IBM WebSphere Portal Apache Commons FileUpload DoS

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has web portal software installed that is
affected by a denial of service vulnerability.

Description :

The version of IBM WebSphere Portal on the remote host is affected by
a denial of service vulnerability in the Apache Commons FileUpload
library that allows an attacker to cause the application to enter an
infinite loop.

See also :

http://www-01.ibm.com/support/docview.wss?uid=swg21672575
http://www-01.ibm.com/support/docview.wss?uid=swg24029452#CF028
http://www-01.ibm.com/support/docview.wss?uid=swg24034497#CF12
http://www.nessus.org/u?12fd87aa

Solution :

For 6.1.x, first upgrade to either : Fix Pack 6.1.0.6 CF27 or Fix Pack
6.1.5.3 CF27
then apply Interim Fixes PI14025, PI14027, PI14028,
PI14029, PI14086, PI14150, PI14812, PI15187, and PI17908.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 4.3
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: CGI abuses

Nessus Plugin ID: 74293 ()

Bugtraq ID: 65400

CVE ID: CVE-2014-0050