|
Crystal Reports and Crystal Enterprise Directory Traversal Vulnerability
|
|
Secunia Advisory:
|
SA11800
|
|
|
Release Date:
|
2004-06-08
|
|
Last Update:
|
2004-06-09
|
|
Popularity:
|
16,617 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Exposure of system information
Exposure of sensitive information
DoS
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Crystal Enterprise 10
Crystal Enterprise 9
Crystal Enterprise Java SDK
Crystal Reports 10
Crystal Reports 9
Crystal Reports for BEA WebLogic Workshop
Crystal Reports for Borland JBuilder
Crystal Reports for C#Builder
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
Imperva Application Defense Center has discovered a vulnerability in Crystal Reports Web Viewers, allowing malicious people to disclose the content of arbitrary files or delete these.
The vulnerability is caused due to an input validation error in a module ("crystalimagehandler.aspx", "crystalimagehandler.asp", or "crystalimagehandler.jsp") when processing input passed to the "dynamicimage" parameter. This can be exploited via a specially crafted HTTP request containing a classic directory traversal character sequence.
Example:
http://[victim]/crystalreportviewers/crystalimagehandler.aspx?dynamicimage=..\..\[file]
Successful exploitation allows retrieving or deleting arbitrary files on a vulnerable system via the Crystal Reports and the Crystal Enterprise Web viewers.
It is also possible to consume large amounts of disk space and decrease performance by calling the report generation module repeatedly without retrieving related images.
The vulnerability affects the following products:
* Crystal Enterprise 8.5 Java SDK
* Crystal Enterprise RAS 8.5 for UNIX
* Crystal Reports 9
* Crystal Enterprise 9
* Crystal Reports 10
* Crystal Enterprise 10
* Crystal Reports for Borland JBuilder
* Crystal Reports for BEA WebLogic Workshop 8.1
* Crystal Reports for Borland C# Builder
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
