CVE-2016-0451

Oracle GoldenGate <12.1.2 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2016-0451. PoCs published by rwincey.

AI-analyzed exploit summary This PoC exploits CVE-2016-0451 in Oracle GoldenGate by uploading a malicious file via the EXTRACT START SERVER command and executing it through GGSCI START OBEY. It supports both Windows and Unix targets, with payload cleanup mechanisms.

Description

Unspecified vulnerability in the Oracle GoldenGate component in Oracle GoldenGate 11.2 and 12.1.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2016-0452.

Exploits (1)

nomisec WORKING POC
by rwincey · poc
https://github.com/rwincey/Oracle-GoldenGate---CVE-2016-0451

This PoC exploits CVE-2016-0451 in Oracle GoldenGate by uploading a malicious file via the EXTRACT START SERVER command and executing it through GGSCI START OBEY. It supports both Windows and Unix targets, with payload cleanup mechanisms.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Oracle GoldenGate (versions affected by CVE-2016-0451)
No auth needed
Prerequisites: Network access to Oracle GoldenGate Manager port · Target system must be vulnerable to CVE-2016-0451
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-16-022
Exploit, Third Party Advisory x_refsource_misc
https://redr2e.com/cve-to-poc-cve-2016-0451/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/81125

Scores

EPSS 0.0683
EPSS Percentile 93.2%

Details

Status published
Products (2)
oracle/goldengate 11.2
oracle/goldengate 12.1.2
Published Jan 21, 2016
Tracked Since Feb 18, 2026