Support

Vulnerability in Crystal Report Application Server could allow Denial of Service

Issued: June 27, 2005
Version: 1.0

Summary

Who Should Read This Document: Customers who are using BusinessObjects Enterprise XI or Crystal Reports Server XI to view reports over the Web.

Impact: Denial of Service

Recommendation: Customers should consider applying the security patch.

Tested Software and Security Update Download Locations:

Software Affected:

Software Not Affected:

Known Exploits: None at time this bulletin was last issued.

Platforms:

General Description

This security update resolves a security vulnerability found in the BusinessObjects Enterprise XI and Crystal Reports Server XI. Technical information relating to the nature of the vulnerability and steps to mitigate the threat are provided in this document.

A malicious user could potentially exploit this vulnerability to create a Denial of Service attack on a system.

Business Objects recommends the security update is installed however a customer may wish to take other steps to ensure their systems are less vulnerable to a possible exploit. Business Objects cannot guarantee that the security update will prevent all possible exploits.

Technical Details

Denial of Service

An attacker could exploit a vulnerability in BusinessObjects Enterprise XI and Crystal Reports Server XI to cause a Denial of Service attack.

Mitigating Factors

Security Update Information

The security updates can be downloaded at the customer support site. The security update will also be provided as part of the Business Objects Hot Fixes. Please visit the critical update page for more information on how to download and install security updates.

Other Useful Security Tips

For more information on how to secure your system please review the best practices guide (PDF - 55KB).

Technical Support

Please contact your regional technical support center if you have any questions regarding the nature of the vulnerability or have any difficulties with the security update.

For more information on contacting Business Objects Technical Support please visit the customer support site.

Acknowledgments

Business Objects thanks the following for working with us to help protect customers:

Software Available on this Web Site

Any software and documentation ("the Software") that is made available to download from this web site is the copyrighted work of Business Objects S.A. and/or its suppliers, and is for demonstration purposes only. It may not be resold or used for any commercial purposes. Unauthorized use may subject you and your company to severe civil and criminal penalties.
THE SOFTWARE IS PROVIDED " AS IS ", WITHOUT WARRANTY OF ANY KIND. BUSINESS OBJECTS S.A. HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS WITH REGARD TO THE SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON INFRINGEMENT. IN NO EVENT SHALL BUSINESS OBJECTS S.A. BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFIT ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THE SOFTWARE.

Restricted Rights Legend

Any software which is downloaded from this web site for or on behalf of the United States of America, its agencies and/or instrumentalities ("U.S. Government"), is provided with Restricted Rights. Use, duplication, or disclosure by the US Government is subject to restrictions as set forth in subparagraph (c)(1) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 or subparagraphs (c)(1) and (2) of the Commercial Computer Software-Restricted Rights at 48 CFR 52.227-19, as applicable. Manufacturer is Business Objects S.A., 157-159, rue Anatole France, 92309 Levallois-Perret, France.

Documents, Software, and Services Available on this Web Site

BUSINESS OBJECTS S.A. AND/OR ITS SUPPLIERS MAKE NO REPRESENTATIONS ABOUT THE SUITABILITY OF THE INFORMATION CONTAINED IN THE DOCUMENTS AND RELATED GRAPHICS PUBLISHED ON THIS WEB SITE FOR ANY PURPOSE. ALL SUCH DOCUMENTS AND RELATED GRAPHICS ARE PROVIDED "AS IS ", WITHOUT WARRANTY OF ANY KIND. BUSINESS OBJECTS S.A. AND/OR ITS SUPPLIERS HEREBY DISCLAIM ALL WARRANTIES AND CONDITIONS OF WITH REGARD TO THIS INFORMATION, INCLUDING ALL IMPLIED WARRANTIES AND CONDITIONS OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NON INFRINGEMENT. IN NO EVENT SHALL BUSINESS OBJECTS S.A. BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFIT ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF INFORMATION AVAILABLE ON THIS WEB SITE.
The documents and related graphics published on this web site could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Business Objects S.A. and/or its suppliers may make improvements and/or changes in the products and/or the programs described herein at any time.
Permission to use the documents contained herein, such as press releases, data sheets, white papers, is granted provided that (i) the below copyright notice appears on any and all copies, (ii) that use of such documents is for informational and non commercial or personal purposes only, and no changes to any such document are made. You are not allowed to use or copy the design or layout of this Business Objects S.A. web site, logos, graphics, sounds or images, except as expressly authorized by Business Objects S.A..

Revisions

Smaller textLarger textPrint this page, properly formatted for paper