IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to cause a denial of service (resource consumption and daemon crash) via a crafted web request.

The version of IBM WebSphere Portal installed on the remote host is 7.0.0.x prior to 7.0.0.2 CF29. It is, therefore, affected by multiple vulnerabilities :

  - A remote code execution vulnerability exists in the     Apache Struts ClassLoader. A remote attacker can exploit     this issue by manipulating the 'class' parameter of an     ActionForm object to execute arbitrary code.
    (CVE-2014-0114)

  - A cross-site scripting vulnerability exists which allows     a remote, authenticated attacker to inject arbitrary     web script or HTML. (CVE-2014-0910)

  - An unspecified denial of service vulnerability exists     that allows a remote attacker to crash the host by     sending a specially crafted web request to cause a     consumption of resources. (CVE-2014-0949)

  - A cross-site scripting vulnerability exists in the     'boot_config.jsp' script due to improper validation of     user-supplied input. An attacker can exploit this issue     to execute arbitrary script code in the security context     of a user's browser to steal authentication cookies.
    (CVE-2014-0952)

  - An unspecified cross-site scripting vulnerability exists     due to improper validation of user-supplied input.
    (CVE-2014-0953)

  - A privilege escalation vulnerability exists in the Web     Content Viewer portlet due to improper handling of JSP     includes. A remote attacker can exploit this issue to     obtain sensitive information, cause a denial of service,     or control the request dispatcher by sending a specially     crafted URL request. (CVE-2014-0954)

  - An unspecified cross-site scripting vulnerability exists     due to improper validation of user-supplied input. An     attacker can exploit this issue to execute arbitrary     script code in the security context of a user's web     browser to steal authentication cookies. (CVE-2014-0956)

  - An unspecified denial of service vulnerability exists     that allows an authenticated attacker to cause a     successful login to loop back to the login page     indefinitely. (CVE-2014-0959)

  - An unspecified information disclosure vulnerability     exists which allows a remote attacker to gain access to     sensitive information. (CVE-2014-3083)

  - An unspecified cross-site scripting vulnerability     exists due to improper validation of user-supplied     input. An attacker can exploit this issue to execute     arbitrary script code in the security context of a     user's browser. (CVE-2014-3102)

  - An information disclosure vulnerability exists due to     the returned error codes which an attacker can use to     identify devices behind a firewall. (CVE-2014-4746)

  - An unspecified open redirect vulnerability exists that     allows an attacker to perform a phishing attack by     enticing a user to click on a malicious URL.
    (CVE-2014-4760)

  - An information disclosure vulnerability exists which     allows a remote, authenticated attacker to gain access     to sensitive information, such as user credentials,     through certain HTML pages. (CVE-2014-4761)

  - An unrestricted file upload vulnerability exists which     allows a remote, authenticated attacker to upload large     files, potentially resulting in a denial of service.
    (CVE-2014-4792)

  - An unspecified vulnerability exists that allows an     authenticated attacker to execute arbitrary code on the     system. (CVE-2014-4808)

  - A flaw exists due to improper recursion detection during     entity expansion. A remote attacker, via a specially     crafted XML document, can cause the system to crash,     resulting in a denial of service. (CVE-2014-4814)

  - An information disclosure vulnerability exists that     allows a remote attacker to identify whether or not a     file exists based on the web server error codes.
    (CVE-2014-4821)

  - An unspecified cross-site scripting vulnerability exists     that allows a remote, authenticated attacker to execute     arbitrary code via a specially crafted URL.
    (CVE-2014-6093)

  - An unspecified reflected cross-site scripting     vulnerability exists due to improper validation of     user-supplied input. A remote attacker can exploit this     flaw using a specially crafted URL to execute arbitrary     script code in a user's web browser within the security     context of the hosting website. This allows an attacker     to steal a user's cookie-based authentication     credentials. (CVE-2014-6215)

