Business Objects Crystal报告文件企业版跨站脚本漏洞

漏洞信息详情

Business Objects Crystal报告文件企业版跨站脚本漏洞

• CNNVD编号：CNNVD-200412-553
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2004-2742
  
• 漏洞类型：
  
  
  跨站脚本
  
• 发布时间：
  
  2004-12-31
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2007-10-10
  
• 厂        商：
  
  businessobjects
• 漏洞来源：
  Business Objects

Crystal Enterprise 8.5，9和10版本的报告查看器存在跨站脚本（XSS）漏洞。远程攻击者可以借助report(RPT)文件的URL中的脚本注入任意web脚本或HTML。

Fixes for specific platforms are available. Please see the referenced “URL to a RPT file may expose client-side source information with a script tag” knowledge base article for further information.
Business Objects Crystal Enterprise 10.0

• Business Objects ce10critical_update_aix_de.tar.gz Dec 2004Crystal Enterprise 10 for AIX (German)
  
  http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce10critic
  al_update_aix_de.tar.gz
• Business Objects ce10critical_update_aix_en.tar.gz Dec 2004Crystal Enterprise 10 for AIX (English)
  
  http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce10critic
  al_update_aix_en.tar.gz
• Business Objects ce10critical_update_aix_fr.tar.gz Dec 2004Crystal Enterprise 10 for AIX (French)
  
  http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce10critic
  al_update_aix_fr.tar.gz
• Business Objects ce10critical_update_aix_jp.tar.gz Dec 2004Crystal Enterprise 10 for AIX (Japanese)
  
  http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce10critic
  al_update_aix_jp.tar.gz
• Business Objects ce10critical_update_hp_de.tar.gz Dec 2004Crystal Enterprise 10 for HP-UX (German)
  
  http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce10critic
  al_update_hp_de.tar.gz
• Business Objects ce10critical_update_hp_en.tar.gz Dec 2004Crystal Enterprise 10 for HP-UX (English)
  
  http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce10critic
  al_update_hp_en.tar.gz
• Business Objects ce10critical_update_hp_fr.tar.gz Dec 2004Crystal Enterprise 10 for HP-UX (French)
  
  http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce10critic
  al_update_hp_fr.tar.gz
• Business Objects ce10critical_update_hp_jp.tar.gz Dec 2004Crystal Enterprise 10 for HP-UX (Japanese)
  
  http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce10critic
  al_update_hp_jp.tar.gz
• Business Objects ce10critical_update_lin_de.tar.gz Dec 2004Crystal Enterprise 10 for Linux (German)
  
  http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce10critic
  al_update_lin_de.tar.gz
• Business Objects ce10critical_update_lin_en.tar.gz Dec 2004Crystal Enterprise 10 for Linux (English)
  
  http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce10critic
  al_update_lin_en.tar.gz
• Business Objects ce10critical_update_lin_fr.tar.gz Dec 2004Crystal Enterprise 10 for Linux (French)
  
  http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce10critic
  al_update_lin_fr.tar.gz
• Business Objects ce10critical_update_lin_jp.tar.gz Dec 2004Crystal Enterprise 10 for Linux (Japanese)
  
  http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce10critic
  al_update_lin_jp.tar.gz
• Business Objects ce10critical_update_sol_de.tar.gz Dec 2004Crystal Enterprise 10 for Solaris (German)
  
  http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce10critic
  al_update_sol_de.tar.gz
• Business Objects ce10critical_update_sol_en.tar.gz Dec 2004Crystal Enterprise 10 for Solaris (English)
  
  http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce10critic
  al_update_sol_en.tar.gz
• Business Objects ce10critical_update_sol_fr.tar.gz Dec 2004Crystal Enterprise 10 for Solaris (French)
  
  http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce10critic
  al_update_sol_fr.tar.gz
• Business Objects ce10critical_update_sol_jp.tar.gz Dec 2004Crystal Enterprise 10 for Solaris (Japanese)
  
  http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce10critic
  al_update_sol_jp.tar.gz
• Business Objects v10_critical_update_win.zip Dec 2004Crystal Enterprise 10 for Windows
  
  http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/v10_critic
  al_update_win.zip

Business Objects Crystal Enterprise 8.5

• Business Objects ce85critical_update_aix_de.tar.gz Dec 2004Crystal Enterprise 8.5 for AIX (German)
  
  http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce85critic
  al_update_aix_de.tar.gz
• Business Objects ce85critical_update_aix_en.tar.gz Dec 2004Crystal Enterprise 8.5 for AIX (English)
  
  http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce85critic
  al_update_aix_en.tar.gz
• Business Objects ce85critical_update_aix_fr.tar.gz Dec 2004Crystal Enterprise 8.5 for AIX (French)
  
  http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce85critic
  al_update_aix_fr.tar.gz
• Business Objects ce85critical_update_aix_jp.tar.gz Dec 2004Crystal Enterprise 8.5 for AIX (Japanese)
  
  http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce85critic
  al_update_aix_jp.tar.gz
• Business Objects ce85critical_update_sol_de.tar.gz Dec 2004Crystal Enterprise 8.5 for Solaris (German)
  
  http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce85critic
  al_update_sol_de.tar.gz
• Business Objects ce85critical_update_sol_en.tar.gz Dec 2004Crystal Enterprise 8.5 for Solaris (English)
  
  http://ftp1.businessobjects.com/outgoing/ehf/CriticalUpdate/ce85critic
  al_update_sol_en.tar.gz

来源: BID
名称: 12107
链接:http://www.securityfocus.com/bid/12107

来源: OSVDB
名称: 12596
链接:http://www.osvdb.org/12596

来源: support.businessobjects.com
链接:http://support.businessobjects.com/library/kbase/articles/c2016559.asp

来源: SECUNIA
名称: 13644
链接:http://secunia.com/advisories/13644

来源: XF
名称: crystal-enterprise-report-xss(18684)
链接:http://xforce.iss.net/xforce/xfdb/18684

来源: SECTRACK
名称: 1012703
链接:http://securitytracker.com/id?1012703