CVE-2006-0275 — Path Traversal in Oracle Application Server

4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

2.6%

top 14.34%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Application Server

Timeline

PublishedJan 18

Latest updateMay 1

Description

Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# REP04. NOTE: Oracle has not disputed reliable researcher claims that this issue is related to directory traversal that allows reading of portions of arbitrary XML files via the customize parameter.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDoracle/application_server9.0.4.2

🔴Vulnerability Details

GHSA

GHSA-xp84-rcpw-9xq3: Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9↗2022-05-01

▶

CVEList

CVE-2006-0275: Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9↗2006-01-18

▶

💥Exploits & PoCs

Exploit-DB

Oracle HTTP Server - Cross-Site Scripting Header Injection↗2011-06-13

▶