Test ID:	1.3.6.1.4.1.25623.1.0.12271
Category:	CGI abuses
Title:	Crystal Report virtual directory traversal
Summary:	NOSUMMARY
Description:	Description: The remote host is running a version of Crystal Report Web interface which is vulnerable to a remote directory traversal bug. An attacker exploiting this bug would be able to gain access to potentially confidential material outside of the web root. For more information, see: http://support.businessobjects.com/fix/hot/critical/bulletins/security_bulletin_june04.asp If you use Crystal Reports through a Microsoft product, see also : http://www.microsoft.com/technet/security/bulletin/MS04-017.mspx Solution: Upgrade the software or utilize ACLs on the virtual directory Risk factor : High
Cross-Ref:	BugTraq ID: 10260 Common Vulnerability Exposure (CVE) ID: CVE-2004-0204 http://www.securityfocus.com/bid/10260 Bugtraq: 20040502 Crystal Reports Vulnerabilities (Google Search) http://marc.info/?l=bugtraq&m=108360413811017&w=2 Bugtraq: 20040608 Vulnerability: Arbitrary File Access & DoS in Crystal Reports (Google Search) http://marc.info/?l=bugtraq&m=108671836127360&w=2 Microsoft Security Bulletin: MS04-017 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-017 http://www.osvdb.org/6748 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1157 http://secunia.com/advisories/11800 XForce ISS Database: crystalreports-file-deletion(16044) https://exchange.xforce.ibmcloud.com/vulnerabilities/16044
Copyright	This script is Copyright (C) 2004 Tenable Network Security

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.