Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
LOW Availability impact
LOW network
low complexity
oracle
metasploit
Published: 2019-04-23
Updated: 2024-11-21
Summary
Vulnerability in the Oracle Application Testing Suite component of Oracle Enterprise Manager Products Suite (subcomponent: Load Testing for Web Apps). The supported version that is affected is 13.3.0.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Testing Suite. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Testing Suite accessible data as well as unauthorized read access to a subset of Oracle Application Testing Suite accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Testing Suite. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).
Vulnerable Configurations
Part | Description | Count |
Application | Oracle | 1 |
Metasploit
description | This module exploits a vulnerability in Oracle Application Testing Suite (OATS). In the Load Testing interface, a remote user can abuse the custom report template selector, and cause the DownloadServlet class to read any file on the server as SYSTEM. Since the Oracle application contains multiple configuration files that include encrypted credentials, and that there are public resources for decryption, it is actually possible to gain remote code execution by leveraging this directory traversal attack. Please note that authentication is required. By default, OATS has two built-in accounts: default and administrator. You could try to target those first. |
id | MSF:AUXILIARY/GATHER/OATS_DOWNLOADSERVLET_TRAVERSAL |
last seen | 2020-01-20 |
modified | 2019-05-23 |
published | 2019-05-07 |
references | |
reporter | Rapid7 |
source | https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/gather/oats_downloadservlet_traversal.rb |
title | Oracle Application Testing Suite Post-Auth DownloadServlet Directory Traversal |