Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-0275

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-0275
Last Modified 22 Oct 2012 09:56:07
Published 18 Jan 2006 06:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-0275

Summary

Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# REP04. NOTE: Oracle has not disputed reliable researcher claims that this issue is related to directory traversal that allows reading of portions of arbitrary XML files via the customize parameter.

Vulnerable Systems

Application

  • Oracle Application Server 9.0.4.2


References

CERT-VN - VU#545804

CONFIRM - http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html

XF - oracle-january2006-update(24321)

VUPEN - ADV-2006-0323

VUPEN - ADV-2006-0243

BID - 16287

BUGTRAQ - 20060117 Oracle Reports - Read parts of files via customize(fixed after 875 days)

MISC - http://www.red-database-security.com/advisory/oracle_reports_read_any_xml_file.html

SECTRACK - 1015499

SECUNIA - 18608

SECUNIA - 18493

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html


Last Updated: 27 May 2016 10:42:32