VULHUB ™

Reports Server is a commercially available reporting package distributed by Oracle. A stack overflow has been reported in one of the Oracle Reports Server CGI programs (rwcgi60). This condition may be triggered by supplying an overly long string as a value for the 'setauth' method. This buffer overflow may allow a user to remotely execute code on a vulnerable system. In doing so, a remote user may be able to gain access to the local system, and potentially the privileges of the webserver.

Reports Server is a commercially available reporting package distributed by Oracle. A stack overflow has been reported in one of the Oracle Reports Server CGI programs (rwcgi60). This condition may be triggered by supplying an overly long string as a value for the 'setauth' method. This buffer overflow may allow a user to remotely execute code on a vulnerable system. In doing so, a remote user may be able to gain access to the local system, and potentially the privileges of the webserver.