This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.
The website content management system installed on the remote host is
affected by multiple vulnerabilities.
The version Oracle WebCenter Sites installed on the remote host is
missing security patches from the October 2015 Critical Patch Update
(CPU). It is, therefore, affected by multiple vulnerabilities :
- A flaw exists in the bundled SpringSource Spring
Framework that allows a remote attacker to execute
arbitrary code via an HTTP request containing
class.classLoader.URLs=jar: followed by an URL of a
crafted .jar file. (CVE-2010-1622)
- An unspecified flaw exists in the Security subcomponent
that allows a remote attacker to impact integrity.
See also :
Apply the appropriate patch according to the October 2015 Oracle
Critical Patch Update advisory.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.2
Public Exploit Available : true