IBM WebSphere Portal 6.1.0.x < 6.1.0.6 CF27 Multiple Vulnerabilities

medium Nessus Plugin ID 78739

Synopsis

The remote Windows host has web portal software installed that is affected by multiple vulnerabilities.

Description

The version of IBM WebSphere Portal installed on the remote host is 6.1.0.x prior 6.1.0.6 CF27. It is, therefore, affected by multiple vulnerabilities :

- A cross-site scripting vulnerability exists in the 'boot_config.jsp' script due to improper validation of user-supplied input. An attacker can exploit this issue to execute arbitrary script code in the security context of a user's browser to steal authentication cookies.
(CVE-2014-0952)

- An unspecified cross-site scripting vulnerability exists due to improper validation of user-supplied input. An attacker can exploit this issue to execute arbitrary script code in the security context of a user's web browser to steal authentication cookies. (CVE-2014-0956)

- An unspecified vulnerability exists that allows an authenticated attacker to execute arbitrary code on the system. (CVE-2014-4808)

- A flaw exists due to improper recursion detection during entity expansion. A remote attacker, via a specially crafted XML document, can cause the system to crash, resulting in a denial of service. (CVE-2014-4814)

- An information disclosure vulnerability exists that allows a remote attacker to identify whether or not a file exists based on the web server error codes.
(CVE-2014-4821)

- An unspecified reflected cross-site scripting vulnerability exists due to improper validation of user-supplied input. A remote attacker can exploit this flaw using a specially crafted URL to execute arbitrary script code in a user's web browser within the security context of the hosting website. This allows an attacker to steal a user's cookie-based authentication credentials. (CVE-2014-6215)

- An unspecified reflected cross-site scripting vulnerability exists due to improper validation of user-supplied input. A remote attacker can exploit this flaw using a specially crafted URL to execute arbitrary script code in a user's web browser within the security context of the hosting website. This allows an attacker to steal a user's cookie-based authentication credentials. (CVE-2014-8909)

- An unspecified flaw exists that is trigged when handling Portal requests. A remote attacker can exploit this to cause a consumption of CPU resources, resulting in a denial of service condition. (CVE-2015-1943)

- An unspecified reflected cross-site scripting vulnerability exists due to improper validation of user-supplied input. A remote attacker can exploit this flaw using a specially crafted URL to execute arbitrary script code in a user's web browser within the security context of the hosting website. This allows an attacker to steal a user's cookie-based authentication credentials. (CVE-2016-2925)

Solution

Upgrade to IBM WebSphere Portal 6.1.0.6 Cumulative Fix 27 (CF27) or later.

See Also

https://www-304.ibm.com/support/docview.wss?uid=swg21684651

http://www.nessus.org/u?2e77e115

https://www-01.ibm.com/support/docview.wss?uid=swg21672572

Plugin Details

Severity: Medium

ID: 78739

File Name: websphere_portal_6_1_0_6_cf27.nasl

Version: 1.18

Type: local

Family: CGI abuses

Published: 10/30/2014

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:ibm:websphere_portal

Required KB Items: installed_sw/IBM WebSphere Portal

Exploit Ease: No exploit is required

Patch Publication Date: 10/27/2014

Vulnerability Publication Date: 5/13/2014

Reference Information

CVE: CVE-2014-0952, CVE-2014-0956, CVE-2014-4808, CVE-2014-4814, CVE-2014-4821, CVE-2014-6215, CVE-2014-8909, CVE-2015-1943, CVE-2016-2925

BID: 67417, 67419, 70755, 70757, 70758, 71728, 73958

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990