Oracle WebCenter Sites Multiple Vulnerabilities (October 2012 CPU)

This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.

Synopsis :

The remote host has software installed that is affected by multiple

Description :

The remote Oracle WebCenter Sites install is missing patches from the
October 2012 CPU. As a result, it may be affected by multiple
vulnerabilities :

- A cross-site request forgery vulnerability exists that
can be triggered by tricking a victim into clicking an
image link on a specially crafted page. (CVE-2012-3185)

- A flaw in the UI Subcomponent could allow an
authenticated user the ability to alter the email
address information of other users. (CVE-2012-3183)

- The UI Subcomponent is affected by a cross-site
scripting vulnerability due to lack of sanitization for
the 'username' and 'StartItem' parameters.

- The 'selectedLocale' parameter in the UI Subcomponent is
not properly sanitized and allows SQL injection.

- The Oracle WebCenter Sites ImagePicket Subcomponent is
affected by an unspecified local vulnerability.

See also :

Solution :

Apply the appropriate patch according to the October 2012 Oracle
Critical Patch Update advisory.

Risk factor :

Medium / CVSS Base Score : 5.5
CVSS Temporal Score : 4.3
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 72778 ()

Bugtraq ID: 55968

CVE ID: CVE-2012-3183

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now