Oracle Application Server 10G EmChartBeam Remote Directory Traversal Vulnerability

Bugtraq ID:	22027
Class:	Access Validation Error
CVE:	CVE-2007-0222
Remote:	Yes
Local:	No
Published:	Jan 16 2007 12:00AM
Updated:	Jan 18 2007 06:40PM
Credit:	Oliver Karow of Symantec is credited with the discovery of this vulnerability.
Vulnerable:	Oracle Oracle10g Application Server 10.1.3 .0.0
Not Vulnerable:

Oracle Application Server 10G EmChartBeam Remote Directory Traversal Vulnerability

An attacker can exploit this issue via a web client.

Oracle Application Server 10G EmChartBeam Remote Directory Traversal Vulnerability

Solution:
This issue has been addressed in Oracle Critical Patch Update - January 2007. Please contact the vendor for information on how to obtain and apply the patch.

Oracle Application Server 10G EmChartBeam Remote Directory Traversal Vulnerability

References:

• Oracle Application Server Home Page (Oracle)
  
• SYMSA-2007-001: Oracle Application Server 10g - Directory Traversal (Symantec Vulnerability Research)
  
• Oracle Critical Patch Update - January 2007 (Oracle)