CVE-2016-0476

Published on: 01/20/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:13 PM UTC

AV:N/AC:L/Au:N/C:P/I:N/A:N

Certain versions of Enterprise Manager Grid Control from Oracle contain the following vulnerability:

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0477 and CVE-2016-0478. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the DownloadServlet servlet, which allows remote attackers to read arbitrary files via directory traversal sequences in the reportName parameter.

CVSS2 Score: 5 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL NONE NONE

CVE References

Description Tags Link
Oracle Enterprise Manager Grid Control Multiple Flaws Let Remote and Local Users Access Data, Modify Data, and Deny Service - SecurityTracker www.securitytracker.com
text/html
URL Logo SECTRACK 1034734
Oracle Enterprise Manager CVE-2016-0476 Directory Traversal Vulnerability cve.report (archive)
text/html
URL Logo BID 81199
Zero Day Initiative www.zerodayinitiative.com
text/html
URL Logo MISC www.zerodayinitiative.com/advisories/ZDI-16-045
Oracle Critical Patch Update - January 2016 Patch
Vendor Advisory
www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationOracleEnterprise Manager Grid Control12.4.0.2AllAllAll
ApplicationOracleEnterprise Manager Grid Control12.5.0.2AllAllAll
ApplicationOracleEnterprise Manager Grid Control12.4.0.2AllAllAll
ApplicationOracleEnterprise Manager Grid Control12.5.0.2AllAllAll
  • cpe:2.3:a:oracle:enterprise_manager_grid_control:12.4.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:enterprise_manager_grid_control:12.5.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:enterprise_manager_grid_control:12.4.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:enterprise_manager_grid_control:12.5.0.2:*:*:*:*:*:*:*: