漏洞信息详情
Business Objects Crystal Reports Web表单查看器目录遍历漏洞
- CNNVD编号:CNNVD-200408-088
- 危害等级: 高危
![图片[1]-Business Objects Crystal Reports Web表单查看器目录遍历漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-05-17/bbdd3e8868c10d22861b2275d65f4500.png)
- CVE编号:
CVE-2004-0204
- 漏洞类型:
输入验证
- 发布时间:
2004-06-29
- 威胁类型:
远程
- 更新时间:
2005-10-20
- 厂 商:
microsoft - 漏洞来源:
Imperva Applicatio… -
漏洞简介
Crystal Reports和Crystal Enterprise是Business Objects公司的报告和数据演示解决方案。
Crystal Reports和Crystal Enterprise提交图象文件的模块存在问题,远程攻击者可以利用这个漏洞访问任意系统文件或进行拒绝服务攻击。
1、任意文件访问和删除
WEB报告引擎使用crystalimagehandler.aspx模块处理图象问,此模块接收dynamicimage参数指定临时建立的图象文件名,此文件提交给客户然后默认会从磁盘中删除,一般请求如下:
http://foo.bar/crystalreportviewers/crystalimagehandler.aspx?dynamicimag
e=2a7173aa-a2e4-4f96-b9e1-11332c696bbd.png
但是由于对用户提交的数据缺少充分过滤,攻击者提交包含多个\’\’../\’\’字符的数据可绕过WEB ROOT限制,以WEB进程访问系统上任意文件内容。
2、磁盘耗尽漏洞:
Crystal Reports Web提交模块依靠图象提交模块来处理图象,然后从硬盘上清理,但是如果攻击者持续请求此模块而没有获取任何相关图象(如使用PERL脚本),就会导致报告引擎在图象文件夹中消耗大量空间,造成拒绝服务问题。
使用 Business Contact Manager,和Business Solutions CRM 1.2的Microsoft Visual Studio .NET 2003, Outlook 2003也受此漏洞影响。
漏洞公告
厂商补丁:
Business Objects
—————-
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
BEA Systems WebLogic Server for Win32 8.1 SP 2:
Business Objects Upgrade bea81_critical_update_win.zip
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/bea81_critical_update_win.zip
For Windows.
BEA Systems Weblogic Server 8.1 SP 2:
Business Objects Upgrade bea81_critical_update_unix.tar.gz
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/bea81_critical_update_unix.tar.gz
For Solaris.
Business Objects Upgrade bea81_critical_update_unix.tar.gz
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/bea81_critical_update_unix.tar.gz
For Linux.
BEA Systems Weblogic Server 8.1 SP 1:
Business Objects Upgrade bea81_critical_update_unix.tar.gz
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/bea81_critical_update_unix.tar.gz
For Solaris.
Business Objects Upgrade bea81_critical_update_unix.tar.gz
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/bea81_critical_update_unix.tar.gz
For Linux.
BEA Systems WebLogic Server for Win32 8.1 SP 1:
Business Objects Upgrade bea81_critical_update_win.zip
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/bea81_critical_update_win.zip
For Windows.
BEA Systems WebLogic Server for Win32 8.1:
Business Objects Upgrade bea81_critical_update_win.zip
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/bea81_critical_update_win.zip
For Windows.
BEA Systems Weblogic Server 8.1:
Business Objects Upgrade bea81_critical_update_unix.tar.gz
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/bea81_critical_update_unix.tar.gz
For Solaris.
Business Objects Upgrade bea81_critical_update_unix.tar.gz
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/bea81_critical_update_unix.tar.gz
For Linux.
Borland J Builder :
Business Objects Upgrade cr10jbuilder_critical_update_win.zip
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/cr10jbuilder_critical_update_win.zip
For Windows.
Business Objects Upgrade crjbuilder10critical_update_sol.tar.gz
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/crjbuilder10critical_update_sol.tar.gz
For Solaris.
Business Objects Upgrade crjbuilder10critical_update_lnx.tar.gz
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/crjbuilder10critical_update_lnx.tar.gz
For Linux.
Business Objects Crystal Enterprise Java SDK 8.5:
Business Objects Upgrade v85_critical_update_win.zip
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/v85_critical_update_win.zip
For Windows.
Business Objects Upgrade ce85critical_update_jcesol.tar.gz
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce85critical_update_jcesol.tar.gz
For Solaris.
Business Objects Upgrade ce85critical_update_jceaix.tar.gz
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce85critical_update_jceaix.tar.gz
For AIX.
Business Objects Crystal Enterprise RAS for UNIX 8.5:
Business Objects Upgrade ras85critical_update_sol.tar.gz
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ras85critical_update_sol.tar.gz
For Solaris.
Business Objects Crystal Reports 9.0:
Business Objects Upgrade v9_critical_update_win.zip
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/v9_critical_update_win.zip
For Windows.
Business Objects Crystal Enterprise 9.0:
Business Objects Upgrade v9_critical_update_win.zip
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/v9_critical_update_win.zip
For Windows.
Business Objects Crystal Enterprise 10.0:
Business Objects Upgrade v10_critical_update_win.zip
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/v10_critical_update_win.zip
For Windows.
Business Objects Upgrade ce10critical_update_sol.tar.gz
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce10critical_update_sol.tar.gz
For Solaris.
Business Objects Upgrade ce10critical_update_aix.tar.gz
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce10critical_update_aix.tar.gz
For AIX.
Business Objects Crystal Reports 10.0:
Business Objects Upgrade v10_critical_update_win.zip
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/v10_critical_update_win.zip
For Windows.
Microsoft Visual Studio .NET 2003 :
Microsoft Upgrade Visual Studio .NET 2003 Crystal Reports Security Update
http://www.microsoft.com/downloads/details.aspx?FamilyId=659CA40E-808D-431D-A7D3-33BC3ACE922D&displaylang=en” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=659CA40E-808D-431D-A7D3-33BC3ACE922D&displaylang=en
Microsoft Outlook 2003 with Business Contact Manager :
Microsoft Upgrade Business Contact Manager for Outlook 2003 Security Update: KB842496
http://www.microsoft.com/downloads/details.aspx?FamilyId=9016B9F3-BA86-4A95-9D89-E120EF2E85E3&displaylang=en” target=”_blank”>
http://www.microsoft.com/downloads/details.aspx?FamilyId=9016B9F3-BA86-4A95-9D89-E120EF2E85E3&displaylang=en
Microsoft Business Solutions CRM 1.2:
Business Objects Upgrade mscrm12_critical_update_win.zip
ftp://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/mscrm12_critical_update_win.zip
参考网址
来源: BID
名称: 10260
链接:http://www.securityfocus.com/bid/10260
来源: XF
名称: crystalreports-file-deletion(16044)
链接:http://xforce.iss.net/xforce/xfdb/16044
来源: MS
名称: MS04-017
链接:http://www.microsoft.com/technet/security/bulletin/ms04-017.asp
来源: support.businessobjects.com
链接:http://support.businessobjects.com/fix/hot/critical/bulletins/security_bulletin_june04.asp
来源: OSVDB
名称: 6748
链接:http://www.osvdb.org/6748
来源: SECUNIA
名称: 11800
链接:http://secunia.com/advisories/11800
来源: BUGTRAQ
名称: 20040608 Vulnerability: Arbitrary File Access & DoS in Crystal Reports
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=108671836127360&w=2
来源: BUGTRAQ
名称: 20040502 Crystal Reports Vulnerabilities
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=108360413811017&w=2
来源: US Government Resource: oval:org.mitre.oval:def:1157
名称: oval:org.mitre.oval:def:1157
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1157
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
