CVE-2004-0204
Business Objects Crystal Reports 9/10 Web Form Viewer - Directory Traversal
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.
Vulnerabilidad de atravesamiento de directorios en los visores web de Business Objects Crystal Reports 9 and 10, y Crystal Enterprise 9 o 10, usados en Visual Studio .NET 2003 y Outlook 2003 con Business Contact Manager, Microsoft Business Solutions CRM 1.2, y otros productos, permiten a atacantes remotos leer y borrar ficheros de su elección mediante secuencias ".." en el argumento dynamicimag de crystalimagehandler.aspx.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2004-03-11 CVE Reserved
- 2004-05-03 First Exploit
- 2004-06-11 CVE Published
- 2024-06-26 EPSS Updated
- 2024-08-08 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (10)
URL | Tag | Source |
---|---|---|
http://marc.info/?l=bugtraq&m=108360413811017&w=2 | Mailing List | |
http://marc.info/?l=bugtraq&m=108671836127360&w=2 | Mailing List | |
http://secunia.com/advisories/11800 | Third Party Advisory | |
http://support.businessobjects.com/fix/hot/critical/bulletins/security_bulletin_june04.asp | X_refsource_confirm | |
http://www.osvdb.org/6748 | Vdb Entry | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/16044 | Vdb Entry | |
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1157 | Signature |
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/24077 | 2004-05-03 | |
http://www.securityfocus.com/bid/10260 | 2024-08-08 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-017 | 2018-10-12 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Bea Search vendor "Bea" | Weblogic Server Search vendor "Bea" for product "Weblogic Server" | 8.1 Search vendor "Bea" for product "Weblogic Server" and version "8.1" | - |
Affected
| ||||||
Bea Search vendor "Bea" | Weblogic Server Search vendor "Bea" for product "Weblogic Server" | 8.1 Search vendor "Bea" for product "Weblogic Server" and version "8.1" | express |
Affected
| ||||||
Bea Search vendor "Bea" | Weblogic Server Search vendor "Bea" for product "Weblogic Server" | 8.1 Search vendor "Bea" for product "Weblogic Server" and version "8.1" | win32 |
Affected
| ||||||
Bea Search vendor "Bea" | Weblogic Server Search vendor "Bea" for product "Weblogic Server" | 8.1 Search vendor "Bea" for product "Weblogic Server" and version "8.1" | sp1 |
Affected
| ||||||
Bea Search vendor "Bea" | Weblogic Server Search vendor "Bea" for product "Weblogic Server" | 8.1 Search vendor "Bea" for product "Weblogic Server" and version "8.1" | sp1, express |
Affected
| ||||||
Bea Search vendor "Bea" | Weblogic Server Search vendor "Bea" for product "Weblogic Server" | 8.1 Search vendor "Bea" for product "Weblogic Server" and version "8.1" | sp1, win32 |
Affected
| ||||||
Bea Search vendor "Bea" | Weblogic Server Search vendor "Bea" for product "Weblogic Server" | 8.1 Search vendor "Bea" for product "Weblogic Server" and version "8.1" | sp2 |
Affected
| ||||||
Bea Search vendor "Bea" | Weblogic Server Search vendor "Bea" for product "Weblogic Server" | 8.1 Search vendor "Bea" for product "Weblogic Server" and version "8.1" | sp2, express |
Affected
| ||||||
Bea Search vendor "Bea" | Weblogic Server Search vendor "Bea" for product "Weblogic Server" | 8.1 Search vendor "Bea" for product "Weblogic Server" and version "8.1" | sp2, win32 |
Affected
| ||||||
Borland Software Search vendor "Borland Software" | J Builder Search vendor "Borland Software" for product "J Builder" | * | - |
Affected
| ||||||
Businessobjects Search vendor "Businessobjects" | Crystal Enterprise Search vendor "Businessobjects" for product "Crystal Enterprise" | 9 Search vendor "Businessobjects" for product "Crystal Enterprise" and version "9" | - |
Affected
| ||||||
Businessobjects Search vendor "Businessobjects" | Crystal Enterprise Search vendor "Businessobjects" for product "Crystal Enterprise" | 10 Search vendor "Businessobjects" for product "Crystal Enterprise" and version "10" | - |
Affected
| ||||||
Businessobjects Search vendor "Businessobjects" | Crystal Enterprise Java Sdk Search vendor "Businessobjects" for product "Crystal Enterprise Java Sdk" | 8.5 Search vendor "Businessobjects" for product "Crystal Enterprise Java Sdk" and version "8.5" | - |
Affected
| ||||||
Businessobjects Search vendor "Businessobjects" | Crystal Enterprise Ras Search vendor "Businessobjects" for product "Crystal Enterprise Ras" | 8.5 Search vendor "Businessobjects" for product "Crystal Enterprise Ras" and version "8.5" | unix |
Affected
| ||||||
Businessobjects Search vendor "Businessobjects" | Crystal Reports Search vendor "Businessobjects" for product "Crystal Reports" | 9 Search vendor "Businessobjects" for product "Crystal Reports" and version "9" | - |
Affected
| ||||||
Businessobjects Search vendor "Businessobjects" | Crystal Reports Search vendor "Businessobjects" for product "Crystal Reports" | 10 Search vendor "Businessobjects" for product "Crystal Reports" and version "10" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Business Solutions Crm Search vendor "Microsoft" for product "Business Solutions Crm" | 1.2 Search vendor "Microsoft" for product "Business Solutions Crm" and version "1.2" | - |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Outlook Search vendor "Microsoft" for product "Outlook" | 2003 Search vendor "Microsoft" for product "Outlook" and version "2003" | business_contact_manager |
Affected
| ||||||
Microsoft Search vendor "Microsoft" | Visual Studio .net Search vendor "Microsoft" for product "Visual Studio .net" | 2003 Search vendor "Microsoft" for product "Visual Studio .net" and version "2003" | gold |
Affected
|