cvelistv5 - cve-2007-0222

CVE-2007-0222 (GCVE-0-2007-0222)

Vulnerability from cvelistv5 – Published: 2007-01-17 01:00 – Updated: 2024-08-07 12:12

Summary

Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors, probably "\.." sequences in the beanId parameter. NOTE: this is likely a duplicate of another CVE that Oracle addressed in CPU Jan 2007, but due to lack of details by Oracle, it is unclear which BugID this issue is associated with, so the other CVE cannot be determined. Possibilities include EM02 (CVE-2007-0292) or EM05 (CVE-2007-0293).

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/archive/1/458657/100…	mailing-listx_refsource_BUGTRAQ
	http://www.securityfocus.com/archive/1/457105/100…	mailing-listx_refsource_BUGTRAQ
	http://secunia.com/advisories/23794	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/22083	vdb-entryx_refsource_BID
	http://www.securityfocus.com/bid/22027	vdb-entryx_refsource_BID
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://securitytracker.com/id?1017522	vdb-entryx_refsource_SECTRACK

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:12:17.680Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20070131 Oracle 10g R2 Enterprise Manager Directory Traversal",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/458657/100/0/threaded"
          },
          {
            "name": "20070115 SYMSA-2007-001: Oracle Application Server 10g - Directory Traversal",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/457105/100/0/threaded"
          },
          {
            "name": "23794",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23794"
          },
          {
            "name": "22083",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/22083"
          },
          {
            "name": "22027",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/22027"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
          },
          {
            "name": "1017522",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1017522"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-01-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors, probably \"\\..\" sequences in the beanId parameter.  NOTE: this is likely a duplicate of another CVE that Oracle addressed in CPU Jan 2007, but due to lack of details by Oracle, it is unclear which BugID this issue is associated with, so the other CVE cannot be determined.  Possibilities include EM02 (CVE-2007-0292) or EM05 (CVE-2007-0293)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20070131 Oracle 10g R2 Enterprise Manager Directory Traversal",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/458657/100/0/threaded"
        },
        {
          "name": "20070115 SYMSA-2007-001: Oracle Application Server 10g - Directory Traversal",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/457105/100/0/threaded"
        },
        {
          "name": "23794",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23794"
        },
        {
          "name": "22083",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/22083"
        },
        {
          "name": "22027",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/22027"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
        },
        {
          "name": "1017522",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1017522"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-0222",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors, probably \"\\..\" sequences in the beanId parameter.  NOTE: this is likely a duplicate of another CVE that Oracle addressed in CPU Jan 2007, but due to lack of details by Oracle, it is unclear which BugID this issue is associated with, so the other CVE cannot be determined.  Possibilities include EM02 (CVE-2007-0292) or EM05 (CVE-2007-0293)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20070131 Oracle 10g R2 Enterprise Manager Directory Traversal",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/458657/100/0/threaded"
            },
            {
              "name": "20070115 SYMSA-2007-001: Oracle Application Server 10g - Directory Traversal",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/457105/100/0/threaded"
            },
            {
              "name": "23794",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23794"
            },
            {
              "name": "22083",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/22083"
            },
            {
              "name": "22027",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/22027"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
            },
            {
              "name": "1017522",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1017522"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-0222",
    "datePublished": "2007-01-17T01:00:00",
    "dateReserved": "2007-01-12T00:00:00",
    "dateUpdated": "2024-08-07T12:12:17.680Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:application_server:10.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"155F0A5E-7DF2-4DA6-9ABB-97AFFE090618\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors, probably \\\"\\\\..\\\" sequences in the beanId parameter.  NOTE: this is likely a duplicate of another CVE that Oracle addressed in CPU Jan 2007, but due to lack of details by Oracle, it is unclear which BugID this issue is associated with, so the other CVE cannot be determined.  Possibilities include EM02 (CVE-2007-0292) or EM05 (CVE-2007-0293).\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de salto de directorio en el componente del lado del servidor del servidor EmChartBean para Oracle Application Server 10g permite a los atacantes remotos leer archivos arbitrarios por medio de vectores desconocidos, probablemente secuencias de \\\"\\\\..\\\" en el par\\u00e1metro beanId. NOTA: esto es probablemente un duplicado de otro CVE que Oracle abord\\u00f3 en CPU en Enero de 2007, pero debido a la falta de detalles por Oracle, no est\\u00e1 claro con qu\\u00e9 BugID est\\u00e1 asociado este problema, por lo que no se puede determinar el otro CVE. Las posibilidades incluyen EM02 (CVE-2007-0292) o EM05 (CVE-2007-0293).\"}]",
      "id": "CVE-2007-0222",
      "lastModified": "2024-11-21T00:25:16.910",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2007-01-17T01:28:00.000",
      "references": "[{\"url\": \"http://secunia.com/advisories/23794\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1017522\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/457105/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/458657/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/22027\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securityfocus.com/bid/22083\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/23794\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1017522\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/457105/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/458657/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/22027\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.securityfocus.com/bid/22083\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-0222\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-01-17T01:28:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors, probably \\\"\\\\..\\\" sequences in the beanId parameter.  NOTE: this is likely a duplicate of another CVE that Oracle addressed in CPU Jan 2007, but due to lack of details by Oracle, it is unclear which BugID this issue is associated with, so the other CVE cannot be determined.  Possibilities include EM02 (CVE-2007-0292) or EM05 (CVE-2007-0293).\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de salto de directorio en el componente del lado del servidor del servidor EmChartBean para Oracle Application Server 10g permite a los atacantes remotos leer archivos arbitrarios por medio de vectores desconocidos, probablemente secuencias de \\\"\\\\..\\\" en el par\u00e1metro beanId. NOTA: esto es probablemente un duplicado de otro CVE que Oracle abord\u00f3 en CPU en Enero de 2007, pero debido a la falta de detalles por Oracle, no est\u00e1 claro con qu\u00e9 BugID est\u00e1 asociado este problema, por lo que no se puede determinar el otro CVE. Las posibilidades incluyen EM02 (CVE-2007-0292) o EM05 (CVE-2007-0293).\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_server:10.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"155F0A5E-7DF2-4DA6-9ABB-97AFFE090618\"}]}]}],\"references\":[{\"url\":\"http://secunia.com/advisories/23794\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1017522\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/457105/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/458657/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/22027\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/bid/22083\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/23794\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1017522\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/457105/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/458657/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/22027\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.securityfocus.com/bid/22083\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2007-AVI-062

