Oracle Reports Services RWServlet environment variables disclosure

Description
  • Oracle Reports, a component of Oracle Fusion Middleware is Oracle's award-winning, high-fidelity enterprise reporting tool. Oracle Reports Services RWServlet showenv is publicly accessible, exposing the contents of the system environment variables.

    Environment variables are a set of dynamic named values that can affect the way running processes will behave on a computer. For example, an environment variable with a standard name can designate the location that a particular computer system uses to store temporary files but this may vary from one computer system to another.
Remediation
  • Restrict access to this endpoint.
References