Check Point Advisories

Update Protection against Oracle Reports Server Multiple Vulnerabilities

Check Point Reference: CPAI-2006-030
Date Published: 26 Mar 2006
Severity: High
Last Updated: Monday 07 May, 2007
Source: Oracle Critical Patch Update - January 2006
Industry Reference:

US-CERT VU#472148

Protection Provided by:
Who is Vulnerable?
Vulnerability Description Oracle Reports is a reporting tool that generates data from multiple sources and converts the information into a formatted report. Several vulnerabilities were reported in Oracle Reports server which can be exploited to overwrite arbitrary files, conduct cross-site scripting attacks, gain local user privileges and compromise an affected system.
Vulnerability Statusthe vulnerabilities were published
Update/Patch AvaliableSee Oracle Critical Patch Update from January 2006 at http://www.oracle.com/technology/deploy/security/pdf/cpujan2006.html.
Vulnerability DetailsA remote attacker may be able to overwrite files on the server by sending a specially crafted URL to Oracle Reports. Depending on which file was created or overwritten, this could allow the attacker to gain escalated privileges, conduct cross site scripting attacks or a cause a denial-of-service condition on the system.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK