CVE-2016-0491

Oracle Application Testing Suite - Unspecified Vuln

Title source: llm

Description

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect integrity and availability via unknown vectors related to Load Testing for Web Apps. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that the UploadFileAction servlet allows remote authenticated users to upload and execute arbitrary files via an * (asterisk) character in the fileType parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Zhou Yu · pythonwebappsjsp

https://www.exploit-db.com/exploits/39691

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotejava

https://www.exploit-db.com/exploits/39852

View Code ZIP pw:eip

References (8)

[Exploit] http://packetstormsecurity.com/files/137175/Oracle-ATS-Arbitrary-File-Upload.html

[Patch, Vendor Advisory] http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

[Third Party Advisory, VDB Entry] http://www.rapid7.com/db/modules/exploit/multi/http/oracle_ats_file_upload

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/81169

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1034734

[Third Party Advisory, VDB Entry] http://www.zerodayinitiative.com/advisories/ZDI-16-047

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/39691/

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/39852/

Scores

EPSS 0.8843

EPSS Percentile 99.5%

Classification

Status draft

Affected Products (2)

oracle/application_testing_suite

oracle/application_testing_suite

Timeline

Published Jan 21, 2016

Tracked Since Feb 18, 2026