IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, 8.0 through 8.0.0.1 CF14, and 8.5.0 before CF03 does not properly detect recursion during entity expansion, which allows remote authenticated users to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.

The version of IBM WebSphere Portal installed on the remote host is 8.0.0.x prior to 8.0.0.1 CF15. It is, therefore, affected by multiple vulnerabilities :

  - A flaw exists in 'Apache Commons HttpClient' that allows     a man-in-the-middle attacker to spoof SSL servers via a     certificate with a subject that specifies a common name     in a field that is not the CN field. (CVE-2012-6153)

  - A flaw exists in 'Apache HttpComponents' that allows a     man-in-the-middle attacker to spoof SSL servers via a     certificate with a subject that specifies a common name     in a field that is not the CN field. (CVE-2014-3577)

  - An unspecified vulnerability exists that allows an     authenticated attacker to execute arbitrary code on the     system. (CVE-2014-4808)

  - A flaw exists due to improper recursion detection during     entity expansion. A remote attacker, via a specially     crafted XML document, can cause the system to crash,     resulting in a denial of service. (CVE-2014-4814)

  - An information disclosure vulnerability exists that     allows a remote attacker to identify whether or not a     file exists based on the web server error codes.
    (CVE-2014-4821)

  - A cross-site scripting vulnerability exists in the     'Preview' plugin in CKEditor, which allows a remote     attacker to inject arbitrary data via unspecified     vectors. (CVE-2014-5191)

  - A cross-site scripting vulnerability exists that allows     an attacker to inject arbitrary web script or HTML via a     specially crafted URL. (CVE-2014-6171)

  - A flaw exists when the Managed Pages setting is enabled     that allows a remote, authenticated attacker to write to     pages via an XML injection attack. (CVE-2014-6193)

  - A cross-site scripting vulnerability exists in the Blog     Portlet, which allows an attacker to inject arbitrary     data via a specially crafted URL. (CVE-2014-8902)

The version of IBM WebSphere Portal installed on the remote host is 7.0.0.x prior to 7.0.0.2 CF29. It is, therefore, affected by multiple vulnerabilities :

  - A remote code execution vulnerability exists in the     Apache Struts ClassLoader. A remote attacker can exploit     this issue by manipulating the 'class' parameter of an     ActionForm object to execute arbitrary code.
    (CVE-2014-0114)

  - A cross-site scripting vulnerability exists which allows     a remote, authenticated attacker to inject arbitrary     web script or HTML. (CVE-2014-0910)

  - An unspecified denial of service vulnerability exists     that allows a remote attacker to crash the host by     sending a specially crafted web request to cause a     consumption of resources. (CVE-2014-0949)

  - A cross-site scripting vulnerability exists in the     'boot_config.jsp' script due to improper validation of     user-supplied input. An attacker can exploit this issue     to execute arbitrary script code in the security context     of a user's browser to steal authentication cookies.
    (CVE-2014-0952)

  - An unspecified cross-site scripting vulnerability exists     due to improper validation of user-supplied input.
    (CVE-2014-0953)

  - A privilege escalation vulnerability exists in the Web     Content Viewer portlet due to improper handling of JSP     includes. A remote attacker can exploit this issue to     obtain sensitive information, cause a denial of service,     or control the request dispatcher by sending a specially     crafted URL request. (CVE-2014-0954)

  - An unspecified cross-site scripting vulnerability exists     due to improper validation of user-supplied input. An     attacker can exploit this issue to execute arbitrary     script code in the security context of a user's web     browser to steal authentication cookies. (CVE-2014-0956)

  - An unspecified denial of service vulnerability exists     that allows an authenticated attacker to cause a     successful login to loop back to the login page     indefinitely. (CVE-2014-0959)

  - An unspecified information disclosure vulnerability     exists which allows a remote attacker to gain access to     sensitive information. (CVE-2014-3083)

  - An unspecified cross-site scripting vulnerability     exists due to improper validation of user-supplied     input. An attacker can exploit this issue to execute     arbitrary script code in the security context of a     user's browser. (CVE-2014-3102)

  - An information disclosure vulnerability exists due to     the returned error codes which an attacker can use to     identify devices behind a firewall. (CVE-2014-4746)

  - An unspecified open redirect vulnerability exists that     allows an attacker to perform a phishing attack by     enticing a user to click on a malicious URL.
    (CVE-2014-4760)

  - An information disclosure vulnerability exists which     allows a remote, authenticated attacker to gain access     to sensitive information, such as user credentials,     through certain HTML pages. (CVE-2014-4761)

