Oracle Application Testing Suite Java Object Deserialization RCE (April 2016 CPU)
Critical Nessus Plugin ID 90859
SynopsisThe remote host has a web application installed that is affected by a remote code execution vulnerability.
DescriptionThe version of Oracle Application Testing Suite installed on the remote host is affected by a remote code execution vulnerability due to unsafe deserialize calls of unauthenticated Java objects to the Apache Commons Collections (ACC) library. An unauthenticated, remote attacker can exploit this, by sending a crafted SOAP request, to execute arbitrary code on the target host.
SolutionApply the appropriate patch according to the April 2016 Oracle Critical Patch Update advisory.