Oracle Application Testing Suite DownloadServlet scenario Directory Traversal (CVE-2016-0477)

A directory traversal vulnerability exists in the in Oracle's Application Testing Suite. The vulnerability is due to insufficient input validation while processing HTTP requests to the "/olt/download" URI. A remote unauthenticated attacker can exploit this vulnerability by sending a malicious...

CVE-2016-0477

CVE-2016-0477 affects Oracle Application Testing Suite (Oracle Enterprise Manager Grid Control) 12.4.0.2 and 12.5.0.2. It is a directory traversal flaw in the DownloadServlet used by Load Testing/Download functionality, enabling remote attackers to read arbitrary files via directory traversal seq...