CVE-2006-0275 | Vulnerability Database | Aqua Security

Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# REP04. NOTE: Oracle has not disputed reliable researcher claims that this issue is related to directory traversal that allows reading of portions of arbitrary XML files via the customize parameter.

Affected Software

Name	Vendor	Start Version	End Version
Application_server	Oracle	9.0.4.2 (including)	9.0.4.2 (including)

References

http://secunia.com/advisories/18493
http://secunia.com/advisories/18608
http://securitytracker.com/id?1015499
http://www.kb.cert.org/vuls/id/545804
http://www.oracle.com/technetwork/topics/security/cpujan2006-082403.html
http://www.red-database-security.com/advisory/oracle_reports_read_any_xml_file.html
http://www.securityfocus.com/archive/1/422261/30/7430/threaded
http://www.securityfocus.com/bid/16287
http://www.vupen.com/english/advisories/2006/0243
http://www.vupen.com/english/advisories/2006/0323
https://exchange.xforce.ibmcloud.com/vulnerabilities/24321

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-0275
CWE	https://cwe.mitre.org/data/definitions/.html