Oracle WebCenter Portal Multiple Vulnerabilities (July 2015 CPU)
Medium Nessus Plugin ID 84916
SynopsisThe remote host is affected by multiple vulnerabilities.
DescriptionThe remote host has a version of Oracle WebCenter Portal installed that is affected by the following vulnerabilities :
- A flaw exists in Oracle's implementation of the JSR (Java Specification Request) 286 Portlet Specification functionality. A remote, authenticated attacker can exploit this, via crafted portal URL, to affect confidentiality and integrity. (CVE-2015-1926)
- A security bypass vulnerability exists in the Portlet Bridge for JavaServer Faces due to a failure to properly restrict access to resources in web applications. A remote attacker can exploit this, via a URL with a modified resource ID, to disclose sensitive information.
SolutionApply the appropriate patch according to the July 2015 Oracle Critical Patch Update advisory.