Lucene search
RgodZDI-16-042HistoryJan 25, 2016 - 12:00 a.m.
Oracle Application Testing Suite Authentication Bypass Vulnerability
2016-01-2500:00:00
rgod
www.zerodayinitiative.com
62
EPSS
0.971
Percentile
99.8%
This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle Application Testing Suite. The specific flaw exists within the isAllowedUrl() function. This function has a list of URI entries which do not require authentication. Because the function only checks to see if a URI starts with one of these entries, an attacker can use directory traversal in the URI to gain unauthenticated access to any URI.
Related
checkpoint_advisories
checkpoint_advisories
Oracle Application Testing Suite Authentication Bypass (CVE-2016-0492)
2016-06-19 00:00:00
prion
prion
Directory traversal
2016-01-21 03:00:00
Directory traversal
2016-01-21 03:00:00
exploitpack
exploitpack
zdt
zdt
cve
cve
CVE-2016-0488
2016-01-21 03:00:36
CVE-2016-0492
2016-01-21 03:00:40
exploitdb
exploitdb
cvelist
cvelist
CVE-2016-0488
2016-01-21 02:00:00
CVE-2016-0492
2016-01-21 02:00:00
nvd
nvd
CVE-2016-0488
2016-01-21 03:00:36
CVE-2016-0492
2016-01-21 03:00:40
openvas
openvas
Oracle Application Testing Suite Multiple Vulnerabilities
2016-11-25 00:00:00
oracle
oracle
Oracle Critical Patch Update - January 2016
2016-01-19 00:00:00