First published: Wed Mar 15 2023(Updated: )
In Eclipse BIRT, starting from version 2.6.2, the default configuration allowed to retrieve a report from the same host using an absolute HTTP path for the report parameter (e.g. __report=http://xyz.com/report.rptdesign). If the host indicated in the __report parameter matched the HTTP Host header value, the report would be retrieved. However, the Host header can be tampered with on some configurations where no virtual hosts are put in place (e.g. in the default configuration of Apache Tomcat) or when the default host points to the BIRT server. This vulnerability was patched on Eclipse BIRT 4.13.
Credit: emo@eclipse.org
Affected Software | Affected Version | How to fix |
---|---|---|
Eclipse Business Intelligence And Reporting Tools | >=2.6.2<4.13.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Eclipse BIRT vulnerability is CVE-2023-0100.
The severity of CVE-2023-0100 is high with a severity value of 8.8.
CVE-2023-0100 is a vulnerability in Eclipse BIRT that allows an attacker to retrieve a report from the same host using an absolute HTTP path for the report parameter.
Eclipse BIRT versions 2.6.2 to 4.13.0 are affected by CVE-2023-0100.
Yes, a fix for CVE-2023-0100 is available. It is recommended to upgrade to a version of Eclipse BIRT beyond 4.13.0.