Trend Micro ServerProtect Crystal Report rptserver.asp Traversal Arbitrary File Access

2005-12-14T04:03:17
ID OSVDB:21770
Type osvdb
Reporter OSVDB
Modified 2005-12-14T04:03:17

Description

Vulnerability Description

ServerProtect contains a flaw that allows a remote attacker to display the contents of files outside of the web path via the Crystal Reports ActiveX object. The issue is due to the rptserver.asp script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'IMAGE' variable.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

ServerProtect contains a flaw that allows a remote attacker to display the contents of files outside of the web path via the Crystal Reports ActiveX object. The issue is due to the rptserver.asp script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'IMAGE' variable.

References:

Vendor Specific Advisory URL Security Tracker: 1015358 Secunia Advisory ID:18038 Related OSVDB ID: 21771 Related OSVDB ID: 21772 Related OSVDB ID: 21773 Other Advisory URL: http://www.idefense.com/application/poi/display?id=352&type=vulnerabilities Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0568.html FrSIRT Advisory: ADV-2005-2907 CVE-2005-1930