ID CVE-2007-0222
Summary Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors, probably "\.." sequences in the beanId parameter. NOTE: this is likely a duplicate of another CVE that Oracle addressed in CPU Jan 2007, but due to lack of details by Oracle, it is unclear which BugID this issue is associated with, so the other CVE cannot be determined. Possibilities include EM02 (CVE-2007-0292) or EM05 (CVE-2007-0293).
References
Vulnerable Configurations
  • cpe:2.3:a:oracle:application_server:10.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:application_server:10.1.3:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 16-10-2018 - 16:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
bid
  • 22027
  • 22083
bugtraq
  • 20070115 SYMSA-2007-001: Oracle Application Server 10g - Directory Traversal
  • 20070131 Oracle 10g R2 Enterprise Manager Directory Traversal
confirm http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html
sectrack 1017522
secunia 23794
Last major update 16-10-2018 - 16:31
Published 17-01-2007 - 01:28
Last modified 16-10-2018 - 16:31
Back to Top