CVE-2016-0476

Published: Jan 21, 2016Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect confidentiality via unknown vectors related to Load Testing for Web Apps, a different vulnerability than CVE-2016-0477 and CVE-2016-0478. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that this is a directory traversal vulnerability in the DownloadServlet servlet, which allows remote attackers to read arbitrary files via directory traversal sequences in the reportName parameter.

Affected (2)

Products: Oracle: Enterprise Manager Grid Control

1 product

Enterprise Manager Grid Control

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Oracle Enterprise Manager Grid Control	Version 12.4.0.2
Oracle Enterprise Manager Grid Control	Version 12.5.0.2

References (8)

http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

Source: secalert_us@oracle.com

PatchVendor Advisory

http://www.securityfocus.com/bid/81199

Source: secalert_us@oracle.com

http://www.securitytracker.com/id/1034734

Source: secalert_us@oracle.com

http://www.zerodayinitiative.com/advisories/ZDI-16-045

Source: secalert_us@oracle.com

http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.securityfocus.com/bid/81199

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1034734

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.zerodayinitiative.com/advisories/ZDI-16-045

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.