All the vulnerabilites related to businessobjects - crystal_enterprise
cve-2006-4099
Vulnerability from cvelistv5
Published
2006-11-29 17:00
Modified
2024-08-07 18:57
Severity ?
EPSS score ?
Summary
Business Objects Crystal Enterprise 9 and 10 generates predictable session identifiers, which allows remote attackers to hijack sessions of other users via WCSID cookie values.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/21350 | vdb-entry, x_refsource_BID | |
| http://support.businessobjects.com/communityCS/FilesAndUpdates/ce10win_en.pdf | x_refsource_CONFIRM | |
| http://secunia.com/advisories/23137 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.uniras.gov.uk/niscc/docs/re-20061128-00818.pdf | x_refsource_MISC | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/30568 | vdb-entry, x_refsource_XF | |
| http://www.vupen.com/english/advisories/2006/4748 | vdb-entry, x_refsource_VUPEN | |
| http://www.mwrinfosecurity.com/advisories/MWR_crystal-reports-weak-sessions-advisory_2006-11-28.pdf | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:57:45.459Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21350",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21350"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.businessobjects.com/communityCS/FilesAndUpdates/ce10win_en.pdf"
},
{
"name": "23137",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23137"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.uniras.gov.uk/niscc/docs/re-20061128-00818.pdf"
},
{
"name": "crystalreports-wcsid-session-hijacking(30568)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30568"
},
{
"name": "ADV-2006-4748",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4748"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.mwrinfosecurity.com/advisories/MWR_crystal-reports-weak-sessions-advisory_2006-11-28.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-11-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Business Objects Crystal Enterprise 9 and 10 generates predictable session identifiers, which allows remote attackers to hijack sessions of other users via WCSID cookie values."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21350",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21350"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.businessobjects.com/communityCS/FilesAndUpdates/ce10win_en.pdf"
},
{
"name": "23137",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23137"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.uniras.gov.uk/niscc/docs/re-20061128-00818.pdf"
},
{
"name": "crystalreports-wcsid-session-hijacking(30568)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30568"
},
{
"name": "ADV-2006-4748",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4748"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.mwrinfosecurity.com/advisories/MWR_crystal-reports-weak-sessions-advisory_2006-11-28.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4099",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Business Objects Crystal Enterprise 9 and 10 generates predictable session identifiers, which allows remote attackers to hijack sessions of other users via WCSID cookie values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21350",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21350"
},
{
"name": "http://support.businessobjects.com/communityCS/FilesAndUpdates/ce10win_en.pdf",
"refsource": "CONFIRM",
"url": "http://support.businessobjects.com/communityCS/FilesAndUpdates/ce10win_en.pdf"
},
{
"name": "23137",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23137"
},
{
"name": "http://www.uniras.gov.uk/niscc/docs/re-20061128-00818.pdf",
"refsource": "MISC",
"url": "http://www.uniras.gov.uk/niscc/docs/re-20061128-00818.pdf"
},
{
"name": "crystalreports-wcsid-session-hijacking(30568)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30568"
},
{
"name": "ADV-2006-4748",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4748"
},
{
"name": "http://www.mwrinfosecurity.com/advisories/MWR_crystal-reports-weak-sessions-advisory_2006-11-28.pdf",
"refsource": "MISC",
"url": "http://www.mwrinfosecurity.com/advisories/MWR_crystal-reports-weak-sessions-advisory_2006-11-28.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4099",
"datePublished": "2006-11-29T17:00:00",
"dateReserved": "2006-08-14T00:00:00",
"dateUpdated": "2024-08-07T18:57:45.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0204
Vulnerability from cvelistv5
Published
2004-06-11 04:00
Modified
2024-08-08 00:10
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=108360413811017&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://support.businessobjects.com/fix/hot/critical/bulletins/security_bulletin_june04.asp | x_refsource_CONFIRM | |
| http://secunia.com/advisories/11800 | third-party-advisory, x_refsource_SECUNIA | |
| http://marc.info/?l=bugtraq&m=108671836127360&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16044 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/6748 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/10260 | vdb-entry, x_refsource_BID | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1157 | vdb-entry, signature, x_refsource_OVAL | |
| https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-017 | vendor-advisory, x_refsource_MS |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:10:03.760Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040502 Crystal Reports Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108360413811017\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.businessobjects.com/fix/hot/critical/bulletins/security_bulletin_june04.asp"
},
{
"name": "11800",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11800"
},
{
"name": "20040608 Vulnerability: Arbitrary File Access \u0026 DoS in Crystal Reports",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108671836127360\u0026w=2"
},
{
"name": "crystalreports-file-deletion(16044)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16044"
},
{
"name": "6748",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/6748"
},
{
"name": "10260",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10260"
},
{
"name": "oval:org.mitre.oval:def:1157",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1157"
},
{
"name": "MS04-017",
"tags": [
"vendor-advisory",
"x_refsource_MS",
