CVE-2016-0491 in Enterprise Managerinformazioni

Riassunto

di MITRE

Unspecified vulnerability in the Oracle Application Testing Suite component in Oracle Enterprise Manager Grid Control 12.4.0.2 and 12.5.0.2 allows remote attackers to affect integrity and availability via unknown vectors related to Load Testing for Web Apps. NOTE: the previous information is from the January 2016 CPU. Oracle has not commented on third-party claims that the UploadFileAction servlet allows remote authenticated users to upload and execute arbitrary files via an * (asterisk) character in the fileType parameter.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Prenotare

09/12/2015

Divulgazione

20/01/2016

Moderazione

accettato

Voce

VDB-80402

CPE

pronto

CWE

CWE-434 (non confermato)

Sfruttamento

Scaricare

CVSS

6.4 (NVD)

EPSS

0.80750

KEV

Attività

molto basso

Settore

Lawfirm, Pharma, ...

Fonti

MITRE	https://www.cve.org/CVERecord?id=CVE-2016-0491
NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-0491
CVE Details	https://www.cvedetails.com/cve/CVE-2016-0491/

◂ Precedente Visione D'ensemble Il prossimo ▸

Interested in the pricing of exploits?

See the underground prices here!