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités affectent les produits Oracle et permettent de porter atteinte à la disponibilité, à l'intégrité et à la confidentialité des données.

Description

De multiples vulnérabilités affectent les produits Oracle. Elles permettent de porter atteinte à la disponibilité, à l'intégrité et à la confidentialité des données. Certaines de ces vulnérabilités sont exploitables par un utilisateur malveillant non authentifié.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Oracle	N/A	Oracle Application Server 10g ;
Oracle	N/A	Oracle Database 9i, 10g ;
Oracle	N/A	Oracle Developer Suite 9, 10.
Oracle	N/A	Oracle Enterprise Manager 10g ;
Oracle	N/A	Oracle E-business Suite Release 11.0 et 11i ;
Oracle	PeopleSoft	Oracle Peoplesoft Enterprise PeopleTools 8.22, 8.47, 8.48 ;
Oracle	N/A	Oracle Identity Management 10g ;

References

Title

Publication Time

Tags

Bulletin Oracle

2007-01-01

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle Application Server 10g ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 9i, 10g ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Developer Suite 9, 10.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Enterprise Manager 10g ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle E-business Suite Release 11.0 et 11i ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Peoplesoft Enterprise PeopleTools 8.22, 8.47, 8.48 ;",
      "product": {
        "name": "PeopleSoft",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Identity Management 10g ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s affectent les produits Oracle. Elles\npermettent de porter atteinte \u00e0 la disponibilit\u00e9, \u00e0 l\u0027int\u00e9grit\u00e9 et \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es. Certaines de ces vuln\u00e9rabilit\u00e9s sont\nexploitables par un utilisateur malveillant non authentifi\u00e9.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-0297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0297"
    },
    {
      "name": "CVE-2007-0268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0268"
    },
    {
      "name": "CVE-2007-0222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0222"
    }
  ],
  "links": [],
  "reference": "CERTA-2007-AVI-062",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-02-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s affectent les produits \u003cspan\nclass=\"textit\"\u003eOracle\u003c/span\u003e et permettent de porter atteinte \u00e0 la\ndisponibilit\u00e9, \u00e0 l\u0027int\u00e9grit\u00e9 et \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s des produits Oracle",
  "vendor_advisories": [
    {
      "published_at": "2007-01-01",
      "title": "Bulletin Oracle",
      "url": "http://www.oracle.com/technology/deploy/security/critical-path-updates/cpujan2007.html"
    }
  ]
}

CERTA-2007-AVI-062

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités affectent les produits Oracle et permettent de porter atteinte à la disponibilité, à l'intégrité et à la confidentialité des données.

