CVE-2016-0492

🗓️ 21 Jan 2016 02:00:00Reported by oracleType

cve🔗 web.nvd.nist.gov👁 59 Views🌐 WEB

Vulnerability in Oracle Application Testing Suite affecting confidentiality and integrity

Reporter	Title	Published	Views	Family All 16
0day.today	Oracle Application Testing Suite 12.4.0.2.0 - Authentication Bypass / Arbitrary File Upload	13 Apr 201600:00	–	zdt
0day.today	Oracle Application Testing Suite (ATS) - Arbitrary File Upload (Metasploit)	25 May 201600:00	–	zdt
Circl	CVE-2016-0492	13 Apr 201600:00	–	circl
CNVD	Unspecified Vulnerability in Oracle Enterprise Manager Grid Control Oracle Application Testing Suite Test Manager for Web Apps Component (CNVD-2016-00669)	23 Jan 201600:00	–	cnvd
Check Point Advisories	Oracle Application Testing Suite Authentication Bypass (CVE-2016-0492)	19 Jun 201600:00	–	checkpoint_advisories
Cvelist	CVE-2016-0492	21 Jan 201602:00	–	cvelist
Exploit DB	Oracle Application Testing Suite (ATS) 12.4.0.2.0 - Authentication Bypass / Arbitrary File Upload	13 Apr 201600:00	–	exploitdb
EUVD	EUVD-2016-0523	21 Jan 201602:00	–	euvd
exploitpack	Oracle Application Testing Suite (ATS) 12.4.0.2.0 - Authentication Bypass Arbitrary File Upload	13 Apr 201600:00	–	exploitpack
NVD	CVE-2016-0492	21 Jan 201603:00	–	nvd

NVD

Node

oracle application_testing_suiteMatch12.4.0.2

oracle application_testing_suiteMatch12.5.0.2

Source	Link
securityfocus	www.securityfocus.com/bid/81158
exploit-db	www.exploit-db.com/exploits/39852/
exploit-db	www.exploit-db.com/exploits/39691/
zerodayinitiative	www.zerodayinitiative.com/advisories/ZDI-16-042
rapid7	www.rapid7.com/db/modules/exploit/multi/http/oracle_ats_file_upload
oracle	www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
securitytracker	www.securitytracker.com/id/1034734
packetstormsecurity	www.packetstormsecurity.com/files/137175/Oracle-ATS-Arbitrary-File-Upload.html

Parameter	Position	Path	Description	CWE
storage.extension	path	olt/Login.do/../../olt/UploadFileUpload.do	Authentication bypass with arbitrary file upload via traversal to UploadFileUpload.do for Oracle ATS.	CWE-306
fileName1	path	olt/Login.do/../../olt/UploadFileUpload.do	Authentication bypass with arbitrary file upload via traversal to UploadFileUpload.do for Oracle ATS.	CWE-306
fileName2	path	olt/Login.do/../../olt/UploadFileUpload.do	Authentication bypass with arbitrary file upload via traversal to UploadFileUpload.do for Oracle ATS.	CWE-306
fileName3	path	olt/Login.do/../../olt/UploadFileUpload.do	Authentication bypass with arbitrary file upload via traversal to UploadFileUpload.do for Oracle ATS.	CWE-306
fileName4	path	olt/Login.do/../../olt/UploadFileUpload.do	Authentication bypass with arbitrary file upload via traversal to UploadFileUpload.do for Oracle ATS.	CWE-306
fileType	path	olt/Login.do/../../olt/UploadFileUpload.do	Authentication bypass with arbitrary file upload via traversal to UploadFileUpload.do for Oracle ATS.	CWE-306
file1	path	olt/Login.do/../../olt/UploadFileUpload.do	Authentication bypass with arbitrary file upload via traversal to UploadFileUpload.do for Oracle ATS.	CWE-306
storage.repository	path	olt/Login.do/../../olt/UploadFileUpload.do	Authentication bypass with arbitrary file upload via traversal to UploadFileUpload.do for Oracle ATS.	CWE-306
storage.workspace	path	olt/Login.do/../../olt/UploadFileUpload.do	Authentication bypass with arbitrary file upload via traversal to UploadFileUpload.do for Oracle ATS.	CWE-306
directory	path	olt/Login.do/../../olt/UploadFileUpload.do	Authentication bypass with arbitrary file upload via traversal to UploadFileUpload.do for Oracle ATS.	CWE-306

06 May 2026 22:30Current

7.3High risk

Vulners AI Score7.3

CVSS 26.4

EPSS0.91458