Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 HTTP:STC:ACTIVEX:SAP-CRSTL-RPT

Severity

 High

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 SAP Crystal Reports Server ActiveX

Release Date

 2011/03/11

Update Number

 1881

Supported Platforms

 idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: SAP Crystal Reports Server ActiveX Insecure Method Vulnerability


This signature detects attempts to exploit known multiple insecure-method vulnerabilities in SAP Crystal Reports Server ActiveX Control. A remote attacker can leverage this by enticing a target user to open a malicious Web page. A successful attack allows an attacker to execute arbitrary code in the security context of the logged in user. An unsuccessful attack can cause an abnormal termination of the affected browser.

Extended Description

The SAP Crystal Reports Server ActiveX control is prone to multiple insecure-method vulnerabilities. Successful exploits will compromise affected computers or cause denial-of-service conditions; other attacks are possible. SAP Crystal Reports Server 2008 is vulnerable.

Affected Products

  • SAP Crystal Reports Server 2008

References

  • BugTraq: 45977
  • URL: https://service.sap.com/sap/support/notes/1458309
  • URL: http://dsecrg.com/pages/vul/show.php?id=302
  • URL: http://www.sap.com/solutions/sapbusinessobjects/sme/reporting/crystalreportsserver/index.epx
  • URL: http://osdir.com/ml/bugtraq.security/2011-01/msg00144.html

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out