Description

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Oracle	N/A	Oracle Application Server 10g ;
Oracle	N/A	Oracle Database 9i, 10g ;
Oracle	N/A	Oracle Developer Suite 9, 10.
Oracle	N/A	Oracle Enterprise Manager 10g ;
Oracle	N/A	Oracle E-business Suite Release 11.0 et 11i ;
Oracle	PeopleSoft	Oracle Peoplesoft Enterprise PeopleTools 8.22, 8.47, 8.48 ;
Oracle	N/A	Oracle Identity Management 10g ;

References

Title

Publication Time

Tags

Bulletin Oracle

2007-01-01

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Oracle Application Server 10g ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Database 9i, 10g ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Developer Suite 9, 10.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Enterprise Manager 10g ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle E-business Suite Release 11.0 et 11i ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Peoplesoft Enterprise PeopleTools 8.22, 8.47, 8.48 ;",
      "product": {
        "name": "PeopleSoft",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    },
    {
      "description": "Oracle Identity Management 10g ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Oracle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s affectent les produits Oracle. Elles\npermettent de porter atteinte \u00e0 la disponibilit\u00e9, \u00e0 l\u0027int\u00e9grit\u00e9 et \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es. Certaines de ces vuln\u00e9rabilit\u00e9s sont\nexploitables par un utilisateur malveillant non authentifi\u00e9.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-0297",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0297"
    },
    {
      "name": "CVE-2007-0268",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0268"
    },
    {
      "name": "CVE-2007-0222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0222"
    }
  ],
  "links": [],
  "reference": "CERTA-2007-AVI-062",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-02-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s affectent les produits \u003cspan\nclass=\"textit\"\u003eOracle\u003c/span\u003e et permettent de porter atteinte \u00e0 la\ndisponibilit\u00e9, \u00e0 l\u0027int\u00e9grit\u00e9 et \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s des produits Oracle",
  "vendor_advisories": [
    {
      "published_at": "2007-01-01",
      "title": "Bulletin Oracle",
      "url": "http://www.oracle.com/technology/deploy/security/critical-path-updates/cpujan2007.html"
    }
  ]
}

FKIE_CVE-2007-0222

Vulnerability from fkie_nvd - Published: 2007-01-17 01:28 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/23794	Patch, Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1017522
cve@mitre.org	http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html
cve@mitre.org	http://www.securityfocus.com/archive/1/457105/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/458657/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/22027	Patch
cve@mitre.org	http://www.securityfocus.com/bid/22083
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/23794	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1017522
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/457105/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/458657/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/22027	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/22083

Impacted products

	Vendor	Product	Version
	oracle	application_server	10.1.3

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:application_server:10.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "155F0A5E-7DF2-4DA6-9ABB-97AFFE090618",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors, probably \"\\..\" sequences in the beanId parameter.  NOTE: this is likely a duplicate of another CVE that Oracle addressed in CPU Jan 2007, but due to lack of details by Oracle, it is unclear which BugID this issue is associated with, so the other CVE cannot be determined.  Possibilities include EM02 (CVE-2007-0292) or EM05 (CVE-2007-0293)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de salto de directorio en el componente del lado del servidor del servidor EmChartBean para Oracle Application Server 10g permite a los atacantes remotos leer archivos arbitrarios por medio de vectores desconocidos, probablemente secuencias de \"\\..\" en el par\u00e1metro beanId. NOTA: esto es probablemente un duplicado de otro CVE que Oracle abord\u00f3 en CPU en Enero de 2007, pero debido a la falta de detalles por Oracle, no est\u00e1 claro con qu\u00e9 BugID est\u00e1 asociado este problema, por lo que no se puede determinar el otro CVE. Las posibilidades incluyen EM02 (CVE-2007-0292) o EM05 (CVE-2007-0293)."
    }
  ],
  "id": "CVE-2007-0222",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-01-17T01:28:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23794"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1017522"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/457105/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/458657/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/22027"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/22083"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/23794"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1017522"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/457105/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/458657/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/22027"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/22083"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2007-0222

