Update Protection against Oracle Reports Arbitrary File Reading Vulnerability
| Check Point Reference: | CPAI-2006-037 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | US-CERT VU#925261 | |
| Industry Reference(s): |
CVE-2005-2378 |
|
| Protection Provided by: |
VPN-1
|
|
| Does a connection to which this protection applies to continue after cluster fail-over: | Yes | |
| Is the protection still enforced after cluster fail-over: | Yes | |
| Who is Vulnerable? Oracle Reports Server | ||
| Vulnerability Description Oracle Reports is an enterprise reporting tool that extracts data from multiple sources and inserts it into a formatted report. Oracle Reports fails to validate URI parameters, possibly allowing a remote attacker to read arbitrary files on the Reports Server. |
||