PT-2005-3292 · Oracle · Oracle Reports
Alexander Kornbrust
·
Published
2005-07-26
·
Updated
2018-10-19
·
CVE-2005-2378
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Oracle Reports (affected versions not specified)
Description
A directory traversal issue in Oracle Reports allows remote attackers to read arbitrary files. This can be achieved by providing an absolute or relative path to the
CUSTOMIZE or desformat parameters in the rwservlet.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Oracle Reports