Remote File Upload Vulnerability in Oracle Enterprise Manager
CVE-2016-0490

Currently unrated

Key Information:

Vendor: Oracle
Status: Application Testing Suite
Vendor: CVE Published:; 21 January 2016

Summary

An unspecified vulnerability exists in the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control. This flaw may allow remote attackers to compromise the integrity and confidentiality of the system through unknown vectors related to Test Manager for Web Apps. There are suggestions that this may be a directory traversal vulnerability in the UploadServlet, potentially enabling attackers to upload and execute arbitrary files by manipulating the filename header.

References

http://www.oracle.com/technetwork/topics/security/cpujan2...

x_refsource_CONFIRM

http://www.securitytracker.com/id/1034734

vdb-entryx_refsource_SECTRACK

http://www.zerodayinitiative.com/advisories/ZDI-16-039

x_refsource_MISC

EPSS Score

6% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Jan 21, 2016
Vulnerability Reserved
Dec 9, 2015