CVE Vulnerability

CVE-2007-0222

Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors, probably ".." sequences in the beanId parameter. NOTE: this is likely a duplicate of another CVE that Oracle addressed in CPU Jan 2007, but due to lack of details by Oracle, it is unclear which BugID this issue is associated with, so the other CVE cannot be determined. Possibilities include EM02 (CVE-2007-0292) or EM05 (CVE-2007-0293).

5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

References
Link Resource
http://www.securityfocus.com/bid/22027 Patch
http://secunia.com/advisories/23794 Patch Vendor Advisory
http://securitytracker.com/id?1017522
http://www.securityfocus.com/bid/22083
http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html
http://www.securityfocus.com/archive/1/458657/100/0/threaded
http://www.securityfocus.com/archive/1/457105/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:oracle:application_server:10.1.3:*:*:*:*:*:*:*
Information

Published : 2007-01-17 01:28

Updated : 2018-10-16 04:31

NVD link : CVE-2007-0222

Mitre link : CVE-2007-0222

Products Affected
No products.
CWE
NVD-CWE-Other