Check Point Advisories

Update Protection against Oracle Reports Arbitrary File Reading Vulnerability

Check Point Reference: CPAI-2006-037
Date Published: 27 Apr 2006
Severity: Medium
Last Updated: Monday 07 May, 2007
Source: US-CERT VU#925261
Industry Reference:

CVE-2005-2378

Protection Provided by:
Who is Vulnerable? Oracle Reports Server
Vulnerability Description Oracle Reports is an enterprise reporting tool that extracts data from multiple sources and inserts it into a formatted report. Oracle Reports fails to validate URI parameters, possibly allowing a remote attacker to read arbitrary files on the Reports Server.
Update/Patch AvaliableThis issue is corrected in the Oracle Critical Patch Update for January 2006.
Vulnerability DetailsOracle Reports is a component of Oracle Application Server and the Oracle Developer Suite. Oracle Reports are accessible over a network via a URI. Improper validation on the desformat URI parameter could allow a remote attacker to read arbitrary files on the Oracle Reports Server.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK