Vulnerability Note VU#997403
Oracle Reports Server Reports Web Cartridge (RWCGI60) vulnerable to buffer overflow via database name parameter
A buffer overflow vulnerability in Oracle Reports Server 6i could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the Reports Server process.
Oracle Reports Server is a component of Oracle Application Server that handles client requests for reports from multiple data sources. Oracle Reports Server is capable of accepting requests and delivering reports over the web using a Reports Web Cartridge (RWCGI60). RWCGI60 is a CGI program that translates and delivers information between the Oracle HTTP Server and the Oracle Reports Server. According to a report by NGSSoftware, RWCGI60 is vulnerable to a buffer overflow via an HTTP request containing a specially crafted database name parameter.
According to Oracle Security Alert #35, Oracle Reports Server 220.127.116.11.0 and earlier are vulnerable, and Oracle9i Application Server 1.0.x includes a vulnerable version of Oracle Reports Server.
An unauthenticated, remote attacker could execute arbitrary code or cause a denial of service on a vulnerable system. By default, the Oracle Reports stand-alone server runs as SYSTEM on Windows NT and Windows 2000 systems.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Oracle||Affected||31 May 2002||06 Jun 2002|
CVSS Metrics (Learn More)
The CERT/CC thanks David Litchfield of NGSSoftware for information used in this document.
This document was written by Art Manion.
- CVE IDs: CAN-2002-0947
- Date Public: 27 May 2002
- Date First Published: 04 Jun 2002
- Date Last Updated: 15 Nov 2002
- Severity Metric: 11.66
- Document Revision: 47
If you have feedback, comments, or additional information about this vulnerability, please send us email.