Detections
Analytics
IBM WebSphere Portal 8.x < 8.0.0.1 CF13 Multiple Vulnerabilities
medium Nessus Plugin ID 77533
Language:
Synopsis
The remote Windows host has web portal software installed that is affected by multiple vulnerabilities.Description
The version of IBM WebSphere Portal on the remote host is affected by multiple vulnerabilities :- An information disclosure vulnerability exists in the HttpClient component of the Apache HttpComponents library. An attacker can exploit this issue by sending a Proxy-Authorization header to retrieve a user's password. (CVE-2011-1498)
- An unspecified cross-site scripting vulnerability exists due to improper validation of user input. An attacker can exploit this issue to execute code in the security context of a user's browser.
(CVE-2014-3102)
- An information disclosure vulnerability exists due to the returned error codes which an attacker can use to identify devices behind a firewall. (CVE-2014-4746)
- An unspecified open redirect vulnerability exists that can allow an attacker to perform a phishing attack by enticing a user to click on a malicious URL.
(CVE-2014-4760)
Solution
IBM has published a cumulative fix for WebSphere Portal 8.0.0.1 (CF13). Refer to IBM's advisory for more information.See Also
https://www-304.ibm.com/support/docview.wss?uid=swg21676776
http://www.nessus.org/u?4c0df724
Plugin Details
Severity: Medium
ID: 77533
File Name: websphere_portal_8_0_0_1_cf13.nasl
Version: 1.6
Type: local
Family: CGI abuses
Published: 9/5/2014
Updated: 1/19/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.0
CVSS v2
Risk Factor: Medium
Base Score: 5.8
Temporal Score: 4.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS Score Source: CVE-2014-4760
Vulnerability Information
CPE: cpe:/a:ibm:websphere_portal
Required KB Items: installed_sw/IBM WebSphere Portal
Exploit Ease: No exploit is required
Patch Publication Date: 7/29/2014
Vulnerability Publication Date: 7/7/2011
Reference Information
CVE: CVE-2011-1498, CVE-2014-3102, CVE-2014-4746, CVE-2014-4760