CVE-2007-0222

Directory traversal vulnerability in the EmChartBean server side component for Oracle Application Server 10g allows remote attackers to read arbitrary files via unknown vectors, probably ".." sequences in the beanId parameter. NOTE: this is likely a duplicate of another CVE that Oracle addressed in CPU Jan 2007, but due to lack of details by Oracle, it is unclear which BugID this issue is associated with, so the other CVE cannot be determined. Possibilities include EM02 (CVE-2007-0292) or EM05 (CVE-2007-0293).

Published: Jan 17, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-0222
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
oracle / application_server	10.1.3	10.1.3.x

http://secunia.com/advisories/23794
http://securitytracker.com/id?1017522
http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html
http://www.securityfocus.com/archive/1/457105/100/0/threaded
http://www.securityfocus.com/archive/1/458657/100/0/threaded
http://www.securityfocus.com/bid/22027
http://www.securityfocus.com/bid/22083

Vulnerability Database

289,697

CVE-2007-0222