Detections
Analytics
Oracle WebCenter Sites Multiple Vulnerabilities (October 2012 CPU)
medium Nessus Plugin ID 72778
Language:
Synopsis
The remote host has software installed that is affected by multiple vulnerabilities.Description
The remote Oracle WebCenter Sites install is missing patches from the October 2012 CPU. As a result, it may be affected by multiple vulnerabilities :- A cross-site request forgery vulnerability exists that can be triggered by tricking a victim into clicking an image link on a specially crafted page. (CVE-2012-3185)
- A flaw in the UI Subcomponent could allow an authenticated user the ability to alter the email address information of other users. (CVE-2012-3183)
- The UI Subcomponent is affected by a cross-site scripting vulnerability due to lack of sanitization for the 'username' and 'StartItem' parameters.
(CVE-2012-3184)
- The 'selectedLocale' parameter in the UI Subcomponent is not properly sanitized and allows SQL injection.
(CVE-2012-3186)
- The Oracle WebCenter Sites ImagePicket Subcomponent is affected by an unspecified local vulnerability.
(CVE-2012-5065)
Solution
Apply the appropriate patch according to the October 2012 Oracle Critical Patch Update advisory.See Also
Plugin Details
Severity: Medium
ID: 72778
File Name: oracle_webcenter_sites_oct_2012_cpu.nasl
Version: 1.7
Type: local
Agent: windows
Family: Windows
Published: 3/3/2014
Updated: 4/11/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.2
CVSS v2
Risk Factor: Medium
Base Score: 4.9
Temporal Score: 3.8
Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:N
CVSS Score Source: CVE-2012-3186
Vulnerability Information
CPE: cpe:/a:oracle:fusion_middleware
Required KB Items: SMB/WebCenter_Sites/Installed
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 10/16/2012
Vulnerability Publication Date: 10/16/2012
Reference Information
CVE: CVE-2012-3183, CVE-2012-3184, CVE-2012-3185, CVE-2012-3186, CVE-2012-5065