This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
An application server installed on the remote host is affected by an
arbitrary file upload vulnerability.
The version of Oracle WebLogic Portal installed on the remote host is
missing a security patch from the January 2016 Critical Patch Update
(CPU). It is, therefore, affected by a file upload vulnerability in
the bundled Apache Commons library. A flaw exists in the DiskFileItem
class that is triggered during the handling of NULL characters. A
remote attacker can exploit this, via a serialized instance of the
DiskFileItem class, to upload arbitrary files.
See also :
Apply the appropriate patch according to the January 2016 Oracle
Critical Patch Update advisory.
Risk factor :
High / CVSS Base Score : 7.5