CVE-2006-0275

Vulnerability Description

Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# REP04. NOTE: Oracle has not disputed reliable researcher claims that this issue is related to directory traversal that allows reading of portions of arbitrary XML files via the customize parameter.

CVSS Score

Affected Products

References

• http://secunia.com/advisories/18493Vendor Advisory
• http://secunia.com/advisories/18608Vendor Advisory
• http://securitytracker.com/id?1015499
• http://www.kb.cert.org/vuls/id/545804Third Party AdvisoryUS Government Resource
• http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html
• http://www.red-database-security.com/advisory/oracle_reports_read_any_xml_file.h
• http://www.securityfocus.com/archive/1/422261/30/7430/threaded
• http://www.securityfocus.com/bid/16287
• http://www.vupen.com/english/advisories/2006/0243Vendor Advisory
• http://www.vupen.com/english/advisories/2006/0323Vendor Advisory
• https://exchange.xforce.ibmcloud.com/vulnerabilities/24321
• http://secunia.com/advisories/18493Vendor Advisory
• http://secunia.com/advisories/18608Vendor Advisory
• http://securitytracker.com/id?1015499
• http://www.kb.cert.org/vuls/id/545804Third Party AdvisoryUS Government Resource