Test ID:	1.3.6.1.4.1.25623.1.0.101004
Category:	Windows : Microsoft Bulletins
Title:	Microsoft IIS Directory Traversal Vulnerability (MS04-017) - Active Check
Summary:	A directory traversal vulnerability exists in Crystal Reports; and Crystal Enterprise from Business Objects that runs on Microsoft IIS which could allow; information disclosure and denial of service attacks on an affected system.
Description:	Summary: A directory traversal vulnerability exists in Crystal Reports and Crystal Enterprise from Business Objects that runs on Microsoft IIS which could allow information disclosure and denial of service attacks on an affected system. Vulnerability Impact: An attacker who successfully exploited the vulnerability could retrieve and delete files through the Crystal Reports and Crystal Enterprise Web interface on an affected system. Solution: Microsoft has released a patch to fix this issue. Please see the references for more information. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0204 BugTraq ID: 10260 http://www.securityfocus.com/bid/10260 Bugtraq: 20040502 Crystal Reports Vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=108360413811017&w=2 Bugtraq: 20040608 Vulnerability: Arbitrary File Access & DoS in Crystal Reports (Google Search) http://marc.info/?l=bugtraq&m=108671836127360&w=2 Microsoft Security Bulletin: MS04-017 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-017 http://www.osvdb.org/6748 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1157 http://secunia.com/advisories/11800 XForce ISS Database: crystalreports-file-deletion(16044) https://exchange.xforce.ibmcloud.com/vulnerabilities/16044
Copyright	Copyright (C) 2009 Christian Eric Edjenguele

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.