Oracle.Reports.Server.Arbitrary.File.Disclosure

description-logoDescription

It indicates a possible exploit of a Arbitrary File Disclosure vulnerability in Oracle Reports Server. Oracle Reports Server suffers from a programming error that can allow attackers access to arbitrary files. The server does not restrict users from accessing sensitive files when handling specially crafted HTTP GET requests.

affected-products-logoAffected Products

Oracle Reports6i 6.0.8 .19, Reports6i 6.0.8, Reports 9i, Reports 6, Reports 10g 9.0.4 .3.3
Reports 10g 9.0.4, Reports 10g 9.0.3, Reports 10g 9.0.2, Reports 10g 9.0.1, and Reports 10g 9.0

Impact logoImpact

Disclosure or Modification of sensitive data

recomended-action-logoRecommended Actions

Apply appropriate patch from the vendor or Upgrade to non-vulnerable version if available.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)