Detections
Analytics

IBM WebSphere Portal Entity Expansion DoS (PI24622)

low Nessus Plugin ID 78744

Language:

Synopsis

The remote Windows host has web portal software installed that is affected by a denial of service vulnerability.

Description

The version of IBM WebSphere Portal installed on the remote host is affected by a denial of service vulnerability. A flaw exists that is caused by improper recursion detection during entity expansion. By tricking a user into opening a specially crafted XML document, an attacker can cause the system to crash, resulting in a denial of service.

Solution

IBM has published Interim Fix PI24622. Refer to IBM's advisory for more information.

See Also

https://www-304.ibm.com/support/docview.wss?uid=swg21684651

Plugin Details

Severity: Low

ID: 78744

File Name: websphere_portal_cve-2014-4814.nasl

Version: 1.7

Type: local

Family: CGI abuses

Published: 10/30/2014

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Low

Base Score: 3.5

Temporal Score: 2.6

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:N/A:P

Vulnerability Information

CPE: cpe:/a:ibm:websphere_portal

Required KB Items: installed_sw/IBM WebSphere Portal

Exploit Ease: No exploit is required

Patch Publication Date: 10/27/2014

Vulnerability Publication Date: 10/24/2014

Reference Information

CVE: CVE-2014-4814

BID: 70758