Oracle WebCenter Portal Multiple Vulnerabilities (July 2015 CPU)

Medium Nessus Plugin ID 84916


The remote host is affected by multiple vulnerabilities.


The remote host has a version of Oracle WebCenter Portal installed that is affected by the following vulnerabilities :

- A flaw exists in Oracle's implementation of the JSR (Java Specification Request) 286 Portlet Specification functionality. A remote, authenticated attacker can exploit this, via crafted portal URL, to affect confidentiality and integrity. (CVE-2015-1926)

- A security bypass vulnerability exists in the Portlet Bridge for JavaServer Faces due to a failure to properly restrict access to resources in web applications. A remote attacker can exploit this, via a URL with a modified resource ID, to disclose sensitive information.


Apply the appropriate patch according to the July 2015 Oracle Critical Patch Update advisory.

See Also

Plugin Details

Severity: Medium

ID: 84916

File Name: oracle_webcenter_portal_july_2015_cpu.nbin

Version: $Revision: 1.69 $

Type: local

Family: Misc.

Published: 2015/07/22

Modified: 2018/02/12

Dependencies: 72064

Risk Information

Risk Factor: Medium


Base Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N


Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Vulnerability Information

CPE: cpe:/a:oracle:fusion_middleware

Required KB Items: installed_sw/Oracle WebCenter Portal

Patch Publication Date: 2015/07/14

Vulnerability Publication Date: 2015/07/14

Reference Information

CVE: CVE-2015-1926, CVE-2015-3244

BID: 75860, 75941

OSVDB: 124243, 124842