"x_transferred"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-017"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-06-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via \"..\" sequences in the dynamicimag argument to crystalimagehandler.aspx."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-12T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040502 Crystal Reports Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108360413811017\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.businessobjects.com/fix/hot/critical/bulletins/security_bulletin_june04.asp"
},
{
"name": "11800",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11800"
},
{
"name": "20040608 Vulnerability: Arbitrary File Access \u0026 DoS in Crystal Reports",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108671836127360\u0026w=2"
},
{
"name": "crystalreports-file-deletion(16044)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16044"
},
{
"name": "6748",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/6748"
},
{
"name": "10260",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10260"
},
{
"name": "oval:org.mitre.oval:def:1157",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1157"
},
{
"name": "MS04-017",
"tags": [
"vendor-advisory",
"x_refsource_MS"
],
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-017"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0204",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via \"..\" sequences in the dynamicimag argument to crystalimagehandler.aspx."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040502 Crystal Reports Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108360413811017\u0026w=2"
},
{
"name": "http://support.businessobjects.com/fix/hot/critical/bulletins/security_bulletin_june04.asp",
"refsource": "CONFIRM",
"url": "http://support.businessobjects.com/fix/hot/critical/bulletins/security_bulletin_june04.asp"
},
{
"name": "11800",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11800"
},
{
"name": "20040608 Vulnerability: Arbitrary File Access \u0026 DoS in Crystal Reports",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108671836127360\u0026w=2"
},
{
"name": "crystalreports-file-deletion(16044)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16044"
},
{
"name": "6748",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/6748"
},
{
"name": "10260",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10260"
},
{
"name": "oval:org.mitre.oval:def:1157",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1157"
},
{
"name": "MS04-017",
"refsource": "MS",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-017"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0204",
"datePublished": "2004-06-11T04:00:00",
"dateReserved": "2004-03-11T00:00:00",
"dateUpdated": "2024-08-08T00:10:03.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-2742
Vulnerability from cvelistv5
Published
2007-10-09 10:00
Modified
2024-08-08 01:36
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in the report viewer in Crystal Enterprise 8.5, 9, and 10 allows remote attackers to inject arbitrary web script or HTML via script in the URL to a report (RPT) file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1012703 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/18684 | vdb-entry, x_refsource_XF | |
| http://www.osvdb.org/12596 | vdb-entry, x_refsource_OSVDB | |
| http://www.securityfocus.com/bid/12107 | vdb-entry, x_refsource_BID | |
| http://support.businessobjects.com/library/kbase/articles/c2016559.asp | x_refsource_CONFIRM | |
| http://secunia.com/advisories/13644 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:36:25.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1012703",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1012703"
},
{
"name": "crystal-enterprise-report-xss(18684)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18684"
},
{
"name": "12596",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/12596"
},
{
"name": "12107",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12107"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.businessobjects.com/library/kbase/articles/c2016559.asp"
},
{
"name": "13644",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13644"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-12-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the report viewer in Crystal Enterprise 8.5, 9, and 10 allows remote attackers to inject arbitrary web script or HTML via script in the URL to a report (RPT) file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1012703",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1012703"
},
{
"name": "crystal-enterprise-report-xss(18684)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18684"
},
{
"name": "12596",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/12596"
},
{
"name": "12107",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12107"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.businessobjects.com/library/kbase/articles/c2016559.asp"
},
{
"name": "13644",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13644"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-2742",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the report viewer in Crystal Enterprise 8.5, 9, and 10 allows remote attackers to inject arbitrary web script or HTML via script in the URL to a report (RPT) file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1012703",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1012703"
},
{
"name": "crystal-enterprise-report-xss(18684)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18684"
},
{
"name": "12596",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/12596"
},
{
"name": "12107",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12107"
},
{
"name": "http://support.businessobjects.com/library/kbase/articles/c2016559.asp",
"refsource": "CONFIRM",
"url": "http://support.businessobjects.com/library/kbase/articles/c2016559.asp"
},
{
"name": "13644",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13644"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-2742",
"datePublished": "2007-10-09T10:00:00",
"dateReserved": "2007-10-08T00:00:00",
"dateUpdated": "2024-08-08T01:36:25.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1981
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 01:07
Severity ?
