Vulnerability Development mailing list archives
Actuate e.Reporting possible vulnerabilities
From: Information Security <InformationSecurity () federatedinv com>
Date: Wed, 8 May 2002 10:37:19 -0400
I've run across two potential vulnerabilites with Actuate's e.Reporting software. The application is used to publish reports from a variety of data sources and implements very granular security levels. The first vulnerability seems to reveal Actuate's physical directory structure. The second vulnerability may reveal source code. Unfortunately, I'm doing this as part of a penetration test and don't have direct access to the Actuate server. I believe what I'm looking at is an Actuate e.Reporting server using the Actuate web agent 3.0, running on a Netscape Enterprise Server v4.1. If anyone monitoring the list has access to an Actuate server & web agent and a bit of time to help, please drop me an e-mail. Thanks!
Current thread:
- Actuate e.Reporting possible vulnerabilities Information Security (May 08)