Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2004-0204 | First vendor Publication | 2004-08-06 |
Vendor | Cve | Last vendor Modification | 2018-10-12 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0204 |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:1157 | |||
Oval ID: | oval:org.mitre.oval:def:1157 | ||
Title: | Crystal Reports Business Objects Directory Traversal | ||
Description: | Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2004-0204 | Version: | 1 |
Platform(s): | Microsoft Windows 2000 | Product(s): | Crystal Enterprise Crystal Reports |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application |
| 9 |
Application | 1 | |
Application | 2 | |
Application | 1 | |
Application | 1 | |
Application | 2 | |
Application | 1 | |
Application | 1 | |
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2009-03-15 | Name : Microsoft MS00-058 security check File : nvt/remote-MS00-058.nasl |
2009-03-15 | Name : Microsoft MS04-017 security check File : nvt/remote-MS04-017.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
6749 | Microsoft Crystal Reports Web Viewer crystalimagehandler.aspxArbitrary File A... Microsoft Crystal Reports Web Viewer contains a flaw that allows a remote attacker to view or delete files outside of the web path. The issue is due to the program not properly sanitizing user input, specifically traversal style attacks (../../). Systems are only vulnerable if they have an IIS server installed. |
6748 | Business Objects Crystal Reports/Enterprise crystalimagehandler.aspx Arbitrar... Crystal Reports and Crystal Enterprise contain a flaw that allows a remote attacker to access or delete files outside of the web path. The issue is due to the crystalimagehandler.aspx script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "dynamicimage" variable. |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | SAP Crystal Reports crystalImageHandler.asp directory traversal attempt RuleID : 2582-community - Revision : 18 - Type : OS-WINDOWS |
2014-01-10 | SAP Crystal Reports crystalImageHandler.asp directory traversal attempt RuleID : 2582 - Revision : 18 - Type : OS-WINDOWS |
2014-01-10 | SAP Crystal Reports crystalimagehandler.aspx access RuleID : 2581-community - Revision : 11 - Type : SERVER-WEBAPP |
2014-01-10 | SAP Crystal Reports crystalimagehandler.aspx access RuleID : 2581 - Revision : 11 - Type : SERVER-WEBAPP |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2004-06-11 | Name : The web application running on the remote host has a directory traversal vuln... File : crystal_reports_directory_traversal.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:02:17 |
|
2021-04-22 01:02:26 |
|
2020-05-23 00:15:44 |
|
2018-10-13 00:22:28 |
|
2017-10-11 09:23:20 |
|
2017-07-11 12:01:24 |
|
2016-10-18 12:01:18 |
|
2016-06-28 15:05:16 |
|
2016-04-26 12:47:45 |
|
2014-02-17 10:27:17 |
|
2014-01-19 21:22:08 |
|
2013-09-10 13:21:15 |
|
2013-05-11 11:40:24 |
|