Oracle WebCenter Sites Multiple Vulnerabilities (October 2015 CPU)
High Nessus Plugin ID 86577
SynopsisThe website content management system installed on the remote host is affected by multiple vulnerabilities.
DescriptionThe version Oracle WebCenter Sites installed on the remote host is missing security patches from the October 2015 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities :
- A flaw exists in the bundled SpringSource Spring Framework that allows a remote attacker to execute arbitrary code via an HTTP request containing class.classLoader.URLs=jar: followed by an URL of a crafted .jar file. (CVE-2010-1622)
- An unspecified flaw exists in the Security subcomponent that allows a remote attacker to impact integrity.
SolutionApply the appropriate patch according to the October 2015 Oracle Critical Patch Update advisory.