CVE - CVE-2005-2378

CVE-ID
CVE-2005-2378	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Directory traversal vulnerability in Oracle Reports allows remote attackers to read arbitrary files via an absolute or relative path to the (1) CUSTOMIZE or (2) desformat parameters to rwservlet. NOTE: vector 2 is probably the same as CVE-2006-0289, and fixed in Jan 2006 CPU.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20050719 Oracle Security Advisory: Read parts of any XML-file via customize parameter in Oracle Reports URL:http://marc.info/?l=bugtraq&m=112181242916757&w=2 BUGTRAQ:20050719 Oracle Security Advisory: Read parts of any file via desformat in Oracle Reports URL:http://marc.info/?l=bugtraq&m=112181054226520&w=2 BUGTRAQ:20060117 Oracle Reports - Read parts of files via desname (fixed after 874 days) URL:http://www.securityfocus.com/archive/1/422256/30/7430/threaded MISC:http://www.red-database-security.com/advisory/oracle_reports_read_any_file.html MISC:http://www.red-database-security.com/advisory/oracle_reports_read_any_xml_file.html SECTRACK:1014525 URL:http://securitytracker.com/id?1014525 SECTRACK:1014527 URL:http://securitytracker.com/id?1014527 SECUNIA:18493 URL:http://secunia.com/advisories/18493 SECUNIA:18608 URL:http://secunia.com/advisories/18608 VUPEN:ADV-2006-0323 URL:~~http://www.vupen.com/english/advisories/2006/0323~~ (Obsolete source) XF:oracle-january2006-update(24321) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/24321
Assigning CNA
MITRE Corporation
Date Record Created
20050726	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20050726)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)