Directory Traversal Vulnerability in Oracle Application Testing Suite
CVE-2016-0476

Currently unrated

Key Information:

Vendor: Oracle
Status: Enterprise Manager Grid Control
Vendor: CVE Published:; 21 January 2016

Summary

An unspecified vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control may allow remote attackers to access confidential information through directory traversal techniques. This issue primarily affects the Load Testing for Web Apps feature, posing a risk of unauthorized file access by manipulating the reportName parameter. This vulnerability is distinct from other related issues documented in the January 2016 Critical Patch Update.

References

http://www.oracle.com/technetwork/topics/security/cpujan2...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/81199

vdb-entryx_refsource_BID

http://www.securitytracker.com/id/1034734

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Jan 21, 2016
Vulnerability Reserved
Dec 9, 2015