Oracle Reports Server 6.0.8/9.0.2 - Information Disclosure

EDB-ID:

21627


Author:

skp

Type:

remote


Platform:

Multiple

Date:

2002-07-18


source: https://www.securityfocus.com/bid/5262/info

A problem with Reports Server could make it possible to gain sensitive information from the server.

Under some circumstances, Reports Server may yield sensitive information to unauthenticated remote users. This information may include the system path, software installed on the vulnerable system, and other information that may be used as points of entry.

http://some.site.com/cgi-bin/rwcgi60
http://some.site.com/cgi-bin/rwcgi60/showenv