Description

Oracle Reports, a component of Oracle Fusion Middleware is Oracle's award-winning, high-fidelity enterprise reporting tool. Oracle Reports Services RWServlet showenv is publicly accessible, exposing the contents of the system environment variables.

Environment variables are a set of dynamic named values that can affect the way running processes will behave on a computer. For example, an environment variable with a standard name can designate the location that a particular computer system uses to store temporary files but this may vary from one computer system to another.

Remediation

Restrict access to this endpoint.

References

Environment variable

Related Vulnerabilities

WordPress Plugin Share Drafts Publicly Information Disclosure (1.1.4)

ASP.NET application-level tracing enabled

WordPress full path disclosure

Social Security Number Disclosure

WordPress Plugin Simple Gmail Login Stack Trace Information Disclosure (1.1.3)

Severity

Low

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure Acumonitor