Lucene search

K
srcinciteSteven Seeley (mr_me) of Source InciteSRC-2019-0015
HistoryOct 02, 2018 - 12:00 a.m.

SRC-2019-0015 : Oracle Application Testing Suite ActionServlet processFileUpload Directory Traversal Remote Code Execution Vulnerability

2018-10-0200:00:00
Steven Seeley (mr_me) of Source Incite
srcincite.io
3

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

19.0%

Vulnerability Details:

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Oracle Application Testing Suite. Authentication is required to exploit this vulnerability.

The specific flaw exists within the ActionServlet servlet’s processFileUpload method. The issue results from the lack of proper validation of a user-supplied string before using execute a system call. An attacker can leverage this vulnerability to execute code under the context of the SYSTEM.

Affected Vendors:

Oracle

Affected Products:

Application Testing Suite

Vendor Response:

Oracle has issued an update to correct this vulnerability. More details can be found at: <https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html&gt;

6.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

19.0%

Related for SRC-2019-0015