PT-2016-4242 · Oracle · Oracle Application Testing Suite

Rgod

Publicado

2016-01-21

Atualizado

2016-12-07

CVE-2016-0481

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Oracle Application Testing Suite (affected versions not specified)

Description The issue is related to a Directory Traversal Information Disclosure problem. It involves the scheduleReportName parameter in the DownloadServlet. This parameter is vulnerable to directory traversal attacks, which can lead to information disclosure.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2016-0481

ZDI-16-044

Produtos afetados

Oracle Application Testing Suite

PT-2016-4242 · Oracle · Oracle Application Testing Suite

CVE-2016-0481

Identificadores relacionados

Produtos afetados

Referências · 7