogic Express 7.0 SP 1
BEA Systems WebLogic Express 7.0
- HP HP-UX 11.0
- HP HP-UX 11i v1
- IBM AIX 4.3.3
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows NT Enterprise Server 4.0 SP6a
- Microsoft Windows NT Enterprise Server 4.0 SP6
- Microsoft Windows NT Enterprise Server 4.0 SP5
- Microsoft Windows NT Enterprise Server 4.0 SP4
- Microsoft Windows NT Server 4.0 SP6a
- Microsoft Windows NT Server 4.0 SP6
- Microsoft Windows NT Server 4.0 SP5
- Microsoft Windows NT Server 4.0 SP4
- RedHat Linux 7.1 i386
- RedHat Linux 6.2 i386
- Sun Solaris 8_sparc
- Sun Solaris 2.7_sparc
- Sun Solaris 2.6_sparc
BEA Systems WebLogic Server for Win32 8.1 SP 3
BEA Systems Weblogic Server 8.1 SP 3
BEA Systems WebLogic Express for Win32 8.1 SP 3
BEA Systems WebLogic Express 8.1 SP 3

- 不受影响的程序版本

BEA Systems WebLogic Server for Win32 8.1 SP 3
BEA Systems Weblogic Server 8.1 SP 3
BEA Systems WebLogic Express for Win32 8.1 SP 3
BEA Systems WebLogic Express 8.1 SP 3

- 漏洞讨论

Crystal Reports and Crystal Enterprise Web Form Viewer is prone to a directory traversal vulnerability. This issue can allow an attacker to retrieve and delete files, allowing for information disclosure and denial of service attacks.

An attacker can exploit this issue by sending directory traversal sequences and requesting a file through a vulnerable parameter of one of the affected modules.

Microsoft Visual Studio .NET 2003, Outlook 2003 with Business Contact Manager, and Business Solutions CRM 1.2 are also vulnerable to this issue as Microsoft re-distributes Crystal Reports.

- 漏洞利用

No exploit is required.

The following proof of concept is available:
http://www.example.com/crystalreportviewers/crystalimagehandler.aspx?dynamicimage=..\..\..\..\..\mydocuments\private\passwords.txt

- 解决方案

BEA Systems has released advisory BEA04-63.00 to address this issue. Users of the WebLogic platform are advised to apply the appropriate Business Objects updates for this vulnerability. Fixes have also been included in WebLogic 8.1 SP 3.

Business Objects has released a security bulletin to address this issue.

Microsoft Security Bulletin MS04-017 is available to address this issue.


Microsoft Visual Studio .NET 2003

Borland J Builder

Microsoft Outlook 2003 with Business Contact Manager

Business Objects Crystal Reports 10.0

Business Objects Crystal Enterprise 10.0

BEA Systems Weblogic Server 8.1 SP 1

BEA Systems Weblogic Server 8.1 SP 2

BEA Systems WebLogic Server for Win32 8.1 SP 2

BEA Systems WebLogic Server for Win32 8.1

BEA Systems Weblogic Server 8.1

BEA Systems WebLogic Server for Win32 8.1 SP 1

Business Objects Crystal Enterprise Java SDK 8.5

Business Objects Crystal Enterprise 9.0

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站