Vulnerability Name:

CVE-2007-0222 (CCN-31572)

Assigned:2007-01-16
Published:2007-01-16
Updated:2018-10-16
Summary:Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors, probably "\.." sequences in the beanId parameter.
Note: this is likely a duplicate of another CVE that Oracle addressed in CPU Jan 2007, but due to lack of details by Oracle, it is unclear which BugID this issue is associated with, so the other CVE cannot be determined. Possibilities include EM02 (CVE-2007-0292) or EM05 (CVE-2007-0293).
CVSS v3 Severity:7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
4.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N)
6.8 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-Other
Vulnerability Consequences:Obtain Information
References:Source: CCN
Type: BugTraq Mailing List, Tue Jan 30 2007 - 20:00:12 CST
Oracle 10g R2 Enterprise Manager Directory Traversal

Source: MITRE
Type: CNA
CVE-2007-0222

Source: CCN
Type: SA23794
Oracle Products Multiple Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
23794

Source: CCN
Type: SECTRACK ID: 1017522
Oracle Database and Other Products Have 52 Unspecified Vulnerabilities With Unspecified Impact

Source: SECTRACK
Type: UNKNOWN
1017522

Source: CCN
Type: Oracle Critical Patch Update - January 2007
Oracle Critical Patch Update Advisory - January 2007

Source: CONFIRM
Type: UNKNOWN
http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html

Source: CCN
Type: OSVDB ID: 32875
Oracle Enterprise Manager Agent HTTP Unspecified Issue (EM01)

Source: CCN
Type: OSVDB ID: 32876
Oracle Enterprise Manager Agent HTTP Unspecified Issue (EM02)

Source: CCN
Type: OSVDB ID: 32877
Oracle Enterprise Manager Agent HTTP Unspecified Information Disclosure

Source: CCN
Type: OSVDB ID: 32878
Oracle Enterprise Manager Console HTTP Unspecified Issue

Source: CCN
Type: OSVDB ID: 32879
Oracle Enterprise Manager /em/dynamicImage/emSDK/chart/EmChartBean beanId Parameter Traversal Arbitrary File Access

Source: CCN
Type: Red-Database-Security Web site
Details Oracle Critical Patch Update January 2007

Source: BUGTRAQ
Type: UNKNOWN
20070115 SYMSA-2007-001: Oracle Application Server 10g - Directory Traversal

Source: BUGTRAQ
Type: UNKNOWN
20070131 Oracle 10g R2 Enterprise Manager Directory Traversal

Source: BID
Type: Patch
22027

Source: CCN
Type: BID-22027
Oracle Application Server 10G EmChartBeam Remote Directory Traversal Vulnerability

Source: BID
Type: UNKNOWN
22083

Source: CCN
Type: BID-22083
Oracle January 2007 Security Update Multiple Vulnerabilities

Source: CCN
Type: SYMSA-2007-001
Oracle Application Server 10g - Directory Traversal

Source: CCN
Type: US-CERT Technical Cyber Security Alert TA07-017A
Oracle Releases Patches for Multiple Vulnerabilities

Source: XF
Type: UNKNOWN
oracle-emchartbean-directory-traversal(31572)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:oracle:application_server:10.1.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    oracle application server 10.1.3