Description

Oracle Reports, a component of Oracle Fusion Middleware is Oracle's award-winning, high-fidelity enterprise reporting tool. Oracle Reports Services RWServlet showenv is publicly accessible, exposing the contents of the system environment variables.

Environment variables are a set of dynamic named values that can affect the way running processes will behave on a computer. For example, an environment variable with a standard name can designate the location that a particular computer system uses to store temporary files but this may vary from one computer system to another.

Remediation

Restrict access to this endpoint.

References

Environment variable

Related Vulnerabilities

WordPress 4.8.x Multiple Vulnerabilities (4.8 - 4.8.22)

TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2005-4875)

phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-5730)

WordPress Plugin Backup Migration Information Disclosure (1.2.8)

SAP Management Console list logfiles

Severity

Low

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Acumonitor