CVE-2004-0204

Current Description

Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.

Basic Data

PublishedAugust 06, 2004
Last ModifiedOctober 12, 2018
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeNVD-CWE-Other
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score7.5
SeverityHIGH
Exploitability Score10.0
Impact Score6.4
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegetrue

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationBeaWeblogic Server8.1*******
    2.3ApplicationBeaWeblogic Server8.1*express*****
    2.3ApplicationBeaWeblogic Server8.1*win32*****
    2.3ApplicationBeaWeblogic Server8.1sp1******
    2.3ApplicationBeaWeblogic Server8.1sp1express*****
    2.3ApplicationBeaWeblogic Server8.1sp1win32*****
    2.3ApplicationBeaWeblogic Server8.1sp2******
    2.3ApplicationBeaWeblogic Server8.1sp2express*****
    2.3ApplicationBeaWeblogic Server8.1sp2win32*****
    2.3ApplicationBorland SoftwareJ Builder********
    2.3ApplicationBusinessobjectsCrystal Enterprise9*******
    2.3ApplicationBusinessobjectsCrystal Enterprise10*******
    2.3ApplicationBusinessobjectsCrystal Enterprise Java Sdk8.5*******
    2.3ApplicationBusinessobjectsCrystal Enterprise Ras8.5*unix*****
    2.3ApplicationBusinessobjectsCrystal Reports9*******
    2.3ApplicationBusinessobjectsCrystal Reports10*******
    2.3ApplicationMicrosoftBusiness Solutions Crm1.2*******
    2.3ApplicationMicrosoftOutlook2003*business_contact_manager*****
    2.3ApplicationMicrosoftVisual Studio .net2003gold******

Vulnerable Software List

VendorProductVersions
Microsoft Outlook 2003
Microsoft Visual Studio .net 2003
Microsoft Business Solutions Crm 1.2
Borland Software J Builder *
Businessobjects Crystal Reports 10, 9
Businessobjects Crystal Enterprise 10, 9
Businessobjects Crystal Enterprise Java Sdk 8.5
Businessobjects Crystal Enterprise Ras 8.5
Bea Weblogic Server 8.1

References

NameSourceURLTags
20040502 Crystal Reports Vulnerabilitieshttp://marc.info/?l=bugtraq&m=108360413811017&w=2BUGTRAQ
20040608 Vulnerability: Arbitrary File Access & DoS in Crystal Reportshttp://marc.info/?l=bugtraq&m=108671836127360&w=2BUGTRAQ
11800http://secunia.com/advisories/11800SECUNIA
http://support.businessobjects.com/fix/hot/critical/bulletins/security_bulletin_june04.asphttp://support.businessobjects.com/fix/hot/critical/bulletins/security_bulletin_june04.aspCONFIRM
6748http://www.osvdb.org/6748OSVDB
10260http://www.securityfocus.com/bid/10260BIDExploit PATCH Vendor Advisory
MS04-017https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-017MS
crystalreports-file-deletion(16044)https://exchange.xforce.ibmcloud.com/vulnerabilities/16044XF
oval:org.mitre.oval:def:1157https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1157OVAL