Oracle Application Server Reports desname Arbitrary File Overwriting

  Severity: MEDIUM
  CVE Identifier: CVE-2005-2371
  Advisory Date: JUL 21, 2015

  DESCRIPTION

Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows remote attackers to overwrite arbitrary files via (1) "..", (2) Windows drive letter (C:), and (3) absolute path sequences in the desname parameter. NOTE: this issue was probably fixed by REP06 in CPU Jan 2006, in which case it overlaps CVE-2006-0289.

  TREND MICRO PROTECTION INFORMATION

Apply associated Trend Micro DPI Rules.

  SOLUTION

  Trend Micro Deep Security DPI Rule Number: 1000147
  Trend Micro Deep Security DPI Rule Name: 1000147 - Oracle Application Server Reports desname Arbitrary File Overwriting

  AFFECTED SOFTWARE AND VERSION

  • Oracle Oracle Reports 10g
  • Oracle Oracle Reports 6.0
  • Oracle Oracle Reports 6i
  • Oracle Oracle Reports 9i

Featured Stories