EPSS score ?
Summary
The web interface for Crystal Reports allows remote attackers to cause a denial of service (disk exhaustion) by repeatedly requesting reports without retrieving the associated image files, which are not cleared from the image file folder.
References
| ▼ | URL | Tags |
|---|---|---|
| http://marc.info/?l=bugtraq&m=108360413811017&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://marc.info/?l=bugtraq&m=108671836127360&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/16046 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:07:49.115Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20040502 Crystal Reports Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108360413811017\u0026w=2"
},
{
"name": "20040608 Vulnerability: Arbitrary File Access \u0026 DoS in Crystal Reports",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108671836127360\u0026w=2"
},
{
"name": "crystalreports-dos(16046)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16046"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-05-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web interface for Crystal Reports allows remote attackers to cause a denial of service (disk exhaustion) by repeatedly requesting reports without retrieving the associated image files, which are not cleared from the image file folder."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20040502 Crystal Reports Vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108360413811017\u0026w=2"
},
{
"name": "20040608 Vulnerability: Arbitrary File Access \u0026 DoS in Crystal Reports",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108671836127360\u0026w=2"
},
{
"name": "crystalreports-dos(16046)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16046"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1981",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web interface for Crystal Reports allows remote attackers to cause a denial of service (disk exhaustion) by repeatedly requesting reports without retrieving the associated image files, which are not cleared from the image file folder."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20040502 Crystal Reports Vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108360413811017\u0026w=2"
},
{
"name": "20040608 Vulnerability: Arbitrary File Access \u0026 DoS in Crystal Reports",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108671836127360\u0026w=2"
},
{
"name": "crystalreports-dos(16046)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16046"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1981",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:07:49.115Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:54
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the report viewer in Crystal Enterprise 8.5, 9, and 10 allows remote attackers to inject arbitrary web script or HTML via script in the URL to a report (RPT) file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:businessobjects:crystal_enterprise:8.5:*:aix:*:*:*:*:*",
"matchCriteriaId": "5ADD5E80-DCAC-4C06-986F-651989B6D72B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:crystal_enterprise:8.5:*:solaris:*:*:*:*:*",
"matchCriteriaId": "C2F1EC12-38F0-4DB5-90DC-A1932A38CD8A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:crystal_enterprise:8.5:*:windows:*:*:*:*:*",
"matchCriteriaId": "FA106A23-74E5-408C-954F-94245AAF3B72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:crystal_enterprise:9:*:windows:*:*:*:*:*",
"matchCriteriaId": "EC102DAF-64D4-4B5F-8DA6-1389355E2095",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:crystal_enterprise:10:*:aix:*:*:*:*:*",
"matchCriteriaId": "77891037-D3CD-4457-BF8D-490CEE7FA67C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:crystal_enterprise:10:*:hpux:*:*:*:*:*",
"matchCriteriaId": "35A374F1-9F78-45C8-8A7C-F4D03EED0FBC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:crystal_enterprise:10:*:linux:*:*:*:*:*",
"matchCriteriaId": "DC7AF62C-2763-467F-BBB8-C2CF8ABEA532",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:crystal_enterprise:10:*:solaris:*:*:*:*:*",
"matchCriteriaId": "51428D65-D2DB-474D-8F30-B3C6C1C4DD48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:crystal_enterprise:10:*:windows:*:*:*:*:*",
"matchCriteriaId": "F1B2F81A-F8DB-4976-B1A2-1A191B83458B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the report viewer in Crystal Enterprise 8.5, 9, and 10 allows remote attackers to inject arbitrary web script or HTML via script in the URL to a report (RPT) file."
