DB: Oracle Reports XML Disclosure
This signature detects an attempt to disclose the content of arbitrary XML file present on an Oracle Reports Server.
Extended Description
Various Oracle products -- Oracle Database Server, Oracle Enterprise Manager, Oracle Application Server, Oracle Collaboration Suite, Oracle E-Business Suite, PeopleSoft Enterprise Portal, JD Edwards EnterpriseOne Tools, OneWorld Tools, Oracle Developer Suite, and Oracle Workflow -- are prone to multiple vulnerabilities. The issues identified by the vendor affect all security properties of the Oracle products and present local and remote threats. Oracle has released a Critical Patch Update advisory for January 2006 to address these vulnerabilities. This Critical Patch Update addresses the vulnerabilities for supported releases. Earlier, unsupported releases are likely to be affected by the issues as well.
Affected Products
Oracle oracle10g_application_server
Short Name
DB:ORACLE:REPORTS-XML-DISC
Severity
Minor
Recommended
False
Recommended Action
None
Category
DB
Keywords
CVE-2005-2378 Disclosure Oracle Reports XML bid:16287
Release Date
08/05/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
Port
TCP/7778
False Positive
Unknown
Vendors
Oracle
Hp
Peoplesoft
CVSS Score
5.0