Oracle WebCenter Sites Multiple Vulnerabilities (October 2015 CPU)

High Nessus Plugin ID 86577


The website content management system installed on the remote host is affected by multiple vulnerabilities.


The version Oracle WebCenter Sites installed on the remote host is missing security patches from the October 2015 Critical Patch Update (CPU). It is, therefore, affected by multiple vulnerabilities :

- A flaw exists in the bundled SpringSource Spring Framework that allows a remote attacker to execute arbitrary code via an HTTP request containing class.classLoader.URLs[0]=jar: followed by an URL of a crafted .jar file. (CVE-2010-1622)

- An unspecified flaw exists in the Security subcomponent that allows a remote attacker to impact integrity.


Apply the appropriate patch according to the October 2015 Oracle Critical Patch Update advisory.

See Also

Plugin Details

Severity: High

ID: 86577

File Name: oracle_webcenter_sites_oct_2015_cpu.nasl

Version: $Revision: 1.5 $

Type: local

Agent: windows

Family: Windows

Published: 2015/10/23

Modified: 2016/01/23

Dependencies: 72776

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:oracle:fusion_middleware

Required KB Items: SMB/WebCenter_Sites/Installed

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2015/10/20

Vulnerability Publication Date: 2010/04/29

Reference Information

CVE: CVE-2010-1622, CVE-2015-4799

BID: 40954

OSVDB: 65661, 129080