CVE-2023-0100
HIGHEclipse BIRT 2.6.2-4.13.0 - Server-Side Request Forgery via Report Parameter
Title source: llmDescription
In Eclipse BIRT, starting from version 2.6.2, the default configuration allowed to retrieve a report from the same host using an absolute HTTP path for the report parameter (e.g. __report=http://xyz.com/report.rptdesign). If the host indicated in the __report parameter matched the HTTP Host header value, the report would be retrieved. However, the Host header can be tampered with on some configurations where no virtual hosts are put in place (e.g. in the default configuration of Apache Tomcat) or when the default host points to the BIRT server. This vulnerability was patched on Eclipse BIRT 4.13.
References (1)
Core 1
Core References
Issue Tracking, Vendor Advisory
https://bugs.eclipse.org/bugs/show_bug.cgi?id=580391
Scores
CVSS v3
8.8
EPSS
0.0058
EPSS Percentile
69.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-20
Status
published
Products (2)
eclipse/business_intelligence_and_reporting_tools
2.6.2 - 4.13.0
org.eclipse.birt/org.eclipse.birt.report.viewer
2.6.2 - 4.13Maven
Published
Mar 15, 2023
Tracked Since
Feb 18, 2026