|
|
CVE Reference: CVE-2007-0222 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2007-0222 |
|
|
Description: Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors, probably "\.." sequences in the beanId parameter. NOTE: this is likely a duplicate of another CVE that Oracle addressed in CPU Jan 2007, but due to lack of details by Oracle, it is unclear which BugID this issue is associated with, so the other CVE cannot be determined. Possibilities include EM02 (CVE-2007-0292) or EM05 (CVE-2007-0293). |
|
|
CVE Status: Candidate |
|
|
References: ST 1017522 SAID Secunia Advisory: SA23794 CONFIRM http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2007.html BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/458657/100/0/threaded http://www.securityfocus.com/archive/1/archive/1/457105/100/0/threaded BID 22027 22083 |
|
| Return to the previous page. |
