SID 2581
Msg
"WEB-MISC Crystal Reports crystalimagehandler.aspx access"
Summary
This event is generated when an attempt is made to exploit a directory traversal associated with the Crystal Reports web viewer.
Classtype
web-application-activity
Impact
A successful attack may allow unauthorized files to be viewed or possibly deleted.
Detailed Information
A vulnerability exists in the Crystal Reports web viewer that may permit an attacker to view or delete unauthorized files. The is due to a failure to ensure that that a requested Crystal Report file location is in the web root directory, permitting unauthorized files to be viewed.
In addition, Crystal Reports assumes that the requested report file for viewing is a temporary file and deletes it after the web version has been viewed. This problem combined with the directory traversal vulnerability may allow sensitive or valuable files to be deleted.
Affected Systems
- Crystal Reports 8.5 JAVA SDK
- Crystal Reports RAS 8.5 for UNIX
- Crystal Reports 9.0
- Crystal Enterprise 9.0
- Crystal Reports 10
- Crystal Reports 10.0
Attack Scenarios
An attacker can request to view a file not in the web root directory, permitting unauthorized information disclosure. The viewed file will be deleted subsequently possibly causing harm to the server.
Ease Of Attack
Simple.
False Positives
None known.
False Negatives
None known.
Corrective Action
Upgrade to the latest non-affected version of the software.
Contributors
- Sourcefire Vulnerability Research Team
- Judy Novak
