NVD

Id
68070  
Name
CVE-2005-2378  
Description
Directory traversal vulnerability in Oracle Reports allows remote attackers to read arbitrary files via an absolute or relative path to the (1) CUSTOMIZE or (2) desformat parameters to rwservlet. NOTE: vector 2 is probably the same as CVE-2006-0289, and fixed in Jan 2006 CPU.  
Reject
 
CVSS Version
2  
CVSS Score
5  
Severity
Medium  
CVSS Base Score
5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:N/A:N)  
Pub Date
2017-07-18  
Published
2005-07-26  
Modified Date
2017-07-10  
Seq
2005-2378  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
351965 68070 CVE-2005-2378 20050719 Oracle Security Advisory: Read parts of any file via desformat in Oracle Reports  View
351966 68070 CVE-2005-2378 20050719 Oracle Security Advisory: Read parts of any XML-file via customize parameter in Oracle Reports  View
351967 68070 CVE-2005-2378 1014525  View
351968 68070 CVE-2005-2378 1014527  View
351969 68070 CVE-2005-2378 http://www.red-database-security.com/advisory/oracle_reports_read_any_file.html  View
351970 68070 CVE-2005-2378 http://www.red-database-security.com/advisory/oracle_reports_read_any_xml_file.html  View
351971 68070 CVE-2005-2378 20060117 Oracle Reports - Read parts of files via desname (fixed after 874 days)  View
351972 68070 CVE-2005-2378 ADV-2006-0323  View
351973 68070 CVE-2005-2378 oracle-january2006-update(24321)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
57829 JVNDB-2006-000025 Oracle Reports における不正なパスによるディレクトリトラバーサルの脆弱性 ------------ CVE-2005-2378 13582 CVE-2005-2378 68070 5 http://jvndb.jvn.jp/ja/contents/2006/JVNDB-2006-000025.html 2006-01-17 2007-04-01 View