CVE-2016-0485
Published on: 01/20/2016 12:00:00 AM UTC
Last Modified on: 03/23/2021 11:27:14 PM UTC
Certain versions of Application Testing Suite from Oracle contain the following vulnerability:
Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Test Manager for Web Apps, a different vulnerability than CVE-2016-0480, CVE-2016-0481, CVE-2016-0482, and CVE-2016-0486. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the DownloadServlet servlet, which allows remote attackers to read arbitrary files via directory traversal sequences in the reportName parameter.
- CVE-2016-0485 has been assigned by
[email protected] to track the vulnerability
CVSS2 Score: 5 - MEDIUM
Access Vector ⓘ |
Access Complexity |
Authentication |
---|---|---|
NETWORK | LOW | NONE |
Confidentiality Impact |
Integrity Impact |
Availability Impact |
PARTIAL | NONE | NONE |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Oracle Enterprise Manager Grid Control Multiple Flaws Let Remote and Local Users Access Data, Modify Data, and Deny Service - SecurityTracker | Third Party Advisory VDB Entry www.securitytracker.com text/html |
![]() |
Oracle Enterprise Manager CVE-2016-0485 Directory Traversal Vulnerability | Third Party Advisory VDB Entry cve.report (archive) text/html |
![]() |
Zero Day Initiative | Third Party Advisory VDB Entry www.zerodayinitiative.com text/html |
![]() |
Oracle.com Outage | Patch Vendor Advisory www.oracle.com text/html Inactive LinkNot Archived |
![]() |
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Oracle | Application Testing Suite | 12.4.0.2 | All | All | All |
Application | Oracle | Application Testing Suite | 12.5.0.2 | All | All | All |
Application | Oracle | Application Testing Suite | 12.4.0.2 | All | All | All |
Application | Oracle | Application Testing Suite | 12.5.0.2 | All | All | All |
- cpe:2.3:a:oracle:application_testing_suite:12.4.0.2:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:application_testing_suite:12.5.0.2:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:application_testing_suite:12.4.0.2:*:*:*:*:*:*:*:
- cpe:2.3:a:oracle:application_testing_suite:12.5.0.2:*:*:*:*:*:*:*:
No vendor comments have been submitted for this CVE