CVE-2004-1981 — Crystal Enterprise vulnerability

5 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.7%

top 29.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Businessobjects Crystal Enterprise Businessobjects Crystal Reports

Timeline

PublishedMay 2

Latest updateApr 29

Description

The web interface for Crystal Reports allows remote attackers to cause a denial of service (disk exhaustion) by repeatedly requesting reports without retrieving the associated image files, which are not cleared from the image file folder.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDbusinessobjects/crystal_reports10, 9+1

▶NVDbusinessobjects/crystal_enterprise10, 9+1

🔴Vulnerability Details

GHSA

GHSA-hcq6-q47h-5jff: The web interface for Crystal Reports allows remote attackers to cause a denial of service (disk exhaustion) by repeatedly requesting reports without↗2022-04-29

▶

CVEList

CVE-2004-1981: The web interface for Crystal Reports allows remote attackers to cause a denial of service (disk exhaustion) by repeatedly requesting reports without↗2005-05-10

▶

💥Exploits & PoCs

Exploit-DB

Mercury/32 Mail Server 4.01 - 'Pegasus' IMAP Buffer Overflow (1)↗2004-11-30

▶