发布时间 :2005-07-26 00:00:00
修订时间 :2016-10-17 23:26:32

[原文]Directory traversal vulnerability in Oracle Reports allows remote attackers to read arbitrary files via an absolute or relative path to the (1) CUSTOMIZE or (2) desformat parameters to rwservlet. NOTE: vector 2 is probably the same as CVE-2006-0289, and fixed in Jan 2006 CPU.

[CNNVD]Oracle Reports Server 信息泄漏漏洞(CNNVD-200507-250)

        Oracle是一款大型的商业数据库系统,Oracle Reports是Oracle的一款企业报表工具。
        Oracle Reports Server中存在信息泄露漏洞。远程攻击者可以利用绝对或相对路径读取任意文件,导致信息泄露漏洞。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-22 [对路径名的限制不恰当(路径遍历)]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BUGTRAQ  20050719 Oracle Security Advisory: Read parts of any file via desformat in Oracle Reports
(UNKNOWN)  BUGTRAQ  20050719 Oracle Security Advisory: Read parts of any XML-file via customize parameter in Oracle Reports
(UNKNOWN)  BUGTRAQ  20060117 Oracle Reports - Read parts of files via desname (fixed after 874 days)
(UNKNOWN)  XF  oracle-january2006-update(24321)

- 漏洞信息

Oracle Reports Server 信息泄漏漏洞
中危 路径遍历
2005-07-26 00:00:00 2007-03-30 00:00:00
        Oracle是一款大型的商业数据库系统,Oracle Reports是Oracle的一款企业报表工具。
        Oracle Reports Server中存在信息泄露漏洞。远程攻击者可以利用绝对或相对路径读取任意文件,导致信息泄露漏洞。

- 公告与补丁


- 漏洞信息

Oracle Reports rwservlet Multiple Variable Arbitrary File Segment Access
Remote / Network Access Input Manipulation
Loss of Confidentiality
Exploit Public

- 漏洞描述

Oracle Reports contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when a remote attacker creates a special request to the rwservlet script. By modifying the 'desformat' or 'CUSTOMIZE' variables, an attacker can specify an arbitrary file on the system, even outside the web root. The servlet will display portions of the file resulting in a loss of confidentiality.

- 时间线

2005-07-19 2003-08-23
2005-07-19 Unknow

- 解决方案

Currently, there are no known upgrades to correct this issue. However, Alexander Kornbrust has released an unofficial patch to address this vulnerability.

- 相关参考

- 漏洞作者