Oracle WebCenter Sites Apache Xalan-Java Library Security Bypass (January 2016 CPU)
High Nessus Plugin ID 88044
SynopsisThe website content management system installed on the remote host is affected by a security bypass vulnerability.
DescriptionThe version Oracle WebCenter Sites installed on the remote host is missing a security patch from the January 2016 Critical Patch Update (CPU). It is, therefore, affected by a security bypass vulnerability in the Apache Xalan-Java library due to a failure to properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled. A remote attacker can exploit this to bypass restrictions and load arbitrary classes or access external resources.
SolutionApply the appropriate patch according to the January 2016 Oracle Critical Patch Update advisory.