Vulnerabilities > CVE-2019-2557 - Unspecified vulnerability in Oracle Application Testing Suite 13.3.0.1

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

oracle

metasploit

NVD

Published: 2019-04-23

Updated: 2020-08-24

Summary

Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite (subcomponent: Load Testing for Web Apps). The supported version that is affected is 13.3.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Testing Suite accessible data as well as unauthorized read access to a subset of Oracle Application Testing Suite accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Testing Suite. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).

Vulnerable Configurations

Part	Description	Count
Application	Oracle Oracle Application Testing Suite 13.3.0.1	1

Metasploit

description	This module exploits a vulnerability in Oracle Application Testing Suite (OATS). In the Load Testing interface, a remote user can abuse the custom report template selector, and cause the DownloadServlet class to read any file on the server as SYSTEM. Since the Oracle application contains multiple configuration files that include encrypted credentials, and that there are public resources for decryption, it is actually possible to gain remote code execution by leveraging this directory traversal attack. Please note that authentication is required. By default, OATS has two built-in accounts: default and administrator. You could try to target those first.
id	MSF:AUXILIARY/GATHER/OATS_DOWNLOADSERVLET_TRAVERSAL
last seen	2020-01-20
modified	2019-05-23
published	2019-05-07
references	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2557 https://srcincite.io/advisories/src-2019-0033/ https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
reporter	Rapid7
source	https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/gather/oats_downloadservlet_traversal.rb
title	Oracle Application Testing Suite Post-Auth DownloadServlet Directory Traversal

References

http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html