CVE-2005-2378
Severity CVSS v4.0:
Pending analysis
Type:
CWE-22
Path Traversal
Publication date:
26/07/2005
Last modified:
03/04/2025
Description
Directory traversal vulnerability in Oracle Reports allows remote attackers to read arbitrary files via an absolute or relative path to the (1) CUSTOMIZE or (2) desformat parameters to rwservlet. NOTE: vector 2 is probably the same as CVE-2006-0289, and fixed in Jan 2006 CPU.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:oracle:reports:*:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://marc.info/?l=bugtraq&m=112181054226520&w=2
- http://marc.info/?l=bugtraq&m=112181242916757&w=2
- http://secunia.com/advisories/18493
- http://secunia.com/advisories/18608
- http://securitytracker.com/id?1014525=
- http://securitytracker.com/id?1014527=
- http://www.red-database-security.com/advisory/oracle_reports_read_any_file.html
- http://www.red-database-security.com/advisory/oracle_reports_read_any_xml_file.html
- http://www.securityfocus.com/archive/1/422256/30/7430/threaded
- http://www.vupen.com/english/advisories/2006/0323
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24321
- http://marc.info/?l=bugtraq&m=112181054226520&w=2
- http://marc.info/?l=bugtraq&m=112181242916757&w=2
- http://secunia.com/advisories/18493
- http://secunia.com/advisories/18608
- http://securitytracker.com/id?1014525=
- http://securitytracker.com/id?1014527=
- http://www.red-database-security.com/advisory/oracle_reports_read_any_file.html
- http://www.red-database-security.com/advisory/oracle_reports_read_any_xml_file.html
- http://www.securityfocus.com/archive/1/422256/30/7430/threaded
- http://www.vupen.com/english/advisories/2006/0323
- https://exchange.xforce.ibmcloud.com/vulnerabilities/24321