Published: 15/03/2023 Updated: 22/03/2023

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 0

In Eclipse BIRT, starting from version 2.6.2, the default configuration allowed to retrieve a report from the same host using an absolute HTTP path for the report parameter (e.g. __report=xyz.com/report.rptdesign). If the host indicated in the __report parameter matched the HTTP Host header value, the report would be retrieved. However, the Host header can be tampered with on some configurations where no virtual hosts are put in place (e.g. in the default configuration of Apache Tomcat) or when the default host points to the BIRT server. This vulnerability was patched on Eclipse BIRT 4.13.

Vulnerable Product	Search on Vulmon	Subscribe to Product
eclipse business intelligence and reporting tools

DescriptionThe MITRE CVE dictionary describes this issue as: In Eclipse BIRT, starting from version 262, the default configuration allowed to retrieve a report from the same host using an absolute HTTP path for the report parameter (eg __report=xyzcom/reportrptdesign) If the host indicated in the __report parameter matched the HTTP Ho ...

NVD-CWE-noinfo https://bugs.eclipse.org/bugs/show_bug.cgi?id=580391 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2023-0100

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-0100

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect