Directory Traversal Vulnerability in Oracle Enterprise Manager Grid Control
CVE-2016-0478

Currently unrated

Key Information:

Vendor: Oracle
Status: Application Testing Suite
Vendor: CVE Published:; 21 January 2016

Summary

A vulnerability exists within the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control, which may allow remote attackers to access confidential information through unspecified vectors. This issue is associated with the Load Testing for Web Apps and is suspected to enable directory traversal attacks via the DownloadServlet servlet, allowing unauthorized reading of arbitrary files due to manipulation of the scriptName parameter.

References

http://www.oracle.com/technetwork/topics/security/cpujan2...

x_refsource_CONFIRM

http://www.zerodayinitiative.com/advisories/ZDI-16-036

x_refsource_MISC

http://www.securitytracker.com/id/1034734

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Jan 21, 2016
Vulnerability Reserved
Dec 9, 2015