IBM WebSphere Portal Unspecified DoS (PI50952)

high Nessus Plugin ID 86997

Synopsis

The remote Windows host has web portal software installed that is affected by a denial of service vulnerability.

Description

The version of IBM WebSphere Portal installed on the Windows remote host is affected by an unspecified flaw. An unauthenticated, remote attacker can exploit this, via a crafted request, to cause excessive memory consumption, resulting in a denial of service. No other details are available.

Note that hosts with Cumulative Fixes for WebSphere Portal 8.0.0.1 prior to CF13 are not affected.

Solution

Upgrade to IBM WebSphere Portal version 8.5.0 CF08 / 8.0.0.1 CF18 with interim fix PI50952.

See Also

http://www-01.ibm.com/support/docview.wss?uid=swg21969906

Plugin Details

Severity: High

ID: 86997

File Name: websphere_portal_cve-2015-7419.nasl

Version: 1.7

Type: local

Family: CGI abuses

Published: 11/20/2015

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.5

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/a:ibm:websphere_portal

Required KB Items: installed_sw/IBM WebSphere Portal

Exploit Ease: No exploit is required

Patch Publication Date: 11/9/2015

Vulnerability Publication Date: 11/9/2015

Reference Information

CVE: CVE-2015-7419

BID: 77563