Directory traversal vulnerability in Oracle Reports allows remote malicious users to read arbitrary files via an absolute or relative path to the (1) CUSTOMIZE or (2) desformat parameters to rwservlet. NOTE: vector 2 is probably the same as CVE-2006-0289, and fixed in Jan 2006 CPU.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
oracle reports |