CVE-2004-0204

BEA Weblogic Server - Path Traversal

Title source: rule

Description

Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Imperva Application Defense Center · textremotewindows

https://www.exploit-db.com/exploits/24077

View Code ZIP pw:eip

References (9)

[Mailing List] http://marc.info/?l=bugtraq&m=108360413811017&w=2

[Mailing List] http://marc.info/?l=bugtraq&m=108671836127360&w=2

[Various Sources] http://support.businessobjects.com/fix/hot/critical/bulletins/security_bulletin_june04.asp

[Exploit, Patch, Vendor Advisory] http://www.securityfocus.com/bid/10260

[Vendor Advisory] https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-017

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/16044

[Third Party Advisory, VDB Entry] http://www.osvdb.org/6748

[Third Party Advisory, VDB Entry] https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1157

[Third Party Advisory] http://secunia.com/advisories/11800

Scores

EPSS 0.7537

EPSS Percentile 98.9%

Details

Status published

Products (11)

bea/weblogic_server 8.1 (9 CPE variants)

borland_software/j_builder

businessobjects/crystal_enterprise 9

businessobjects/crystal_enterprise 10

businessobjects/crystal_enterprise_java_sdk 8.5

businessobjects/crystal_enterprise_ras 8.5

businessobjects/crystal_reports 9

businessobjects/crystal_reports 10

microsoft/business_solutions_crm 1.2

microsoft/outlook 2003

... and 1 more

Published Aug 06, 2004

Tracked Since Feb 18, 2026