← back
CVE-2005-2378

CVE-2005-2378

EPSS 9.1%
Directory traversal vulnerability in Oracle Reports allows remote attackers to read arbitrary files via an absolute or relative path to the (1) CUSTOMIZE or (2) desformat parameters to rwservlet. NOTE: vector 2 is probably the same as CVE-2006-0289, and fixed in Jan 2006 CPU.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://marc.info/?l=bugtraq&m=112181054226520&w=2http://marc.info/?l=bugtraq&m=112181242916757&w=2http://secunia.com/advisories/18493http://secunia.com/advisories/18608http://securitytracker.com/id?1014525http://securitytracker.com/id?1014527https://exchange.xforce.ibmcloud.com/vulnerabilities/24321http://www.red-database-security.com/advisory/oracle_reports_read_any_file.htmlhttp://www.red-database-security.com/advisory/oracle_reports_read_any_xml_file.htmlhttp://www.securityfocus.com/archive/1/422256/30/7430/threadedhttp://www.vupen.com/english/advisories/2006/0323