Oracle Reports Server 6.0.8/9.0.2 Information Disclosure Vulnerability

2002-07-18T00:00:00
ID EDB-ID:21627
Type exploitdb
Reporter skp
Modified 2002-07-18T00:00:00

Description

Oracle Reports Server 6.0.8/9.0.2 Information Disclosure Vulnerability. CVE-2002-1089. Remote exploits for multiple platform

                                        
                                            source: http://www.securityfocus.com/bid/5262/info

A problem with Reports Server could make it possible to gain sensitive information from the server.

Under some circumstances, Reports Server may yield sensitive information to unauthenticated remote users. This information may include the system path, software installed on the vulnerable system, and other information that may be used as points of entry.

http://some.site.com/cgi-bin/rwcgi60
http://some.site.com/cgi-bin/rwcgi60/showenv