Description
rwcgi60 CGI program in Oracle Reports Server, by design, provides sensitive information such as the full pathname, which could enable remote attackers to use the information in additional attacks.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by skp · textremotemultiple
https://www.exploit-db.com/exploits/21627
References (3)
Core 3
Core References
Third Party Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/9628.php
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/5262
Vendor Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-07/0203.html
Scores
EPSS
0.1478
EPSS Percentile
94.6%
Details
Status
published
Products (3)
oracle/application_server
9.0.2
oracle/reports
6.0.8
oracle/reports
6.0.8.19
Published
Oct 04, 2002
Tracked Since
Feb 18, 2026