cbcvebase.
CVE-2023-0100
published 2023-03-15

CVE-2023-0100: In Eclipse BIRT, starting from version 2.6.2, the default configuration allowed to retrieve a report from the same host using an absolute HTTP path for the…

PriorityP348high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.73%
49.8th percentile
In Eclipse BIRT, starting from version 2.6.2, the default configuration allowed to retrieve a report from the same host using an absolute HTTP path for the report parameter (e.g. __report=http://xyz.com/report.rptdesign). If the host indicated in the __report parameter matched the HTTP Host header value, the report would be retrieved. However, the Host header can be tampered with on some configurations where no virtual hosts are put in place (e.g. in the default configuration of Apache Tomcat) or when the default host points to the BIRT server. This vulnerability was patched on Eclipse BIRT 4.13.

Affected

3 ranges
VendorProductVersion rangeFixed in
eclipsebusiness_intelligence_and_reporting_tools>= 2.6.2 < 4.13.04.13.0
the_eclipse_foundationeclipse_birt>= 2.6.2 < unspecifiedunspecified
the_eclipse_foundationeclipse_birt>= unspecified < 4.134.13

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.