Lucene search

PRIOn knowledge basePRION:CVE-2007-0222

HistoryJan 17, 2007 - 1:28 a.m.

Directory traversal

2007-01-1701:28:00

PRIOn knowledge base

www.prio-n.com

6.4 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

73.6%

JSON

Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors, probably “..” sequences in the beanId parameter. NOTE: this is likely a duplicate of another CVE that Oracle addressed in CPU Jan 2007, but due to lack of details by Oracle, it is unclear which BugID this issue is associated with, so the other CVE cannot be determined. Possibilities include EM02 (CVE-2007-0292) or EM05 (CVE-2007-0293).

CPENameOperatorVersion
application_servereq10.1.3

CPE	Name	Operator	Version
	application_server	eq	10.1.3

References

secunia.com/advisories/23794

securitytracker.com/id?1017522

www.oracle.com/technetwork/topics/security/cpujan2007-101493.html

www.securityfocus.com/archive/1/457105/100/0/threaded

www.securityfocus.com/archive/1/458657/100/0/threaded

www.securityfocus.com/bid/22027

www.securityfocus.com/bid/22083

6.4 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

73.6%

JSON

Related for PRION:CVE-2007-0222