Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Update Protection against Oracle Reports Arbitrary File Reading Vulnerability

 

Check Point Reference: CPAI-2006-037
Date Published:
Severity:
Last Updated:
Source: US-CERT VU#925261
Industry Reference(s):

CVE-2005-2378

Protection Provided by: VPN-1
  • NGX R61
  • NGX R60
  • NG with Application Intelligence R55W
  • NG with Application Intelligence R55
  • NG with Application Intelligence R54
VSX
  • NGX
InterSpect
  • NGX
  • 2.0 and 1.x
Does a connection to which this protection applies to continue after cluster fail-over: Yes
Is the protection still enforced after cluster fail-over: Yes
Who is Vulnerable?
Oracle Reports Server
Vulnerability Description
Oracle Reports is an enterprise reporting tool that extracts data from multiple sources and inserts it into a formatted report. Oracle Reports fails to validate URI parameters, possibly allowing a remote attacker to read arbitrary files on the Reports Server.