NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2006-0275

Summary	Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# REP04. NOTE: Oracle has not disputed reliable researcher claims that this issue is related to directory traversal that allows reading of portions of arbitrary XML files via the customize parameter.
Publication Date	Jan. 18, 2006, 8:03 p.m.
Registration Date	Jan. 29, 2021, 3:30 p.m.
Last Update	Oct. 20, 2018, 12:43 a.m.

CVSS2.0 : MEDIUM
Score	5.0
Vector	AV:N/AC:L/Au:N/C:P/I:N/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	なし
可用性への影響(A)	なし
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:oracle:application_server:9.0.4.2:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://secunia.com/advisories/18493	SECUNIA	Vendor Advisory
2	http://secunia.com/advisories/18608	SECUNIA	Vendor Advisory
3	http://securitytracker.com/id?1015499	SECTRACK
4	http://www.kb.cert.org/vuls/id/545804	CERT-VN	Third Party Advisory US Government Resource
5	http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html	CONFIRM
6	http://www.red-database-security.com/advisory/oracle_reports_read_any_xml_file.html	MISC
7	http://www.securityfocus.com/archive/1/422261/30/7430/threaded	BUGTRAQ
8	http://www.securityfocus.com/bid/16287	BID
9	http://www.vupen.com/english/advisories/2006/0243	VUPEN	Vendor Advisory
10	http://www.vupen.com/english/advisories/2006/0323	VUPEN	Vendor Advisory
11	https://exchange.xforce.ibmcloud.com/vulnerabilities/24321	XF

Common Vulnerabilities List