[NEWS] Oracle Reports Server Information Disclosure

From: support@securiteam.com
Date: 07/22/02 

From: support@securiteam.com
To: list@securiteam.com
Date: Mon, 22 Jul 2002 20:47:07 +0200 (CEST)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  Oracle Reports Server Information Disclosure
------------------------------------------------------------------------

SUMMARY

A security vulnerability in Oracle Reports server allows attackers to
cause the product to reveal sensitive information about the remote
configuration of the server and the Oracle product.

DETAILS

Oracle Reports server will happily report an excessive amount of system
information to unauthenticated remote users. This information includes but
is not limited to:
# PATH D:\ORACLE\iSuites\Apache\fastcg;D:\ORACLE\806\jdk\bin
# ORACLE_HOME D:\ORACLE\806
# REPORTS60_PATH D:\WEB_REPORTS
# REPORTS60_TMP D:\ORACLE\806\REPORT60\TMP

Further, the Oracle Report server will show the exact version numbers used
by the product:
# Oracle Reports Server CGI60 version 6.0, a Win32 executable
# Oracle_Web_Listener/4.0.7.0.0 Enterprise Edition

Of course, this kind of information should not be revealed to the public,
and should be regarded as sensitive.

Examples:
The following URL will reveal the sensitive information:
http://some.site.com/cgi-bin/rwcgi60
http://some.site.com/cgi-bin/rwcgi60/showenv

Solution:
See Oracle note 133957.1 - Restricting Access to the Reports Server
Environment and Output.

ADDITIONAL INFORMATION

The information has been provided by <mailto:skp@bigunz.angrypacket.com>
skp.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages

  • [UNIX] Multiple Vulnerabilities in Ez Publish
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... been found in the product, Sensitive information disclosure, Cross Site ... Scripting, and Path Disclosure. ... A security vulnerability was found in Ez publish which allows a remote ...
    (Securiteam)
  • Re: Store private key in cookie?
    ... protect private key credentials. ... MVP Security ... > sensitive information, regardless of their rights). ... > this is not secure) store it in the session object. ...
    (microsoft.public.dotnet.security)
  • Re: Store private key in cookie?
    ... protect private key credentials. ... MVP Security ... > sensitive information, regardless of their rights). ... > this is not secure) store it in the session object. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Veterans Affairs warns of massive privacy breach
    ... sensitive information about veterans and their families had been ... were to simply use the tools provided in Windows ... for security professionals, not mindless wanna-bees...Second, a security ... your mouth is so big that no bank could cover that bet.... ...
    (alt.computer.security)
  • [NEWS] Security Issue with Netinfo and Mac OS X
    ... Security Issue with Netinfo and Mac OS X ... The /var/backups directory contains sensitive information about the ...
    (Securiteam)