- Home
- CVEs with nessus.description==The Oracle WebCenter Sites installed on the remote host is missing patches from the April 2015 CPU. It is, therefore, affected by multiple vulnerabilities :
- A flaw exists within 'MultipartStream.java' in Apache Commons FileUpload when parsing malformed Content-Type headers. A remote attacker, using a crafted header, can exploit this to cause an infinite loop, resulting in a denial of service. (CVE-2014-0050)
- ParametersInterceptor in Apache Struts does not properly restrict access to the getClass method. A remote attacker, using a crafted request, can exploit this to manipulate the ClassLoader, thus allowing the execution of arbitrary code. (CVE-2014-0112)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top