}
],
"id": "CVE-2004-2742",
"lastModified": "2024-11-20T23:54:06.810",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13644"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1012703"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://support.businessobjects.com/library/kbase/articles/c2016559.asp"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/12596"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/12107"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18684"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13644"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1012703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://support.businessobjects.com/library/kbase/articles/c2016559.asp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.osvdb.org/12596"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/12107"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18684"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-11-29 17:28
Modified
2024-11-21 00:15
Severity ?
Summary
Business Objects Crystal Enterprise 9 and 10 generates predictable session identifiers, which allows remote attackers to hijack sessions of other users via WCSID cookie values.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| businessobjects | crystal_enterprise | 9 | |
| businessobjects | crystal_enterprise | 10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:businessobjects:crystal_enterprise:9:*:*:*:*:*:*:*",
"matchCriteriaId": "53235D62-18AA-4482-B9AE-9E1AE87BDB3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:crystal_enterprise:10:*:*:*:*:*:*:*",
"matchCriteriaId": "38F02473-3701-413D-B2F2-B400958F22F0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Business Objects Crystal Enterprise 9 and 10 generates predictable session identifiers, which allows remote attackers to hijack sessions of other users via WCSID cookie values."
},
{
"lang": "es",
"value": "Business Objects Crystal Enterprise 9 y 10 genera identificadores de sesi\u00f3n previsibles, que permite a atacantes remotos secuestrar sesiones de otros usuarios a trav\u00e9s de los valores de la cookie WCSID."
}
],
"id": "CVE-2006-4099",
"lastModified": "2024-11-21T00:15:09.877",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-11-29T17:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23137"
},
{
"source": "cve@mitre.org",
"url": "http://support.businessobjects.com/communityCS/FilesAndUpdates/ce10win_en.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mwrinfosecurity.com/advisories/MWR_crystal-reports-weak-sessions-advisory_2006-11-28.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/21350"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.uniras.gov.uk/niscc/docs/re-20061128-00818.pdf"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4748"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30568"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23137"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.businessobjects.com/communityCS/FilesAndUpdates/ce10win_en.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.mwrinfosecurity.com/advisories/MWR_crystal-reports-weak-sessions-advisory_2006-11-28.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/21350"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.uniras.gov.uk/niscc/docs/re-20061128-00818.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4748"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30568"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-08-06 04:00
Modified
2024-11-20 23:47
Severity ?
Summary
Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bea | weblogic_server | 8.1 | |
| bea | weblogic_server | 8.1 | |
| bea | weblogic_server | 8.1 | |
| bea | weblogic_server | 8.1 | |
| bea | weblogic_server | 8.1 | |
| bea | weblogic_server | 8.1 | |
| bea | weblogic_server | 8.1 | |
| bea | weblogic_server | 8.1 | |
| bea | weblogic_server | 8.1 | |
| borland_software | j_builder | * | |
| businessobjects | crystal_enterprise | 9 | |
| businessobjects | crystal_enterprise | 10 | |
| businessobjects | crystal_enterprise_java_sdk | 8.5 | |
| businessobjects | crystal_enterprise_ras | 8.5 | |
| businessobjects | crystal_reports | 9 | |
| businessobjects | crystal_reports | 10 | |
| microsoft | business_solutions_crm | 1.2 | |
| microsoft | outlook | 2003 | |
| microsoft | visual_studio_.net | 2003 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E08D4CEA-9ACC-4869-BC87-3524A059914F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*",
"matchCriteriaId": "ADED8968-EA9C-4F0E-AD2F-BC834F4D8A58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:*:win32:*:*:*:*:*",
"matchCriteriaId": "A3DFE048-905E-4890-809D-F6BCEF7F83C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*",
"matchCriteriaId": "6F5B2A06-CE19-4A57-9566-09FC1E259CDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*",
"matchCriteriaId": "F7560131-A6AC-4BBB-AA2D-C7C63AB51226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp1:win32:*:*:*:*:*",
"matchCriteriaId": "349036A0-B5E2-4656-8D2D-26BEE9EF9DFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D18E22CC-A0FC-4BC7-AD39-2645F57486C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:*",
"matchCriteriaId": "893C2387-03E3-4F8E-9029-BC64C64239EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp2:win32:*:*:*:*:*",
