CVE-2004-0204

Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/10260	Exploit Patch Vendor Advisory
http://support.businessobjects.com/fix/hot/critical/bulletins/security_bulletin_june04.asp
http://secunia.com/advisories/11800
http://www.osvdb.org/6748
http://marc.info/?l=bugtraq&m=108360413811017&w=2
http://marc.info/?l=bugtraq&m=108671836127360&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/16044
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1157
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-017

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:bea:weblogic_server:8.1:sp2::::::
	cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:::::*
	cpe:2.3:a:businessobjects:crystal_reports:10:::::::*
	cpe:2.3:a:businessobjects:crystal_reports:9:::::::*
	cpe:2.3:a:bea:weblogic_server:8.1:sp1::::::
	cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:::::*
	cpe:2.3:a:bea:weblogic_server:8.1:sp1:win32:::::*
	cpe:2.3:a:businessobjects:crystal_enterprise_java_sdk:8.5:::::::*
	cpe:2.3:a:businessobjects:crystal_enterprise_ras:8.5::unix:::::
	cpe:2.3:a:bea:weblogic_server:8.1:::::::*
	cpe:2.3:a:bea:weblogic_server:8.1:sp2:win32:::::*
	cpe:2.3:a:bea:weblogic_server:8.1::express:::::
	cpe:2.3:a:microsoft:visual_studio_.net:2003:gold::::::
	cpe:2.3:a:microsoft:outlook:2003::business_contact_manager:::::
	cpe:2.3:a:microsoft:business_solutions_crm:1.2:::::::*
	cpe:2.3:a:borland_software:j_builder::::::::
	cpe:2.3:a:businessobjects:crystal_enterprise:9:::::::*
	cpe:2.3:a:businessobjects:crystal_enterprise:10:::::::*
	cpe:2.3:a:bea:weblogic_server:8.1::win32:::::

Information

Published : 2004-08-05 21:00

Updated : 2018-10-12 14:34

NVD link : CVE-2004-0204

Mitre link : CVE-2004-0204

JSON object : View

CWE

NVD-CWE-Other

Products Affected

borland_software

j_builder

businessobjects

crystal_enterprise_ras
crystal_enterprise_java_sdk
crystal_reports
crystal_enterprise

microsoft

visual_studio_.net
business_solutions_crm
outlook

bea

weblogic_server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/10260", "name": "10260", "tags": ["Exploit", "Patch", "Vendor Advisory"], "refsource": "BID"}, {"url": "http://support.businessobjects.com/fix/hot/critical/bulletins/security_bulletin_june04.asp", "name": "http://support.businessobjects.com/fix/hot/critical/bulletins/security_bulletin_june04.asp", "tags": [], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/11800", "name": "11800", "tags": [], "refsource": "SECUNIA"}, {"url": "http://www.osvdb.org/6748", "name": "6748", "tags": [], "refsource": "OSVDB"}, {"url": "http://marc.info/?l=bugtraq&m=108360413811017&w=2", "name": "20040502 Crystal Reports Vulnerabilities", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://marc.info/?l=bugtraq&m=108671836127360&w=2", "name": "20040608 Vulnerability: Arbitrary File Access & DoS in Crystal Reports", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16044", "name": "crystalreports-file-deletion(16044)", "tags": [], "refsource": "XF"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1157", "name": "oval:org.mitre.oval:def:1157", "tags": [], "refsource": "OVAL"}, {"url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-017", "name": "MS04-017", "tags": [], "refsource": "MS"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via \"..\" sequences in the dynamicimag argument to crystalimagehandler.aspx."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2004-0204", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2004-08-06T04:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:businessobjects:crystal_reports:10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:businessobjects:crystal_reports:9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:8.1:sp1:win32:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:businessobjects:crystal_enterprise_java_sdk:8.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:businessobjects:crystal_enterprise_ras:8.5:*:unix:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:8.1:sp2:win32:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:visual_studio_.net:2003:gold:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:outlook:2003:*:business_contact_manager:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:microsoft:business_solutions_crm:1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:borland_software:j_builder:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:businessobjects:crystal_enterprise:9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:businessobjects:crystal_enterprise:10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:bea:weblogic_server:8.1:*:win32:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-12T21:34Z"}

7.5 /10