[NEWS] Oracle Reports Server Information Disclosure
From: support@securiteam.comDate: 07/22/02
- Previous message: support@securiteam.com: "[NT] IBM Tivoli Management Framework Buffer Overflow (Endpoint)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Mon, 22 Jul 2002 20:47:07 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Oracle Reports Server Information Disclosure
------------------------------------------------------------------------
SUMMARY
A security vulnerability in Oracle Reports server allows attackers to
cause the product to reveal sensitive information about the remote
configuration of the server and the Oracle product.
DETAILS
Oracle Reports server will happily report an excessive amount of system
information to unauthenticated remote users. This information includes but
is not limited to:
# PATH D:\ORACLE\iSuites\Apache\fastcg;D:\ORACLE\806\jdk\bin
# ORACLE_HOME D:\ORACLE\806
# REPORTS60_PATH D:\WEB_REPORTS
# REPORTS60_TMP D:\ORACLE\806\REPORT60\TMP
Further, the Oracle Report server will show the exact version numbers used
by the product:
# Oracle Reports Server CGI60 version 6.0, a Win32 executable
# Oracle_Web_Listener/4.0.7.0.0 Enterprise Edition
Of course, this kind of information should not be revealed to the public,
and should be regarded as sensitive.
Examples:
The following URL will reveal the sensitive information:
http://some.site.com/cgi-bin/rwcgi60
http://some.site.com/cgi-bin/rwcgi60/showenv
Solution:
See Oracle note 133957.1 - Restricting Access to the Reports Server
Environment and Output.
ADDITIONAL INFORMATION
The information has been provided by <mailto:skp@bigunz.angrypacket.com>
skp.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[NT] IBM Tivoli Management Framework Buffer Overflow (Endpoint)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
- [UNIX] Multiple Vulnerabilities in Ez Publish
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... been found in the product, Sensitive
information disclosure, Cross Site ... Scripting, and Path Disclosure. ... A
security vulnerability was found in Ez publish which allows a remote ... (Securiteam) - Re: Store private key in cookie?
... protect private key credentials. ... MVP Security ... > sensitive
information, regardless of their rights). ... > this is not secure) store it in
the session object. ... (microsoft.public.dotnet.security) - Re: Store private key in cookie?
... protect private key credentials. ... MVP Security ... > sensitive
information, regardless of their rights). ... > this is not secure) store it in
the session object. ... (microsoft.public.dotnet.framework.aspnet.security) - Re: Veterans Affairs warns of massive privacy breach
... sensitive information about veterans and their families had been ... were to
simply use the tools provided in Windows ... for security professionals, not mindless
wanna-bees...Second, a security ... your mouth is so big that no bank could cover that
bet.... ... (alt.computer.security) - [NEWS] Security Issue with Netinfo and Mac OS X
... Security Issue with Netinfo and Mac OS X ... The /var/backups
directory contains sensitive information about the ... (Securiteam)
