vulnerability

Red Hat: CVE-2023-0100: eclipse-birt: RCE on the default configuration of BIRT Viewer

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:L/Au:S/C:C/I:C/A:C)	Mar 15, 2023	Jul 9, 2025	Jul 10, 2025

Severity

CVSS

(AV:N/AC:L/Au:S/C:C/I:C/A:C)

Published

Mar 15, 2023

Added

Jul 9, 2025

Modified

Jul 10, 2025

Description

In Eclipse BIRT, starting from version 2.6.2, the default configuration allowed to retrieve a report from the same host using an absolute HTTP path for the report parameter (e.g. __report=http://xyz.com/report.rptdesign). If the host indicated in the __report parameter matched the HTTP Host header value, the report would be retrieved. However, the Host header can be tampered with on some configurations where no virtual hosts are put in place (e.g. in the default configuration of Apache Tomcat) or when the default host points to the BIRT server. This vulnerability was patched on Eclipse BIRT 4.13.

Solution

no-fix-redhat-rpm-package

References

NVD-CVE-2023-0100

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today