Oracle Reports Directory Traversal Vulnerability

Oracle Reports Directory Traversal Vulnerability

CVE-2005-2378 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Directory traversal vulnerability in Oracle Reports allows remote attackers to read arbitrary files via an absolute or relative path to the (1) CUSTOMIZE or (2) desformat parameters to rwservlet. NOTE: vector 2 is probably the same as CVE-2006-0289, and fixed in Jan 2006 CPU.

Learn more about our Web Application Penetration Testing UK.