"matchCriteriaId": "D00633D1-4B38-48D9-B5CD-E8D66EA90599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:borland_software:j_builder:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A50A593-04D3-4FDA-8015-901750AEE4C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:crystal_enterprise:9:*:*:*:*:*:*:*",
"matchCriteriaId": "53235D62-18AA-4482-B9AE-9E1AE87BDB3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:crystal_enterprise:10:*:*:*:*:*:*:*",
"matchCriteriaId": "38F02473-3701-413D-B2F2-B400958F22F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:crystal_enterprise_java_sdk:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3F1A5E6C-F762-4FD1-A105-EFC4E3746B6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:crystal_enterprise_ras:8.5:*:unix:*:*:*:*:*",
"matchCriteriaId": "CD34959D-8A0C-48B4-8132-865406EABB4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:crystal_reports:9:*:*:*:*:*:*:*",
"matchCriteriaId": "716121F8-EE8D-4A4C-BAB6-943BE3ADDC1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:crystal_reports:10:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D5162B-391B-4B36-A688-8D903218B3B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:business_solutions_crm:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5FFC5454-8557-4886-AEB4-3E04EC6FC477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:outlook:2003:*:business_contact_manager:*:*:*:*:*",
"matchCriteriaId": "F148421C-7BF5-4A58-83DF-4879B27C912A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:microsoft:visual_studio_.net:2003:gold:*:*:*:*:*:*",
"matchCriteriaId": "B9E6C132-4F4B-4FB0-9DDC-DD9750D8552D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via \"..\" sequences in the dynamicimag argument to crystalimagehandler.aspx."
},
{
"lang": "es",
"value": "Vulnerabilidad de atravesamiento de directorios en los visores web de Business Objects Crystal Reports 9 and 10, y Crystal Enterprise 9 o 10, usados en Visual Studio .NET 2003 y Outlook 2003 con Business Contact Manager, Microsoft Business Solutions CRM 1.2, y otros productos, permiten a atacantes remotos leer y borrar ficheros de su elecci\u00f3n mediante secuencias \"..\" en el argumento dynamicimag de crystalimagehandler.aspx."
}
],
"id": "CVE-2004-0204",
"lastModified": "2024-11-20T23:47:59.720",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-08-06T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108360413811017\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108671836127360\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/11800"
},
{
"source": "cve@mitre.org",
"url": "http://support.businessobjects.com/fix/hot/critical/bulletins/security_bulletin_june04.asp"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/6748"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10260"
},
{
"source": "cve@mitre.org",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-017"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16044"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108360413811017\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108671836127360\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/11800"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.businessobjects.com/fix/hot/critical/bulletins/security_bulletin_june04.asp"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/6748"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-017"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1157"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-05-02 04:00
Modified
2024-11-20 23:52
Severity ?
Summary
The web interface for Crystal Reports allows remote attackers to cause a denial of service (disk exhaustion) by repeatedly requesting reports without retrieving the associated image files, which are not cleared from the image file folder.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| businessobjects | crystal_enterprise | 9 | |
| businessobjects | crystal_enterprise | 10 | |
| businessobjects | crystal_reports | 9 | |
| businessobjects | crystal_reports | 10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:businessobjects:crystal_enterprise:9:*:*:*:*:*:*:*",
"matchCriteriaId": "53235D62-18AA-4482-B9AE-9E1AE87BDB3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:crystal_enterprise:10:*:*:*:*:*:*:*",
"matchCriteriaId": "38F02473-3701-413D-B2F2-B400958F22F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:crystal_reports:9:*:*:*:*:*:*:*",
"matchCriteriaId": "716121F8-EE8D-4A4C-BAB6-943BE3ADDC1A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:businessobjects:crystal_reports:10:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D5162B-391B-4B36-A688-8D903218B3B0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web interface for Crystal Reports allows remote attackers to cause a denial of service (disk exhaustion) by repeatedly requesting reports without retrieving the associated image files, which are not cleared from the image file folder."
}
],
"id": "CVE-2004-1981",
"lastModified": "2024-11-20T23:52:12.973",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108360413811017\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108671836127360\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16046"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108360413811017\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108671836127360\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16046"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}