5

CVE-2007-0222

Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors, probably "\.." sequences in the beanId parameter.  NOTE: this is likely a duplicate of another CVE that Oracle addressed in CPU Jan 2007, but due to lack of details by Oracle, it is unclear which BugID this issue is associated with, so the other CVE cannot be determined.  Possibilities include EM02 (CVE-2007-0292) or EM05 (CVE-2007-0293).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OracleApplication Server Version10.1.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 10.61% 0.952
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://secunia.com/advisories/23794
Patch
Vendor Advisory
http://securitytracker.com/id?1017522
http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html
http://www.securityfocus.com/bid/22083
http://www.securityfocus.com/archive/1/457105/100/0/threaded
http://www.securityfocus.com/archive/1/458657/100/0/threaded
http://www.securityfocus.com/bid/22027
Patch