Detections
Analytics

IBM WebSphere Portal Unspecified HTTP Response Splitting (PM85071)

low Nessus Plugin ID 73386

Language:

Synopsis

The remote Windows host has web portal software installed that is affected by an HTTP response splitting vulnerability.

Description

The version of WebSphere Portal on the remote host is affected by an HTTP response splitting vulnerability. An attacker could insert arbitrary HTTP headers that could allow the attacker to inject additional headers in order to manipulate cookies.

Solution

IBM has published APAR PM85071. This fix is included in 6.1.0.x / 6.1.5.x CF26 / 7.0.0.2 CF21 / 8.0.0.x CF05. Refer to IBM's advisory for more information or a workaround.

See Also

http://www.nessus.org/u?65a35990

https://www-304.ibm.com/support/docview.wss?uid=swg21638864

Plugin Details

Severity: Low

ID: 73386

File Name: websphere_portal_cve-2013-2950.nasl

Version: 1.5

Type: local

Family: CGI abuses

Published: 4/7/2014

Updated: 1/19/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.7

CVSS v2

Risk Factor: Low

Base Score: 3.5

Temporal Score: 2.6

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:ibm:websphere_portal

Required KB Items: Settings/ParanoidReport, installed_sw/IBM WebSphere Portal

Exploit Ease: No exploit is required

Patch Publication Date: 5/28/2013

Vulnerability Publication Date: 5/28/2013

Reference Information

CVE: CVE-2013-2950

BID: 60201