Detections
Analytics

IBM WebSphere Portal Outside In Technology Multiple Overflows (PI07290)

low Nessus Plugin ID 73499

Language:

Synopsis

The remote Windows host has web portal software installed that is affected by multiple remote code execution vulnerabilities.

Description

The version of IBM WebSphere Portal on the remote host is affected by multiple remote code execution vulnerabilities in the Outside In Technology component :

 - A stack overflow in the Filters subcomponent of the OS/2 Metafile Parser. (CVE-2013-5763)

 - A stack overflow in the Microsoft Access database file format parser. (CVE-2013-5791)

A remote attacker can use specially crafted files to cause a buffer overflow and execute arbitrary code.

Solution

IBM has published Interim Fix PI07290. This fix is a part of 7.0.0.2 CF27 and 8.0.0.1 CF10. Refer to IBM's advisory for more information.

See Also

http://www-01.ibm.com/support/docview.wss?uid=swg21660640

http://xforce.iss.net/xforce/xfdb/87925

http://xforce.iss.net/xforce/xfdb/88557

Plugin Details

Severity: Low

ID: 73499

File Name: websphere_portal_cve-2013-5791.nasl

Version: 1.8

Type: local

Family: CGI abuses

Published: 4/14/2014

Updated: 1/19/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.1

CVSS v2

Risk Factor: Low

Base Score: 1.5

Temporal Score: 1.2

Vector: CVSS2#AV:L/AC:M/Au:S/C:N/I:N/A:P

CVSS Score Source: CVE-2013-5791

Vulnerability Information

CPE: cpe:/a:ibm:websphere_portal

Required KB Items: Settings/ParanoidReport, installed_sw/IBM WebSphere Portal

Exploit Available: true

Exploit Ease: No exploit is required

Patch Publication Date: 10/15/2013

Vulnerability Publication Date: 10/15/2013

Exploitable With

Core Impact

Reference Information

CVE: CVE-2013-5763, CVE-2013-5791

BID: 63076, 63741

CERT: 953241