Signature Detail

HTTP: Crystal Reports Directory Traversal

This signature detects attempts to exploit a known vulnerability in Microsoft Crystal Reports. Users of Visual Studio .NET 2003, Outlook 2003 with Business Contact Manager, or Microsoft Business Solutions Customer Relationship Management (CRM) 1.2 are affected. Attackers can send a malformed URL to the server to read or write to any file on the server.

Extended Description

Crystal Reports and Crystal Enterprise Web Form Viewer is prone to a directory traversal vulnerability. This issue can allow an attacker to retrieve and delete files, allowing for information disclosure and denial of service attacks. An attacker can exploit this issue by sending directory traversal sequences and requesting a file through a vulnerable parameter of one of the affected modules. Microsoft Visual Studio .NET 2003, Outlook 2003 with Business Contact Manager, and Business Solutions CRM 1.2 are also vulnerable to this issue as Microsoft re-distributes Crystal Reports.

Affected Products

• BEA Systems WebLogic Express 7.0.0
• BEA Systems WebLogic Express 7.0.0 SP 1
• BEA Systems WebLogic Express 7.0.0 SP 2
• BEA Systems WebLogic Express 7.0.0 SP 3
• BEA Systems WebLogic Express 7.0.0 SP 4
• BEA Systems WebLogic Express 7.0.0 SP 5
• BEA Systems WebLogic Express 8.1.0
• BEA Systems WebLogic Express 8.1.0 SP 1
• BEA Systems WebLogic Express 8.1.0 SP 2
• BEA Systems WebLogic Express for Win32 7.0.0
• BEA Systems WebLogic Express for Win32 7.0.0 SP 1
• BEA Systems WebLogic Express for Win32 7.0.0 SP 2
• BEA Systems WebLogic Express for Win32 7.0.0 SP 3
• BEA Systems WebLogic Express for Win32 7.0.0 SP 4
• BEA Systems WebLogic Express for Win32 7.0.0 SP 5
• BEA Systems WebLogic Express for Win32 8.1.0
• BEA Systems WebLogic Express for Win32 8.1.0 SP 1
• BEA Systems WebLogic Express for Win32 8.1.0 SP 2
• BEA Systems Weblogic Server 7.0.0
• BEA Systems Weblogic Server 7.0.0 SP 1
• BEA Systems Weblogic Server 7.0.0 SP 2
• BEA Systems Weblogic Server 7.0.0 SP 3
• BEA Systems Weblogic Server 7.0.0 SP 4
• BEA Systems Weblogic Server 7.0.0 SP 5
• BEA Systems Weblogic Server 8.1
• BEA Systems Weblogic Server 8.1.0
• BEA Systems Weblogic Server 8.1.0 SP 1
• BEA Systems Weblogic Server 8.1.0 SP 2
• BEA Systems WebLogic Server for Win32 7.0.0
• BEA Systems WebLogic Server for Win32 7.0.0 SP 1
• BEA Systems WebLogic Server for Win32 7.0.0 SP 2
• BEA Systems WebLogic Server for Win32 7.0.0 SP 3
• BEA Systems WebLogic Server for Win32 7.0.0 SP 4
• BEA Systems WebLogic Server for Win32 7.0.0 SP 5
• BEA Systems WebLogic Server for Win32 8.1.0
• BEA Systems WebLogic Server for Win32 8.1.0 SP 1
• BEA Systems WebLogic Server for Win32 8.1.0 SP 2
• Borland J Builder
• Business Objects Crystal Enterprise 10.0.0
• Business Objects Crystal Enterprise 9.0.0
• Business Objects Crystal Enterprise Java SDK 8.5.0
• Business Objects Crystal Enterprise RAS for UNIX 8.5.0
• Business Objects Crystal Reports 10.0.0
• Business Objects Crystal Reports 9.0.0
• Microsoft Business Solutions CRM 1.2
• Microsoft Outlook 2003 with Business Contact Manager
• Microsoft Visual Studio .NET 2003

References

• BugTraq: 10260
• CVE: CVE-2004-0204
• URL: http://www.microsoft.com/technet/security/bulletin/MS04-017.mspx
• URL: http://securitytracker.com/alerts/2004/Jun/1010429.html