  - An unspecified reflected cross-site scripting     vulnerability exists due to improper validation of     user-supplied input. A remote attacker can exploit this     flaw using a specially crafted URL to execute arbitrary     script code in a user's web browser within the security     context of the hosting website. This allows an attacker     to steal a user's cookie-based authentication     credentials. (CVE-2014-8909)

  - An unspecified flaw exists that is trigged when handling     Portal requests. A remote attacker can exploit this to     cause a consumption of CPU resources, resulting in a     denial of service condition. (CVE-2015-1943)

The version of IBM WebSphere Portal on the remote host is affected by an unspecified denial of service vulnerability that allows a remote attacker to crash the host by sending a specially crafted web request.

The version of IBM WebSphere Portal on the remote host is affected by multiple vulnerabilities :

  - A denial of service vulnerability exists in the Apache     Commons FileUpload library that allows an attacker to     cause the application to enter an infinite loop.
    (CVE-2014-0050)

  - An unspecified denial of service vulnerability exists     that allows a remote attacker to crash the host by     sending a specially crafted web request.
    (CVE-2014-0949)

  - A cross-site scripting (XSS) vulnerability exists in the     'FilterForm.jsp' script due to improper user input     validation. (CVE-2014-0951)

  - An XSS vulnerability exists in the 'boot_config.jsp'     script due to improper user input validation.
    (CVE-2014-0952)

  - An unspecified XSS vulnerability exists due to improper     validation of user input. (CVE-2014-0953)

  - A privilege escalation vulnerability exists in the Web     Content Viewer portlet due to improper handling of JSP     includes. A remote attacker can exploit this issue to     obtain sensitive information, cause a denial of service,     or control the request dispatcher by sending a specially     crafted URL request. (CVE-2014-0954)

  - An XSS vulnerability exists in the Social Rendering     feature due to improper validation of user input. Note     that this only affects installs using IBM Connections     with the Social Rendering feature. (CVE-2014-0955)

  - An unspecified XSS vulnerability exists due to improper     validation of user input in a JSP script.
    (CVE-2014-0956)

  - An unspecified open redirect vulnerability exists that     allows an attacker to perform a phishing attack by     enticing a user to click on a malicious URL.
    (CVE-2014-0958)

  - An unspecified denial of service vulnerability exists     that allows an authenticated attacker to cause a     successful login to loop back to the login page     indefinitely. (CVE-2014-0959)

An attacker can exploit the XSS vulnerabilities to execute code in the security context of a user's browser in order to steal authentication cookies.

The version of IBM WebSphere Portal installed on the remote host is affected by multiple vulnerabilities :

  - An unspecified denial of service vulnerability exists     that allows a remote attacker to crash the host by     sending a specially crafted web request. (CVE-2014-0949)

  - A cross-site scripting (XSS) vulnerability exists in the     'FilterForm.jsp' script due to improper user input     validation. An attacker can exploit the vulnerability to     execute code in the security context of a user's browser     to steal authentication cookies. (CVE-2014-0951)

  - An unspecified open redirect vulnerability exists that     allows an attacker to perform a phishing attack by     enticing a user to click on a malicious URL.
    (CVE-2014-0958)

ID	Name	Product	Family	Severity
79691	IBM WebSphere Portal 7.0.0.x < 7.0.0.2 CF29 Multiple Vulnerabilities	Nessus	CGI abuses	high
74157	IBM WebSphere Portal Unspecified DoS (PI15692)	Nessus	CGI abuses	medium
74156	IBM WebSphere Portal 8.x < 8.0.0.1 CF12 Multiple Vulnerabilities	Nessus	CGI abuses	high
74155	IBM WebSphere Portal 7.0.0.x < 7.0.0.2 CF28 Multiple Vulnerabilities	Nessus	CGI abuses	medium

Detections

Analytics

CVE-2014-0949

high

Tenable Plugins

high

medium

high

medium