Lucene search

[email protected]CVE-2004-1981

HistoryMay 02, 2004 - 4:00 a.m.

CVE-2004-1981

2004-05-0204:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

crystal reports

denial of service

disk exhaustion

web interface

nvd

cve-2004-1981

7.5 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.011 Low

EPSS

Percentile

84.4%

JSON

The web interface for Crystal Reports allows remote attackers to cause a denial of service (disk exhaustion) by repeatedly requesting reports without retrieving the associated image files, which are not cleared from the image file folder.

CPENameOperatorVersion
businessobjects:crystal_reportsbusinessobjects crystal reportseq9
businessobjects:crystal_enterprisebusinessobjects crystal enterpriseeq9
businessobjects:crystal_enterprisebusinessobjects crystal enterpriseeq10
businessobjects:crystal_reportsbusinessobjects crystal reportseq10

CPE	Name	Operator	Version
businessobjects:crystal_reports	businessobjects crystal reports	eq	9
businessobjects:crystal_enterprise	businessobjects crystal enterprise	eq	9
businessobjects:crystal_enterprise	businessobjects crystal enterprise	eq	10
businessobjects:crystal_reports	businessobjects crystal reports	eq	10

References

marc.info/?l=bugtraq&m=108360413811017&w=2

marc.info/?l=bugtraq&m=108671836127360&w=2

exchange.xforce.ibmcloud.com/vulnerabilities/16046

7.5 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.011 Low

EPSS

Percentile

84.4%

JSON