Lucene search

[email protected]CVE-2006-0275

HistoryJan 18, 2006 - 11:03 a.m.

CVE-2006-0275

2006-01-1811:03:00

[email protected]

web.nvd.nist.gov

cve-2006-0275

oracle

application server

vulnerability

oracle reports developer

directory traversal

xml files

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

9.1 High

AI Score

Confidence

High

0.073 Low

EPSS

Percentile

94.1%

JSON

Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# REP04. NOTE: Oracle has not disputed reliable researcher claims that this issue is related to directory traversal that allows reading of portions of arbitrary XML files via the customize parameter.

Affected configurations

NVD

Node

oracleapplication_serverMatch9.0.4.2

CPENameOperatorVersion
oracle:application_serveroracle application servereq9.0.4.2

CPE	Name	Operator	Version
oracle:application_server	oracle application server	eq	9.0.4.2

References

secunia.com/advisories/18493

secunia.com/advisories/18608

securitytracker.com/id?1015499

www.kb.cert.org/vuls/id/545804

www.oracle.com/technetwork/topics/security/cpujan2006-082403.html

www.red-database-security.com/advisory/oracle_reports_read_any_xml_file.html

www.securityfocus.com/archive/1/422261/30/7430/threaded

www.securityfocus.com/bid/16287

www.vupen.com/english/advisories/2006/0243

www.vupen.com/english/advisories/2006/0323

exchange.xforce.ibmcloud.com/vulnerabilities/24321

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

9.1 High

AI Score

Confidence

High

0.073 Low

EPSS

Percentile

94.1%

JSON

Related for CVE-2006-0275

cvelist1 nvd1 prion1 nessus1