This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.
The website content management system installed on the remote host is
affected by multiple vulnerabilities.
The Oracle WebCenter Sites installed on the remote host is missing
patches from the April 2015 CPU. It is, therefore, affected by
multiple vulnerabilities :
- A flaw exists within 'MultipartStream.java' in Apache
Commons FileUpload when parsing malformed Content-Type
headers. A remote attacker, using a crafted header,
can exploit this to cause an infinite loop, resulting
in a denial of service. (CVE-2014-0050)
- ParametersInterceptor in Apache Struts does not properly
restrict access to the getClass method. A remote
attacker, using a crafted request, can exploit this to
manipulate the ClassLoader, thus allowing the execution
of arbitrary code. (CVE-2014-0112)
See also :
Apply the appropriate patch according to the April 2015 Oracle
Critical Patch Update advisory.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.2
Public Exploit Available : true