Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0701

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-0701
Last Modified 05 Sep 2008 04:47:03
Published 07 Mar 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0701

Summary

Directory traversal vulnerability in Oracle Database Server 8i and 9i allows remote attackers to read or rename arbitrary files via "\\.\\.." (modified dot dot backslash) sequences to UTL_FILE functions such as (1) UTL_FILE.FOPEN or (2) UTL_FILE.frename.

Vulnerable Systems

Application

  • Oracle Database Server


References

MISC - http://www.argeniss.com/research/ARGENISS-ADV-030501.txt

BUGTRAQ - 20050307 - Argeniss - Oracle Database Server Directory transversal


Last Updated: 27 May 2016 10:39:54