CVE-2016-0492 : Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0488. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the isAllowedUrl function, which allows remote attackers to bypass authentication via directory traversal sequences following a URI entry that does not require authentication, as demonstrated by olt/Login.do/../../olt/UploadFileUpload.do.

Published 2016-01-21 03:00:40

Updated 2016-12-22 14:39:31

Source Oracle

View at NVD, CVE.org

Vulnerability category: Directory traversal

Exploit prediction scoring system (EPSS) score for CVE-2016-0492

Probability of exploitation activity in the next 30 days: 97.12%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ

Metasploit modules for CVE-2016-0492

Oracle ATS Arbitrary File Upload

Disclosure Date: 2016-01-20

First seen: 2020-04-26

exploit/multi/http/oracle_ats_file_upload

This module exploits an authentication bypass and arbitrary file upload in Oracle Application Testing Suite (OATS), version 12.4.0.2.0 and unknown earlier versions, to upload and execute a JSP shell. Authors: - Zhou Yu - wvu <wvu@metasploit.com>

More information

CVSS scores for CVE-2016-0492

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.4	MEDIUM	AV:N/AC:L/Au:N/C:P/I:P/A:N	10.0	4.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: None

References for CVE-2016-0492

http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

Oracle Critical Patch Update - January 2016
Vendor Advisory

CVEs referencing this url
http://www.securitytracker.com/id/1034734

Oracle Enterprise Manager Grid Control Multiple Flaws Let Remote and Local Users Access Data, Modify Data, and Deny Service - SecurityTracker
Third Party Advisory;VDB Entry

CVEs referencing this url
http://www.securityfocus.com/bid/81158

Oracle Enterprise Manager CVE-2016-0492 Authentication Bypass Vulnerability
Third Party Advisory;VDB Entry
https://www.exploit-db.com/exploits/39691/

Oracle Application Testing Suite (ATS) 12.4.0.2.0 - Authentication Bypass / Arbitrary File Upload
Exploit;Third Party Advisory;VDB Entry

CVEs referencing this url
http://packetstormsecurity.com/files/137175/Oracle-ATS-Arbitrary-File-Upload.html

Oracle ATS Arbitrary File Upload ≈ Packet Storm
Exploit;Third Party Advisory;VDB Entry

CVEs referencing this url
https://www.exploit-db.com/exploits/39852/

Oracle Application Testing Suite (ATS) - Arbitrary File Upload (Metasploit)
Exploit;Third Party Advisory;VDB Entry

CVEs referencing this url
http://www.rapid7.com/db/modules/exploit/multi/http/oracle_ats_file_upload

Oracle ATS Arbitrary File Upload
Third Party Advisory;VDB Entry

CVEs referencing this url
http://www.zerodayinitiative.com/advisories/ZDI-16-042

ZDI-16-042 | Zero Day Initiative
Third Party Advisory;VDB Entry

Products affected by CVE-2016-0492

Oracle » Application Testing Suite » Version: 12.5.0.2
cpe:2.3:a:oracle:application_testing_suite:12.5.0.2:*:*:*:*:*:*:*
Matching versions
Oracle » Application Testing Suite » Version: 12.4.0.2
cpe:2.3:a:oracle:application_testing_suite:12.4.0.2:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2016-0492

Exploit prediction scoring system (EPSS) score for CVE-2016-0492

Metasploit modules for CVE-2016-0492

Oracle ATS Arbitrary File Upload

CVSS scores for CVE-2016-0492

References for CVE-2016-0492

Products affected by CVE-2016-0492