Rule:--Sid:2581--Summary:This event is generated when an attempt is made to exploit a directory traversal associated with the Crystal Reports web viewer.--Impact:A successful attack may allow unauthorized files to be viewed or possibly deleted.--Detailed Information:A vulnerability exists in the Crystal Reports web viewer that may permit an attacker to view or delete unauthorized files.  The is due to a failure to ensure that that a requested Crystal Report file location is in the web root directory, permitting unauthorized files to be viewed.In addition, Crystal Reports assumes that the requested report file for viewing is a temporary file and deletes it after the web version has been viewed.  This problem combined with the directory traversal vulnerability may allow sensitive or valuable files to be deleted.--Affected Systems:Crystal Reports 8.5 JAVA SDKCrystal Reports RAS 8.5 for UNIXCrystal Reports 9.0Crystal Enterprise 9.0Crystal Reports 10Crystal Reports 10.0--Attack Scenarios:An attacker can request to view a file not in the web root directory, permitting unauthorized information disclosure. The viewed file will be deleted subsequently possibly causing harm to the server.--Ease of Attack:Simple.--False Positives:None known.--False Negatives:None known.--Corrective Action:Upgrade to the latest non-affected version of the software.--Contributors:Sourcefire Vulnerability Research TeamJudy Novak <judy.novak@sourcefire.com>--Additional ReferencesCVE:http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0204--