Advisory Details Advisory Dates: January 25th, 2016 Title: Oracle Application Testing Suite Authentication Bypass Vulnerability Vulnerability IDs: - ZDI-16-033 - ZDI-CAN-3356 - CVE-2016-0487 Severity CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) Affected Information Affected Vendor: Oracle Affected Product: Application Testing Suite vulnerability Detail Flaw Details: Allows remote attackers to bypass authentication on vulnerable installations of Oracle Application Testing Suite through a specific string in the ActionServlet servlet URI. Protection (Trend Micro): Protected by Digital Vaccine with filter ID '21339'. Additional Information Vendor Response: Oracle has provided an update. More at: Oracle security update Timeline Disclosure: - Vulnerability reported to vendor on 2015-10-08 - Advisory released publicly on 2016-01-25 Credit Researcher acknowledgment: rgod