Vulnerability Name:

CVE-2005-2371 (CCN-24171)

Assigned:2005-01-17
Published:2005-01-17
Updated:2018-10-19
Summary:Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows remote attackers to overwrite arbitrary files via (1) "..", (2) Windows drive letter (C:), and (3) absolute path sequences in the desname parameter.
Note: this issue was probably fixed by REP06 in CPU Jan 2006, in which case it overlaps CVE-2006-0289.
CVSS v3 Severity:3.5 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): Required
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): Single_Instance
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-22
Vulnerability Consequences:Informational
References:Source: CCN
Type: Full-Disclosure Mailing List, Tue Jan 17 2006 - 14:47:40 CST
Oracle Reports - Overwrite any application server file via desname (fixed after 889 days)

Source: MITRE
Type: CNA
CVE-2005-2371

Source: BUGTRAQ
Type: UNKNOWN
20050719 Oracle Security Advisory: Overwrite any file via desname in Oracle Reports

Source: CCN
Type: SA18493
Oracle Products Multiple Vulnerabilities and Security Issues

Source: SECUNIA
Type: Vendor Advisory
18493

Source: CCN
Type: SA18608
HP Oracle for Openview Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
18608

Source: CCN
Type: SECTRACK ID: 1014524
Oracle Reports Server `desname` Parameter Lets Remote Authenticated Users Overwrite Files

Source: SECTRACK
Type: UNKNOWN
1014524

Source: CCN
Type: Oracle Web site
Oracle Critical Patch Update Advisory - January 2006

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html

Source: MISC
Type: Vendor Advisory
http://www.red-database-security.com/advisory/oracle_reports_overwrite_any_file.html

Source: BUGTRAQ
Type: UNKNOWN
20060117 Oracle Reports - Overwrite any application server file via desname (fixed after 889 days)

Source: BID
Type: UNKNOWN
14309

Source: CCN
Type: BID-14309
Oracle Reports Server DESName Remote File Overwrite Vulnerability

Source: VUPEN
Type: Vendor Advisory
ADV-2006-0323

Source: XF
Type: UNKNOWN
oracle-reports-desname-file-overwrite(24171)

Source: XF
Type: UNKNOWN
oracle-january2006-update(24321)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:oracle:reports:6.0:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:reports:6i:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:reports:9i:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:reports:10g:*:*:*:*:*:*:*

  • Configuration CCN 1:
  • cpe:/a:oracle:application_server:1.0.2.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.2.0.6:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:8.0.6.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.1.0.3:r1:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:9.0.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:collaboration_suite:9.0.4.2:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.0.1.5:*:fips:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.1.0.4:r1:*:*:*:*:*:*
  • OR cpe:/a:oracle:enterprise_manager_grid_control:10.1.0.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:developer_suite:9.0.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:9.0.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:enterprise_manager_grid_control:10.1.0.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:10.1.2.0.0:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:10.1.2.0.1:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:application_server:10.1.2.0.2:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.2.0.1:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.1.0.5:r1:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:9.2.0.7:r2:*:*:*:*:*:*
  • OR cpe:/a:oracle:collaboration_suite:10.1.1:r1:*:*:*:*:*:*
  • OR cpe:/a:oracle:collaboration_suite:10.1.2:r1:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:11.5.10:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:peoplesoft_enterprise_portal:8.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:peoplesoft_enterprise_portal:8.8:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:peoplesoft_enterprise_portal:8.9:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:database_server:10.1.0.4.2:r1:*:*:*:*:*:*
  • OR cpe:/a:oracle:developer_suite:9.0.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:developer_suite:6i:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:developer_suite:9.0.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:developer_suite:10.1.2.0.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:11.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:11.5.2:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:11.5.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:11.5.4:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:11.5.5:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:11.5.6:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:11.5.7:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:11.5.8:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:e-business_suite:11.5.9:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:workflow:11.5.1:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:workflow:11.5.9.5:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    BACK
    oracle reports 6.0
    oracle reports 6i
    oracle reports 9i
    oracle reports 10g
    oracle application server 1.0.2.2
    oracle database server 9.2.0.6 r2
    oracle database server 8.0.6.3
    oracle database server 10.1.0.3 r1
    oracle application server 9.0.4.1
    oracle collaboration suite 9.0.4.2 r2
    oracle database server 9.0.1.5
    oracle database server 10.1.0.4 r1
    oracle enterprise manager grid control 10.1.0.3
    oracle developer suite 9.0.4.1
    oracle application server 9.0.4.2
    oracle enterprise manager grid control 10.1.0.4
    oracle application server 10.1.2.0.0 r2
    oracle application server 10.1.2.0.1 r2
    oracle application server 10.1.2.0.2 r2
    oracle database server 10.2.0.1 r2
    oracle database server 10.1.0.5 r1
    oracle database server 9.2.0.7 r2
    oracle collaboration suite 10.1.1 r1
    oracle collaboration suite 10.1.2 r1
    oracle e-business suite 11.5.10
    oracle peoplesoft enterprise portal 8.4
    oracle peoplesoft enterprise portal 8.8
    oracle peoplesoft enterprise portal 8.9
    oracle database server 10.1.0.4.2 r1
    oracle developer suite 9.0.2.1
    oracle developer suite 6i
    oracle developer suite 9.0.4.2
    oracle developer suite 10.1.2.0.2
    oracle e-business suite 11.5.1
    oracle e-business suite 11.5.2
    oracle e-business suite 11.5.3
    oracle e-business suite 11.5.4
    oracle e-business suite 11.5.5
    oracle e-business suite 11.5.6
    oracle e-business suite 11.5.7
    oracle e-business suite 11.5.8
    oracle e-business suite 11.5.9
    oracle workflow 11.5.1
    oracle workflow 11.5.9.5