{"vuid":"VU#925261","idnumber":"925261","name":"Oracle Reports arbitrary file reading vulnerability","keywords":["Oracle Reports","information disclosure","desformat parameter","REP05","oracle_cpu_january_2006"],"overview":"Oracle Reports fails to validate URI parameters, possibly allowing a remote attacker to read arbitrary files on the Reports Server.","clean_desc":"Oracle Reports is an enterprise reporting tool that extracts data from multiple sources and inserts it into a formatted report. It is a component of Oracle Application Server and the Oracle Developer Suite. Oracle Reports are accessible over a network via a URI. Improper validation on the desformat URI  parameter may allow a remote attacker to read arbitrary files on the Oracle Reports Server. Based on research into public information, we believe that this issue is Oracle vuln# REP05 in the Oracle CPU for January 2006. However, there is not sufficient information to authoritatively relate Oracle vulnerability information to information provided by other parties.","impact":"A remote attacker may be able to read files on the server by sending a specially crafted URI to Oracle Reports.","resolution":"Apply patches \nThis issue is corrected in the Oracle Critical Patch Update for January 2006.","workarounds":"Restrict Access to Reports Server Allowing only trusted users access to Oracle Reports may reduce the chances of exploitation.","sysaffected":"","thanks":"This document is based on information provided by Alexander Kornbrust.","author":"This document was written by Jeff Gennari.","public":["http://www.red-database-security.com/advisory/oracle_reports_read_any_file.html","http://secunia.com/advisories/16092/","http://securitytracker.com/id?1014525","http://securitytracker.com/id?1014527"],"cveids":["CVE-2005-2378"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2005-07-19T19:53:33Z","publicdate":"2005-07-19T00:00:00Z","datefirstpublished":"2006-01-19T18:09:00Z","dateupdated":"2006-01-20T16:40:48Z","revision":17,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"3","cam_population":"15","cam_impact":"8","cam_easeofexploitation":"7","cam_attackeraccessrequired":"15","cam_scorecurrent":"4.2525","cam_scorecurrentwidelyknown":"5.43375","cam_scorecurrentwidelyknownexploited":"10.15875","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":4.2525,"vulnote":null}