Directory Traversal Vulnerability in Oracle Application Testing Suite
CVE-2016-0477

Currently unrated

Key Information:

Vendor: Oracle
Status: Application Testing Suite
Vendor: CVE Published:; 21 January 2016

Summary

An unspecified vulnerability in Oracle Application Testing Suite, part of Oracle Enterprise Manager Grid Control versions 12.4.0.2 and 12.5.0.2, allows remote attackers to potentially compromise data confidentiality. This flaw is linked to Load Testing for Web Apps and may be exploited through directory traversal sequences in the DownloadServlet servlet. Attackers could use this vulnerability to gain unauthorized access to sensitive files located within the repository, workspace, or scenario parameters.

References

http://www.oracle.com/technetwork/topics/security/cpujan2...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/81153

vdb-entryx_refsource_BID

http://www.zerodayinitiative.com/advisories/ZDI-16-041

x_refsource_MISC

Timeline

Vulnerability published
Jan 21, 2016
Vulnerability Reserved
Dec 9, 2015