CVE-2005-2378 Information

Feb 14, 2021 cve

Description

Directory traversal vulnerability in Oracle Reports allows remote attackers to read arbitrary files via an absolute or relative path to the (1) CUSTOMIZE or (2) desformat parameters to rwservlet. NOTE: vector 2 is probably the same as CVE-2006-0289 and fixed in Jan 2006 CPU.

Reference

http://marc.info/?l=bugtraq&m=112181054226520&w=2 http://marc.info/?l=bugtraq&m=112181242916757&w=2 http://secunia.com/advisories/18493 http://secunia.com/advisories/18608 http://securitytracker.com/id?1014525 http://securitytracker.com/id?1014527 http://www.red-database-security.com/advisory/oracle_reports_read_any_file.html http://www.red-database-security.com/advisory/oracle_reports_read_any_xml_file.html http://www.securityfocus.com/archive/1/422256/30/7430/threaded http://www.vupen.com/english/advisories/2006/0323 https://exchange.xforce.ibmcloud.com/vulnerabilities/24321

Share on: