CVE-2023-0100
published 2023-03-15CVE-2023-0100: In Eclipse BIRT, starting from version 2.6.2, the default configuration allowed to retrieve a report from the same host using an absolute HTTP path for the…
PriorityP348high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.73%
49.8th percentile
In Eclipse BIRT, starting from version 2.6.2, the default configuration allowed to retrieve a report from the same host using an absolute HTTP path for the report parameter (e.g. __report=http://xyz.com/report.rptdesign). If the host indicated in the __report parameter matched the HTTP Host header value, the report would be retrieved. However, the Host header can be tampered with on some configurations where no virtual hosts are put in place (e.g. in the default configuration of Apache Tomcat) or when the default host points to the BIRT server. This vulnerability was patched on Eclipse BIRT 4.13.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| eclipse | business_intelligence_and_reporting_tools | >= 2.6.2 < 4.13.0 | 4.13.0 |
| the_eclipse_foundation | eclipse_birt | >= 2.6.2 < unspecified | unspecified |
| the_eclipse_foundation | eclipse_birt | >= unspecified < 4.13 | 4.13 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Improper Input Validation In Eclipse BIRT
ghsa·2023-03-15
CVE-2023-0100 [HIGH] CWE-20 Improper Input Validation In Eclipse BIRT
Improper Input Validation In Eclipse BIRT
In Eclipse BIRT, starting from version 2.6.2, the default configuration allowed to retrieve a report from the same host using an absolute HTTP path for the report parameter (e.g. __report=http://xyz.com/report.rptdesign). If the host indicated in the __report parameter matched the HTTP Host header value, the report would be retrieved. However, the Host header can be tampered with on some configurations where no virtual hosts are put in place (e.g. in the default configuration of Apache Tomcat) or when the default host points to the BIRT server. This vulnerability was patched on Eclipse BIRT 4.13.
OSV
Improper Input Validation In Eclipse BIRT
osv·2023-03-15
CVE-2023-0100 [HIGH] Improper Input Validation In Eclipse BIRT
Improper Input Validation In Eclipse BIRT
In Eclipse BIRT, starting from version 2.6.2, the default configuration allowed to retrieve a report from the same host using an absolute HTTP path for the report parameter (e.g. __report=http://xyz.com/report.rptdesign). If the host indicated in the __report parameter matched the HTTP Host header value, the report would be retrieved. However, the Host header can be tampered with on some configurations where no virtual hosts are put in place (e.g. in the default configuration of Apache Tomcat) or when the default host points to the BIRT server. This vulnerability was patched on Eclipse BIRT 4.13.
Red Hat
eclipse-birt: RCE on the default configuration of BIRT Viewer
vendor_redhat·2023-03-15·CVSS 8.8
CVE-2023-0100 [HIGH] CWE-20 eclipse-birt: RCE on the default configuration of BIRT Viewer
eclipse-birt: RCE on the default configuration of BIRT Viewer
In Eclipse BIRT, starting from version 2.6.2, the default configuration allowed to retrieve a report from the same host using an absolute HTTP path for the report parameter (e.g. __report=http://xyz.com/report.rptdesign). If the host indicated in the __report parameter matched the HTTP Host header value, the report would be retrieved. However, the Host header can be tampered with on some configurations where no virtual hosts are put in place (e.g. in the default configuration of Apache Tomcat) or when the default host points to the BIRT server. This vulnerability was patched on Eclipse BIRT 4.13.
A flaw was found In Eclipse BIRT, where the default configuration allowed retrieval of a report from the same host using an absolute
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-03-15
Published