IQID:13682 HTTP Oracle Application Testing Suite Authentication Bypass Vulnerability S
IQID: 13682 - August 2016
Unspecified vulnerability in the Oracle Application Testing Suite
component in Oracle Enterprise Manager Grid Control 12.4.0.2 and
12.5.0.2 allows remote attackers to affect confidentiality and
integrity via unknown vectors related to Load Testing for Web Apps, a
different vulnerability than CVE-2016-0488. NOTE: the previous
information is from the January 2016 CPU. Oracle has not commented on
third-party claims that this is a directory traversal vulnerability in
the isAllowedUrl function, which allows remote attackers to bypass
authentication via directory traversal sequences following a URI entry
that does not require authentication, as demonstrated by
olt/Login.do/../../olt/UploadFileUpload.do.
A Full Description is available for this threat, please sign in for access to Full Description.
Attack Data
Attack Data is available for this threat, please sign in for access to Attack Data.
CVSS Information
CVSS Information is available for this threat, please sign in for access to CVSS Information.
Date
Date Information is available for this threat, please sign in for access to Date Information.
External Resources
External resources are available for this threat, please sign in for access to external resources.
Security Rule
A security rule is available to identify this threat, please sign in for access to security rules.
Permalink
Link directly to this page.
http://www.idappcom.com/db/?13682
© 2024 by IDappcom. Privacy policy. IDappcom Ltd, 6 Rural Enterprise Centre, Ludlow, Shropshire, SY8 1FF.