CVE-2004-0204

BEA Weblogic Server - Path Traversal

Title source: rule
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-0204. PoCs published by Imperva Application Defense Center.

AI-analyzed exploit summary The provided text describes a directory traversal vulnerability in Crystal Reports and Crystal Enterprise Web Form Viewer, allowing attackers to retrieve or delete files via crafted requests. It includes an example URL demonstrating the exploit but lacks executable code.

Description

Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Imperva Application Defense Center · textremotewindows
https://www.exploit-db.com/exploits/24077

The provided text describes a directory traversal vulnerability in Crystal Reports and Crystal Enterprise Web Form Viewer, allowing attackers to retrieve or delete files via crafted requests. It includes an example URL demonstrating the exploit but lacks executable code.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: Crystal Reports, Crystal Enterprise Web Form Viewer, Microsoft Visual Studio .NET 2003, Outlook 2003 with Business Contact Manager, Business Solutions CRM 1.2
No auth needed
Prerequisites: Network access to the vulnerable application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/10260
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/6748
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=108360413811017&w=2
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/11800
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=108671836127360&w=2
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/16044
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1157

Scores

EPSS 0.7299
EPSS Percentile 99.4%

Details

Status published
Products (11)
bea/weblogic_server 8.1 (9 CPE variants)
borland_software/j_builder
businessobjects/crystal_enterprise 9
businessobjects/crystal_enterprise 10
businessobjects/crystal_enterprise_java_sdk 8.5
businessobjects/crystal_enterprise_ras 8.5
businessobjects/crystal_reports 9
businessobjects/crystal_reports 10
microsoft/business_solutions_crm 1.2
microsoft/outlook 2003
... and 1 more
Published Aug 06, 2004
Tracked Since Feb 18, 2026