CVE-2004-0204
First published: Fri Jun 11 2004(Updated: )
Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Oracle WebLogic Server | =8.1 | |
| Oracle WebLogic Server | =8.1 | |
| Oracle WebLogic Server | =8.1 | |
| Oracle WebLogic Server | =8.1-sp1 | |
| Oracle WebLogic Server | =8.1-sp1 | |
| Oracle WebLogic Server | =8.1-sp1 | |
| Oracle WebLogic Server | =8.1-sp2 | |
| Oracle WebLogic Server | =8.1-sp2 | |
| Oracle WebLogic Server | =8.1-sp2 | |
| Borland JBuilder | ||
| SAP BusinessObjects Crystal Enterprise | =9 | |
| SAP BusinessObjects Crystal Enterprise | =10 | |
| SAP BusinessObjects Crystal Enterprise | =8.5 | |
| SAP BusinessObjects Crystal Enterprise | =8.5 | |
| SAP Crystal Reports | =9 | |
| SAP Crystal Reports | =10 | |
| Microsoft Business Solutions CRM | =1.2 | |
| Microsoft Outlook | =2003 | |
| Microsoft Visual Studio | =2003-gold |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/10260
- http://support.businessobjects.com/fix/hot/critical/bulletins/security_bulletin_june04.asp
- http://secunia.com/advisories/11800
- http://www.osvdb.org/6748
- http://marc.info/?l=bugtraq&m=108360413811017&w=2
- http://marc.info/?l=bugtraq&m=108671836127360&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16044
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1157
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-017
Frequently Asked Questions
What is the severity of CVE-2004-0204?
CVE-2004-0204 is rated as a critical severity vulnerability due to its potential for remote exploitation.
How do I fix CVE-2004-0204?
To fix CVE-2004-0204, update to the latest patched version of the affected software from the vendor.
What products are affected by CVE-2004-0204?
CVE-2004-0204 affects Business Objects Crystal Reports versions 9 and 10, Crystal Enterprise versions 9 and 10, and other related applications.
What type of vulnerability is CVE-2004-0204?
CVE-2004-0204 is a directory traversal vulnerability that allows remote attackers to access restricted files.
Can CVE-2004-0204 be exploited by an unauthenticated user?
Yes, CVE-2004-0204 can be exploited by unauthenticated remote attackers to gain unauthorized access to sensitive files.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/author
- agent/remedy
- agent/references
- agent/last-modified-date
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/bea
- canonical/oracle weblogic server
- version/oracle weblogic server/8.1
- version/oracle weblogic server/8.1-sp1
- version/oracle weblogic server/8.1-sp2
- vendor/borland software
- canonical/borland jbuilder
- vendor/businessobjects
- canonical/sap businessobjects crystal enterprise
- version/sap businessobjects crystal enterprise/9
- version/sap businessobjects crystal enterprise/10
- version/sap businessobjects crystal enterprise/8.5
- canonical/sap crystal reports
- version/sap crystal reports/9
- version/sap crystal reports/10
- vendor/microsoft
- canonical/microsoft business solutions crm
- version/microsoft business solutions crm/1.2
- canonical/microsoft outlook
- version/microsoft outlook/2003
- canonical/microsoft visual studio
- version/microsoft visual studio/2003-gold