APP: Oracle Report Command Injection

This signature detects attempts to exploit a known vulnerability against Oracle Reports Services, a component of Oracle Application Server. A successful attack can lead to arbitrary code execution.

Extended Description

Oracle Reports Server is susceptible to an unauthorized report execution vulnerability. By placing a report file in a globally accessible location, users can trigger the execution of the report by issuing an HTTP GET request to the affected servlet containing the full path of the file. Attackers may exploit this vulnerability to execute arbitrary commands, or read/write arbitrary files with the privileges of the Oracle account under which the server is executing. It should be noted that this issue may be remotely exploited if an attacker has means to write files to the serving computer (WebDAV, FTP, CIFS, etc.) without local access.

Affected Products

Oracle oracle_reports6i

Short Name
APP:ORACLE:REPORT-CMD-INJ
Severity
Major
Recommended
True
Recommended Action
Drop
Category
APP
Keywords
CVE-2005-2371 CVE-2012-3152 Command Injection Oracle Report bid:14316
Release Date
02/28/2006
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3724
False Positive
Unknown
Vendors

Oracle

CVSS Score

5.0

Found a potential security threat?