Oracle Reports fails to validate URI parameters, possibly allowing a remote attacker to overwrite arbitrary files on the Reports Server.
Oracle Reports is an enterprise reporting tool that extracts data from multiple sources and inserts it into a formatted report. It is a component of Oracle Application Server and the Oracle Developer Suite. Oracle Reports are accessible over a network via a URI. Improper validation on the desname
URI parameter may allow a remote attacker to overwrite or create arbitrary files on the server where the Oracle Reports service is installed.
Based on research into public information, we believe that this issue is Oracle vuln# REP06 in the Oracle CPU for January 2006. However, there is not sufficient information to authoritatively relate Oracle vulnerability information to information provided by other parties.
By sending a specially crafted URI to Oracle Reports, a remote attacker may be able to overwrite files on the server with the privileges of the Oracle Reports process. Depending on which file was created or overwritten, this could allow the attacker to gain elevated privileges or a cause a denial-of-service condition on the system.
Apply patches
This issue is corrected in the Oracle Critical Patch Update for January 2006.
Restrict Access to Reports Server
Allowing only trusted users access to Oracle Reports may reduce the chances of exploitation.
472148
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: January 19, 2006
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see <http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html> and <http://www.red-database-security.com/advisory/oracle_reports_overwrite_any_file.html>
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23472148 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This document is based on information provided by Alexander Kornbrust.
This document was written by Jeff Gennari.
CVE IDs: | CVE-2005-2371 |
---|---|
Severity Metric: | 12.78 Date Public: |