CVE-2016-0491 : Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect integrity and availability via unknown vectors related to Load Testing for Web Apps. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that the UploadFileAction servlet allows remote authenticated users to upload and execute arbitrary files via an * (asterisk) character in the fileType parameter.

Published 2016-01-21 03:00:39

Updated 2016-12-22 14:38:47

Source Oracle

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2016-0491

Probability of exploitation activity in the next 30 days: 95.95%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2016-0491

Oracle ATS Arbitrary File Upload

Disclosure Date: 2016-01-20

First seen: 2020-04-26

exploit/multi/http/oracle_ats_file_upload

This module exploits an authentication bypass and arbitrary file upload in Oracle Application Testing Suite (OATS), version 12.4.0.2.0 and unknown earlier versions, to upload and execute a JSP shell. Authors: - Zhou Yu - wvu <wvu@metasploit.com>

More information

CVSS scores for CVE-2016-0491

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.4	MEDIUM	AV:N/AC:L/Au:N/C:N/I:P/A:P	10.0	4.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: Partial

References for CVE-2016-0491

http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

Oracle Critical Patch Update - January 2016
Patch;Vendor Advisory

CVEs referencing this url
http://www.securitytracker.com/id/1034734

Oracle Enterprise Manager Grid Control Multiple Flaws Let Remote and Local Users Access Data, Modify Data, and Deny Service - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url
https://www.exploit-db.com/exploits/39691/

Oracle Application Testing Suite (ATS) 12.4.0.2.0 - Authentication Bypass / Arbitrary File Upload
Exploit;Third Party Advisory;VDB Entry

CVEs referencing this url
http://packetstormsecurity.com/files/137175/Oracle-ATS-Arbitrary-File-Upload.html

Oracle ATS Arbitrary File Upload ≈ Packet Storm
Exploit

CVEs referencing this url
http://www.securityfocus.com/bid/81169

Oracle Enterprise Manager CVE-2016-0491 Remote Code Execution Vulnerability
Third Party Advisory;VDB Entry
http://www.zerodayinitiative.com/advisories/ZDI-16-047

ZDI-16-047 | Zero Day Initiative
Third Party Advisory;VDB Entry
https://www.exploit-db.com/exploits/39852/

Oracle Application Testing Suite (ATS) - Arbitrary File Upload (Metasploit)
Exploit;Third Party Advisory;VDB Entry

CVEs referencing this url
http://www.rapid7.com/db/modules/exploit/multi/http/oracle_ats_file_upload

Oracle ATS Arbitrary File Upload
Third Party Advisory;VDB Entry

CVEs referencing this url

Products affected by CVE-2016-0491

Oracle » Application Testing Suite » Version: 12.5.0.2
cpe:2.3:a:oracle:application_testing_suite:12.5.0.2:*:*:*:*:*:*:*
Matching versions
Oracle » Application Testing Suite » Version: 12.4.0.2
cpe:2.3:a:oracle:application_testing_suite:12.4.0.2:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2016-0491

Exploit prediction scoring system (EPSS) score for CVE-2016-0491

Metasploit modules for CVE-2016-0491

Oracle ATS Arbitrary File Upload

CVSS scores for CVE-2016-0491

References for CVE-2016-0491

Products affected by CVE-2016-0491