8.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-0100

GHSA ID

GHSA-4grc-q4fj-45p8

EPSS Score

0.55811%

CWE

CWE-20

Published

3/15/2023

Updated

3/22/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-0100

CVE-2023-0100: Improper Input Validation In Eclipse BIRT

In Eclipse BIRT, starting from version 2.6.2, the default configuration allowed to retrieve a report from the same host using an absolute HTTP path for the report parameter (e.g. __report=http://xyz.com/report.rptdesign). If the host indicated in the __report parameter matched the HTTP Host header value, the report would be retrieved. However, the Host header can be tampered with on some configurations where no virtual hosts are put in place (e.g. in the default configuration of Apache Tomcat) or when the default host points to the BIRT server. This vulnerability was patched on Eclipse BIRT 4.13.

(GitHub Advisory)

8.8

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-0100

GHSA ID

GHSA-4grc-q4fj-45p8

EPSS Score

0.55811%

CWE

CWE-20

Published

3/15/2023

Updated

3/22/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.eclipse.birt:org.eclipse.birt.report.viewer	maven	>= 2.6.2, < 4.13	4.13

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stemmed from improper host validation when processing the __report parameter. The patch in PR #1165 modified how the server's hostname is determined (switching from Host header to server configuration). The ReportServiceServlet.processRequest is the logical entry point for report handling, where this validation would occur. The high confidence comes from the direct correlation between the vulnerability description, the fix's nature (hardening host validation), and the typical structure of BIRT's request handling flow.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

In **lips* *IRT, st*rtin* *rom v*rsion *.*.*, t** ****ult *on*i*ur*tion *llow** to r*tri*v* * r*port *rom t** s*m* *ost usin* *n **solut* *TTP p*t* *or t** r*port p*r*m*t*r (*.*. __r*port=*ttp://xyz.*om/r*port.rpt**si*n). I* t** *ost in*i**t** in t**

Reasoning

T** vuln*r**ility st*mm** *rom improp*r *ost v*li**tion w**n pro**ssin* t** __r*port p*r*m*t*r. T** p*t** in PR #**** mo*i*i** *ow t** s*rv*r's *ostn*m* is **t*rmin** (swit**in* *rom *ost *****r to s*rv*r *on*i*ur*tion). T** `R*portS*rvi**S*rvl*t.pro

8.8

Basic Information

Concerned about an active attack path?

CVE-2023-0100: Improper Input Validation In Eclipse BIRT

8.8

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI