CVE-2007-2135 - Vulnerability Details - OpenCVE

The ADI_BINARY component in the Oracle E-Business Suite allows remote attackers to download arbitrary documents from the APPS.FND_DOCUMENTS table via the ADI_DISPLAY_REPORT function, when passed a certain parameter. NOTE: due to lack of details from Oracle, it is not clear whether this issue is related to other CVE identifiers such as CVE-2007-2126, CVE-2007-2127, or CVE-2007-2128.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Oracle	E-business Suite

Configuration 1 [-]

cpe:2.3:a:oracle:e-business_suite:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://osvdb.org/39959
http://securityreason.com/securityalert/2612
http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2007.html
http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html
http://www.securityfocus.com/archive/1/466215/100/0/threaded
http://www.zerodayinitiative.com/advisories/ZDI-07-017.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-04-24T20:00:00

Updated: 2024-08-07T13:23:50.962Z

Reserved: 2007-04-18T00:00:00

Link: CVE-2007-2135

Vulnrichment

No data.

NVD

Status : Modified

Published: 2007-04-24T20:19:00.000

Modified: 2024-11-21T00:29:59.883

Link: CVE-2007-2135

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-04-18T00:00:00", "descriptions": [{"lang": "en", "value": "The ADI_BINARY component in the Oracle E-Business Suite allows remote attackers to download arbitrary documents from the APPS.FND_DOCUMENTS table via the ADI_DISPLAY_REPORT function, when passed a certain parameter. NOTE: due to lack of details from Oracle, it is not clear whether this issue is related to other CVE identifiers such as CVE-2007-2126, CVE-2007-2127, or CVE-2007-2128."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2007.html"}, {"name": "2612", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2612"}, {"name": "20070418 ZDI-07-017: Oracle E-Business Suite Arbitrary Document Download Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/466215/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-017.html"}, {"name": "39959", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/39959"}, {"tags": ["x_refsource_MISC"], "url": "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-2135", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The ADI_BINARY component in the Oracle E-Business Suite allows remote attackers to download arbitrary documents from the APPS.FND_DOCUMENTS table via the ADI_DISPLAY_REPORT function, when passed a certain parameter. NOTE: due to lack of details from Oracle, it is not clear whether this issue is related to other CVE identifiers such as CVE-2007-2126, CVE-2007-2127, or CVE-2007-2128."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2007.html", "refsource": "MISC", "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2007.html"}, {"name": "2612", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2612"}, {"name": "20070418 ZDI-07-017: Oracle E-Business Suite Arbitrary Document Download Vulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/466215/100/0/threaded"}, {"name": "http://www.zerodayinitiative.com/advisories/ZDI-07-017.html", "refsource": "MISC", "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-017.html"}, {"name": "39959", "refsource": "OSVDB", "url": "http://osvdb.org/39959"}, {"name": "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html", "refsource": "MISC", "url": "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T13:23:50.962Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2007.html"}, {"name": "2612", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/2612"}, {"name": "20070418 ZDI-07-017: Oracle E-Business Suite Arbitrary Document Download Vulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/466215/100/0/threaded"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-017.html"}, {"name": "39959", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/39959"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-2135", "datePublished": "2007-04-24T20:00:00", "dateReserved": "2007-04-18T00:00:00", "dateUpdated": "2024-08-07T13:23:50.962Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:e-business_suite:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CACA4D3-89A2-464F-9957-65B36B893B3B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The ADI_BINARY component in the Oracle E-Business Suite allows remote attackers to download arbitrary documents from the APPS.FND_DOCUMENTS table via the ADI_DISPLAY_REPORT function, when passed a certain parameter. NOTE: due to lack of details from Oracle, it is not clear whether this issue is related to other CVE identifiers such as CVE-2007-2126, CVE-2007-2127, or CVE-2007-2128."}, {"lang": "es", "value": "El componente ADI_BINARY en Oracle E-Business Suite permite a atacantes remotos descargar documentos desde la tabla APPS.FND_DOCUMENTS mediante la funci\u00f3n ADI_DISPLAY_REPORT, al pasar cierto par\u00e1metro. NOTA: debido a la escasez de detalles aportados por Oracle, no est\u00e1 claro si este asunto est\u00e1 relacionado con otros identificadores CVE como CVE-2007-2126, CVE-2007-2127, o CVE-2007-2128."}], "id": "CVE-2007-2135", "lastModified": "2024-11-21T00:29:59.883", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 7.8, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-04-24T20:19:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/39959"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2612"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2007.html"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/466215/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-017.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/39959"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/2612"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpuapr2007.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.red-database-security.com/advisory/oracle_cpu_apr_2007.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/466215/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-017.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}