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-0222

Aliases

CVE-2007-0222

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-0222",
    "description": "Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors, probably \"\\..\" sequences in the beanId parameter.  NOTE: this is likely a duplicate of another CVE that Oracle addressed in CPU Jan 2007, but due to lack of details by Oracle, it is unclear which BugID this issue is associated with, so the other CVE cannot be determined.  Possibilities include EM02 (CVE-2007-0292) or EM05 (CVE-2007-0293).",
    "id": "GSD-2007-0222"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-0222"
      ],
      "details": "Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors, probably \"\\..\" sequences in the beanId parameter.  NOTE: this is likely a duplicate of another CVE that Oracle addressed in CPU Jan 2007, but due to lack of details by Oracle, it is unclear which BugID this issue is associated with, so the other CVE cannot be determined.  Possibilities include EM02 (CVE-2007-0292) or EM05 (CVE-2007-0293).",
      "id": "GSD-2007-0222",
      "modified": "2023-12-13T01:21:35.887970Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-0222",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors, probably \"\\..\" sequences in the beanId parameter.  NOTE: this is likely a duplicate of another CVE that Oracle addressed in CPU Jan 2007, but due to lack of details by Oracle, it is unclear which BugID this issue is associated with, so the other CVE cannot be determined.  Possibilities include EM02 (CVE-2007-0292) or EM05 (CVE-2007-0293)."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20070131 Oracle 10g R2 Enterprise Manager Directory Traversal",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/458657/100/0/threaded"
          },
          {
            "name": "20070115 SYMSA-2007-001: Oracle Application Server 10g - Directory Traversal",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/457105/100/0/threaded"
          },
          {
            "name": "23794",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/23794"
          },
          {
            "name": "22083",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/22083"
          },
          {
            "name": "22027",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/22027"
          },
          {
            "name": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
          },
          {
            "name": "1017522",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1017522"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_server:10.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-0222"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors, probably \"\\..\" sequences in the beanId parameter.  NOTE: this is likely a duplicate of another CVE that Oracle addressed in CPU Jan 2007, but due to lack of details by Oracle, it is unclear which BugID this issue is associated with, so the other CVE cannot be determined.  Possibilities include EM02 (CVE-2007-0292) or EM05 (CVE-2007-0293)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "22027",
              "refsource": "BID",
              "tags": [
                "Patch"
              ],
              "url": "http://www.securityfocus.com/bid/22027"
            },
            {
              "name": "23794",
              "refsource": "SECUNIA",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/23794"
            },
            {
              "name": "1017522",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1017522"
            },
            {
              "name": "22083",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/22083"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
            },
            {
              "name": "20070131 Oracle 10g R2 Enterprise Manager Directory Traversal",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/458657/100/0/threaded"
            },
            {
              "name": "20070115 SYMSA-2007-001: Oracle Application Server 10g - Directory Traversal",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/457105/100/0/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-16T16:31Z",
      "publishedDate": "2007-01-17T01:28Z"
    }
  }
}

GHSA-H382-3V8J-JF8J

Vulnerability from github – Published: 2022-05-01 17:42 – Updated: 2022-05-01 17:42

Details

Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors, probably ".." sequences in the beanId parameter. NOTE: this is likely a duplicate of another CVE that Oracle addressed in CPU Jan 2007, but due to lack of details by Oracle, it is unclear which BugID this issue is associated with, so the other CVE cannot be determined. Possibilities include EM02 (CVE-2007-0292) or EM05 (CVE-2007-0293).

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-0222"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-01-17T01:28:00Z",
    "severity": "MODERATE"
  },
  "details": "Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors, probably \"\\..\" sequences in the beanId parameter.  NOTE: this is likely a duplicate of another CVE that Oracle addressed in CPU Jan 2007, but due to lack of details by Oracle, it is unclear which BugID this issue is associated with, so the other CVE cannot be determined.  Possibilities include EM02 (CVE-2007-0292) or EM05 (CVE-2007-0293).",
  "id": "GHSA-h382-3v8j-jf8j",
  "modified": "2022-05-01T17:42:32Z",
  "published": "2022-05-01T17:42:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0222"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/23794"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1017522"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/457105/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/458657/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/22027"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/22083"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-0222 (GCVE-0-2007-0222)

CERTA-2007-AVI-062

Description

Solution

CERTA-2007-AVI-062

Description

Solution

FKIE_CVE-2007-0222

GSD-2007-0222

GHSA-H382-3V8J-JF8J

Tags

Sightings

Nomenclature