CVE-2016-0490

Name of the Vulnerable Software and Affected Versions Oracle Enterprise Manager Grid Control versions 12.4.0.2 through 12.5.0.2

Description The issue affects confidentiality and integrity, potentially allowing remote attackers to execute arbitrary code via unknown vectors related to Test Manager for Web Apps. There are claims that this could be a directory traversal vulnerability in the UploadServlet servlet, which may allow remote attackers to upload and execute arbitrary files by using directory traversal sequences in a filename header.

Recommendations For versions 12.4.0.2 and 12.5.0.2, consider restricting access to the UploadServlet servlet as a temporary workaround until a patch is available. Avoid using directory traversal sequences in the filename header in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.