I've run across two potential vulnerabilites with Actuate's e.Reporting software. The application is used to publish reports from a variety of data sources and implements very granular security levels. The first vulnerability seems to reveal Actuate's physical directory structure. The second vulnerability may reveal source code. Unfortunately, I'm doing this as part of a penetration test and don't have direct access to the Actuate server. I believe what I'm looking at is an Actuate e.Reporting server using the Actuate web agent 3.0, running on a Netscape Enterprise Server v4.1. If anyone monitoring the list has access to an Actuate server & web agent and a bit of time to help, please drop me an e-mail. Thanks!
This archive was generated by hypermail 2b30 : Wed May 08 2002 - 09:47:50 PDT