Synopsis
The remote Windows host has web portal software installed that is affected by multiple vulnerabilities.
Description
The version of IBM WebSphere Portal installed on the remote host is affected by the multiple vulnerabilities :
- Multiple vulnerabilities exist in the Apache Cordova component, including cross-application scripting, security bypass, and information disclosure.
(CVE-2014-3500, CVE-2014-3501, CVE-2014-3502)
- An information disclosure flaw exists that allows remote authenticated attackers to obtain credentials by reading HTML source code. (CVE-2014-4761)
- An unspecified vulnerability exists that allows an authenticated attacker to execute arbitrary code on the system. (CVE-2014-4808)
- A flaw exists that is caused by improper recursion detection during entity expansion. By tricking a user into opening a specially-crafted XML document, an attacker can cause the system to crash, resulting in a denial of service. (CVE-2014-4814)
- An information disclosure vulnerability exists that allows a remote attacker to identify whether or not a file exists based on the web server error codes.
(CVE-2014-4821)
- A flaw exists in CKEditor in the Preview plugin that allows a cross-site scripting attack. The flaw exists due to 'plugins/preview/preview.html' not properly validating user-supplied input before returning it to users. This allows an attacker to send a specially crafted request designed to steal cookie-based authentication credentials. (CVE-2014-5191)
- A cross-site request forgery vulnerability exists due to improper validation of user-supplied input. By tricking a user into visiting a malicious website, a remote attacker can perform cross-site scripting attacks, web cache poisoning, and other malicious activities. (CVE-2014-6125)
- A cross-site scripting vulnerability exists due to improper validation of user-supplied input. A remote attacker can execute code within a victim's web browser within the context of the hosted site. This can lead to the compromise of the user's cookie-based authentication credentials. (CVE-2014-6126)
- An unspecified cross-site scripting vulnerability exists due to improper validation of user input.
(CVE-2014-4762)
Solution
IBM has published a cumulative fix (CF03) for WebSphere Portal 8.5.0.
Refer to IBM's advisory for more information.
Plugin Details
File Name: websphere_portal_8_5_0_0_cf03.nasl
Supported Sensors: Nessus
Risk Information
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/a:ibm:websphere_portal
Required KB Items: installed_sw/IBM WebSphere Portal
Exploit Ease: No exploit is required
Patch Publication Date: 10/27/2014
Vulnerability Publication Date: 10/24/2014
Reference Information
CVE: CVE-2014-3500, CVE-2014-3501, CVE-2014-3502, CVE-2014-4761, CVE-2014-4808, CVE-2014-4814, CVE-2014-4821, CVE-2014-5191, CVE-2014-6125, CVE-2014-6126, CVE-2014-6215
BID: 69038, 69041, 69046, 69161, 70322, 70755, 70756, 70757, 70758, 70759, 71728
CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990