Arbitrary File Upload Vulnerability in Oracle Application Testing Suite
CVE-2016-0491

Currently unrated

Key Information:

Vendor

Oracle
Status
Application Testing Suite
Vendor
CVE Published:
21 January 2016

What is CVE-2016-0491?

An unspecified vulnerability exists within the Oracle Application Testing Suite component of Oracle Enterprise Manager Grid Control. This flaw enables remote attackers to potentially manipulate the integrity and availability of applications via unknown vectors tied to load testing for web applications. Notably, there are claims that an exploit linked to the UploadFileAction servlet might allow authenticated users to upload arbitrary files through a manipulation of the fileType parameter, presenting a significant security risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/bid/81169
vdb-entryx_refsource_BID
https://www.exploit-db.com/exploits/39852/
exploitx_refsource_EXPLOIT-DB
http://www.oracle.com/technetwork/topics/security/cpujan2...
x_refsource_CONFIRM

EPSS Score

88% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.