CVE-2004-0204 - Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10,

CVE-2004-0204

Summary

Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.

References

Vulnerable Configurations

cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:*:win32:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:*:win32:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp1:win32:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp1:win32:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp2:win32:*:*:*:*:*
cpe:2.3:a:bea:weblogic_server:8.1:sp2:win32:*:*:*:*:*
cpe:2.3:a:borland_software:j_builder:*:*:*:*:*:*:*:*
cpe:2.3:a:borland_software:j_builder:*:*:*:*:*:*:*:*
cpe:2.3:a:businessobjects:crystal_enterprise:9:*:*:*:*:*:*:*
cpe:2.3:a:businessobjects:crystal_enterprise:9:*:*:*:*:*:*:*
cpe:2.3:a:businessobjects:crystal_enterprise:10:*:*:*:*:*:*:*
cpe:2.3:a:businessobjects:crystal_enterprise:10:*:*:*:*:*:*:*
cpe:2.3:a:businessobjects:crystal_enterprise_java_sdk:8.5:*:*:*:*:*:*:*
cpe:2.3:a:businessobjects:crystal_enterprise_java_sdk:8.5:*:*:*:*:*:*:*
cpe:2.3:a:businessobjects:crystal_enterprise_ras:8.5:*:unix:*:*:*:*:*
cpe:2.3:a:businessobjects:crystal_enterprise_ras:8.5:*:unix:*:*:*:*:*
cpe:2.3:a:businessobjects:crystal_reports:9:*:*:*:*:*:*:*
cpe:2.3:a:businessobjects:crystal_reports:9:*:*:*:*:*:*:*
cpe:2.3:a:businessobjects:crystal_reports:10:*:*:*:*:*:*:*
cpe:2.3:a:businessobjects:crystal_reports:10:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:business_solutions_crm:1.2:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:business_solutions_crm:1.2:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:outlook:2003:*:business_contact_manager:*:*:*:*:*
cpe:2.3:a:microsoft:outlook:2003:*:business_contact_manager:*:*:*:*:*
cpe:2.3:a:microsoft:visual_studio_.net:2003:gold:*:*:*:*:*:*
cpe:2.3:a:microsoft:visual_studio_.net:2003:gold:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 12-10-2018 - 21:34)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

oval via4

accepted

2016-02-19T10:00:00.000-04:00

class

vulnerability

contributors

name Andrew Buttner
organization The MITRE Corporation
name Jonathan Baker
organization The MITRE Corporation

description

family

windows

oval:org.mitre.oval:def:1157

status

accepted

submitted

2004-06-09T12:00:00.000-04:00

title

Crystal Reports Business Objects Directory Traversal

version

refmap via4

bid	10260
bugtraq	20040502 Crystal Reports Vulnerabilities 20040608 Vulnerability: Arbitrary File Access & DoS in Crystal Reports
confirm	http://support.businessobjects.com/fix/hot/critical/bulletins/security_bulletin_june04.asp
osvdb	6748
secunia	11800
xf	crystalreports-file-deletion(16044)

Last major update

12-10-2018 - 21:34

Published

06-08-2004 - 04:00

Last modified

12-10-2018 - 21:34