CVE-2016-0487

Name of the Vulnerable Software and Affected Versions Oracle Enterprise Manager Grid Control versions 12.4.0.2 through 12.5.0.2

Description The issue affects confidentiality and integrity, potentially allowing remote attackers to bypass authentication. It is related to the Test Manager for Web Apps component. There are claims that this could be a directory traversal vulnerability in the process method in the ActionServlet servlet, which might allow attackers to bypass authentication via directory traversal sequences following an unspecified URI string.

Recommendations For versions 12.4.0.2 and 12.5.0.2, consider restricting access to the ActionServlet servlet until a patch is available. As a temporary workaround, avoid using unspecified URI strings that could lead to directory traversal sequences in the affected component. At the moment, there is no information about a newer version that contains a fix for this vulnerability.