CVE-2016-0480

Published on: 01/20/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:13 PM UTC

AV:N/AC:L/Au:N/C:P/I:N/A:N

Certain versions of Application Testing Suite from Oracle contain the following vulnerability:

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0481, CVE-2016-0482, CVE-2016-0485, and CVE-2016-0486. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the DownloadServlet servlet, which allows remote attackers to read arbitrary files via directory traversal sequences in the TMAPReportImage parameter.

CVSS2 Score: 5 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK LOW NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
PARTIAL NONE NONE

CVE References

Description Tags Link
Oracle Enterprise Manager Grid Control Multiple Flaws Let Remote and Local Users Access Data, Modify Data, and Deny Service - SecurityTracker www.securitytracker.com
text/html
URL Logo SECTRACK 1034734
Zero Day Initiative www.zerodayinitiative.com
text/html
URL Logo MISC www.zerodayinitiative.com/advisories/ZDI-16-043
Oracle Enterprise Manager CVE-2016-0480 Directory Traversal Vulnerability cve.report (archive)
text/html
URL Logo BID 81070
Oracle Critical Patch Update - January 2016 Patch
Vendor Advisory
www.oracle.com
text/html
URL Logo CONFIRM www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationOracleApplication Testing Suite12.4.0.2AllAllAll
ApplicationOracleApplication Testing Suite12.5.0.2AllAllAll
ApplicationOracleApplication Testing Suite12.4.0.2AllAllAll
ApplicationOracleApplication Testing Suite12.5.0.2AllAllAll
  • cpe:2.3:a:oracle:application_testing_suite:12.4.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:application_testing_suite:12.5.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:application_testing_suite:12.4.0.2:*:*:*:*:*:*:*:
  • cpe:2.3:a:oracle:application_testing_suite:12.5.0.2:*:*:*:*:*:*:*: