CVE-2005-2371Path Traversal in Oracle Reports

CWE-22Path Traversal3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
3.6%
top 12.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Oracle Reports
Timeline
PublishedJul 26
Latest updateMay 1

Description

Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows remote attackers to overwrite arbitrary files via (1) "..", (2) Windows drive letter (C:), and (3) absolute path sequences in the desname parameter. NOTE: this issue was probably fixed by REP06 in CPU Jan 2006, in which case it overlaps CVE-2006-0289.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDoracle/reports4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-762j-f7hq-mp7h: Directory traversal vulnerability in Oracle Reports 62022-05-01
CVEList
CVE-2005-2371: Directory traversal vulnerability in Oracle Reports 62005-07-26