This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:DIR:CRYSTAL-REPORTS
|
Severity |
Major
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
HTTP
|
Keywords |
Crystal Reports Directory Traversal
|
Release Date |
2004/06/09
|
Update Number |
1213
|
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: Crystal Reports Directory Traversal
This signature detects attempts to exploit a known vulnerability in Microsoft Crystal Reports. Users of Visual Studio .NET 2003, Outlook 2003 with Business Contact Manager, or Microsoft Business Solutions Customer Relationship Management (CRM) 1.2 are affected. Attackers can send a malformed URL to the server to read or write to any file on the server.
Extended Description
Crystal Reports and Crystal Enterprise Web Form Viewer is prone to a directory traversal vulnerability. This issue can allow an attacker to retrieve and delete files, allowing for information disclosure and denial of service attacks.
An attacker can exploit this issue by sending directory traversal sequences and requesting a file through a vulnerable parameter of one of the affected modules.
Microsoft Visual Studio .NET 2003, Outlook 2003 with Business Contact Manager, and Business Solutions CRM 1.2 are also vulnerable to this issue as Microsoft re-distributes Crystal Reports.
Affected Products
- Bea_systems weblogic_express 7.0.0
- Bea_systems weblogic_express 7.0.0 SP 1
- Bea_systems weblogic_express 7.0.0 SP 2
- Bea_systems weblogic_express 7.0.0 SP 3
- Bea_systems weblogic_express 7.0.0 SP 4
- Bea_systems weblogic_express 7.0.0 SP 5
- Bea_systems weblogic_express 8.1.0
- Bea_systems weblogic_express 8.1.0 SP 1
- Bea_systems weblogic_express 8.1.0 SP 2
- Bea_systems weblogic_express_for_win32 7.0.0
- Bea_systems weblogic_express_for_win32 7.0.0 SP 1
- Bea_systems weblogic_express_for_win32 7.0.0 SP 2
- Bea_systems weblogic_express_for_win32 7.0.0 SP 3
- Bea_systems weblogic_express_for_win32 7.0.0 SP 4
- Bea_systems weblogic_express_for_win32 7.0.0 SP 5
- Bea_systems weblogic_express_for_win32 8.1.0
- Bea_systems weblogic_express_for_win32 8.1.0 SP 1
- Bea_systems weblogic_express_for_win32 8.1.0 SP 2
- Bea_systems weblogic_server 7.0.0
- Bea_systems weblogic_server 7.0.0 SP 1
- Bea_systems weblogic_server 7.0.0 SP 2
- Bea_systems weblogic_server 7.0.0 SP 3
- Bea_systems weblogic_server 7.0.0 SP 4
- Bea_systems weblogic_server 7.0.0 SP 5
- Bea_systems weblogic_server 8.1
- Bea_systems weblogic_server 8.1.0
- Bea_systems weblogic_server 8.1.0 SP 1
- Bea_systems weblogic_server 8.1.0 SP 2
- Bea_systems weblogic_server_for_win32 7.0.0
- Bea_systems weblogic_server_for_win32 7.0.0 SP 1
- Bea_systems weblogic_server_for_win32 7.0.0 SP 2
- Bea_systems weblogic_server_for_win32 7.0.0 SP 3
- Bea_systems weblogic_server_for_win32 7.0.0 SP 4
- Bea_systems weblogic_server_for_win32 7.0.0 SP 5
- Bea_systems weblogic_server_for_win32 8.1.0
- Bea_systems weblogic_server_for_win32 8.1.0 SP 1
- Bea_systems weblogic_server_for_win32 8.1.0 SP 2
- Borland j_builder
- Business_objects crystal_enterprise 10.0.0
- Business_objects crystal_enterprise 9.0.0
- Business_objects crystal_enterprise_java_sdk 8.5.0
- Business_objects crystal_enterprise_ras_for_unix 8.5.0
- Business_objects crystal_reports 10.0.0
- Business_objects crystal_reports 9.0.0
- Microsoft business_solutions_crm 1.2
- Microsoft outlook_2003_with_business_contact_manager
- Microsoft visual_studio_.net_2003
References