CVE-2006-0275
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.3 Medium
AI Score
Confidence
Low
0.073 Low
EPSS
Percentile
94.1%
Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# REP04. NOTE: Oracle has not disputed reliable researcher claims that this issue is related to directory traversal that allows reading of portions of arbitrary XML files via the customize parameter.
Affected configurations
References
secunia.com/advisories/18493
secunia.com/advisories/18608
securitytracker.com/id?1015499
www.kb.cert.org/vuls/id/545804
www.oracle.com/technetwork/topics/security/cpujan2006-082403.html
www.red-database-security.com/advisory/oracle_reports_read_any_xml_file.html
www.securityfocus.com/archive/1/422261/30/7430/threaded
www.securityfocus.com/bid/16287
www.vupen.com/english/advisories/2006/0243
www.vupen.com/english/advisories/2006/0323
exchange.xforce.ibmcloud.com/vulnerabilities/24321
Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.3 Medium
AI Score
Confidence
Low
0.073 Low
EPSS
Percentile
94.1%