[原文]The web interface for Crystal Reports allows remote attackers to cause a denial of service (disk exhaustion) by repeatedly requesting reports without retrieving the associated image files, which are not cleared from the image file folder.
Business Objects Crystal Reports/Enterprise Disk Space Exhaustion DoS
Remote / Network Access
Denial of Service
Loss of Availability
Crystal Reports and Crystal Enterprise contain a flaw that may allow a remote denial of service. The issue is triggered when a remote user repeatedly accesses the crystalimagehandler.aspx script and requests image creation, and will result in loss of availability for the server by exhausting disk space and slowing connections.
Currently, there are no known workarounds or upgrades to correct this issue. However, Business Objects has released a patch to address this vulnerability.