CVE-2006-0275 - Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0

CVE-2006-0275

Summary

Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# REP04. NOTE: Oracle has not disputed reliable researcher claims that this issue is related to directory traversal that allows reading of portions of arbitrary XML files via the customize parameter.

References

Vulnerable Configurations

cpe:2.3:a:oracle:application_server:9.0.4.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:application_server:9.0.4.2:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 19-10-2018 - 15:43)
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	16287
bugtraq	20060117 Oracle Reports - Read parts of files via customize(fixed after 875 days)
cert-vn	VU#545804
confirm	http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html
misc	http://www.red-database-security.com/advisory/oracle_reports_read_any_xml_file.html
sectrack	1015499
secunia	18493 18608
vupen	ADV-2006-0243 ADV-2006-0323
xf	oracle-january2006-update(24321)

saint via4

bid	16287
description	Oracle XML Component DBMS_XMLSCHEMA.GENERATESCHEMA buffer overflow
id	database_oracle_version
osvdb	22567
title	oracle_xml_generateschema
type	remote

Last major update

19-10-2018 - 15:43

Published

18-01-2006 - 11:03

Last modified

19-10-2018 - 15:43