  - An unrestricted file upload vulnerability exists which     allows a remote, authenticated attacker to upload large     files, potentially resulting in a denial of service.
    (CVE-2014-4792)

  - An unspecified vulnerability exists that allows an     authenticated attacker to execute arbitrary code on the     system. (CVE-2014-4808)

  - A flaw exists due to improper recursion detection during     entity expansion. A remote attacker, via a specially     crafted XML document, can cause the system to crash,     resulting in a denial of service. (CVE-2014-4814)

  - An information disclosure vulnerability exists that     allows a remote attacker to identify whether or not a     file exists based on the web server error codes.
    (CVE-2014-4821)

  - An unspecified cross-site scripting vulnerability exists     that allows a remote, authenticated attacker to execute     arbitrary code via a specially crafted URL.
    (CVE-2014-6093)

  - An unspecified reflected cross-site scripting     vulnerability exists due to improper validation of     user-supplied input. A remote attacker can exploit this     flaw using a specially crafted URL to execute arbitrary     script code in a user's web browser within the security     context of the hosting website. This allows an attacker     to steal a user's cookie-based authentication     credentials. (CVE-2014-6215)

  - An unspecified reflected cross-site scripting     vulnerability exists due to improper validation of     user-supplied input. A remote attacker can exploit this     flaw using a specially crafted URL to execute arbitrary     script code in a user's web browser within the security     context of the hosting website. This allows an attacker     to steal a user's cookie-based authentication     credentials. (CVE-2014-8909)

  - An unspecified flaw exists that is trigged when handling     Portal requests. A remote attacker can exploit this to     cause a consumption of CPU resources, resulting in a     denial of service condition. (CVE-2015-1943)

The version of IBM WebSphere Portal installed on the remote host is affected by a denial of service vulnerability. A flaw exists that is caused by improper recursion detection during entity expansion. By tricking a user into opening a specially crafted XML document, an attacker can cause the system to crash, resulting in a denial of service.

The version of IBM WebSphere Portal installed on the remote host is affected by the multiple vulnerabilities :

  - Multiple vulnerabilities exist in the Apache Cordova     component, including cross-application scripting,     security bypass, and information disclosure.
    (CVE-2014-3500, CVE-2014-3501, CVE-2014-3502)

  - An information disclosure flaw exists that allows     remote authenticated attackers to obtain credentials     by reading HTML source code. (CVE-2014-4761)

  - An unspecified vulnerability exists that allows an     authenticated attacker to execute arbitrary code on the     system. (CVE-2014-4808)

  - A flaw exists that is caused by improper recursion     detection during entity expansion. By tricking a user     into opening a specially-crafted XML document, an     attacker can cause the system to crash, resulting in a     denial of service. (CVE-2014-4814)

  - An information disclosure vulnerability exists that     allows a remote attacker to identify whether or not a     file exists based on the web server error codes.
    (CVE-2014-4821)

  - A flaw exists in CKEditor in the Preview plugin that     allows a cross-site scripting attack. The flaw exists     due to 'plugins/preview/preview.html' not properly     validating user-supplied input before returning it to     users. This allows an attacker to send a specially     crafted request designed to steal cookie-based     authentication credentials. (CVE-2014-5191)

  - A cross-site request forgery vulnerability exists due     to improper validation of user-supplied input. By     tricking a user into visiting a malicious website, a     remote attacker can perform cross-site scripting     attacks, web cache poisoning, and other malicious     activities. (CVE-2014-6125)

  - A cross-site scripting vulnerability exists due to     improper validation of user-supplied input. A remote     attacker can execute code within a victim's web browser     within the context of the hosted site. This can lead to     the compromise of the user's cookie-based authentication     credentials. (CVE-2014-6126)

  - An unspecified cross-site scripting vulnerability exists     due to improper validation of user input.
    (CVE-2014-4762)

The version of IBM WebSphere Portal installed on the remote host is 6.1.5.x prior to 6.1.5.3 CF27. It is, therefore, affected by multiple vulnerabilities :

  - A cross-site scripting vulnerability exists in the     'boot_config.jsp' script due to improper validation of     user-supplied input. An attacker can exploit this issue     to execute arbitrary script code in the security context     of a user's browser to steal authentication cookies.
    (CVE-2014-0952)

  - An unspecified cross-site scripting vulnerability exists     due to improper validation of user-supplied input. An     attacker can exploit this issue to execute arbitrary     script code in the security context of a user's web     browser to steal authentication cookies. (CVE-2014-0956)

  - An unspecified vulnerability exists that allows an     authenticated attacker to execute arbitrary code on the     system. (CVE-2014-4808)

  - A flaw exists due to improper recursion detection during     entity expansion. A remote attacker, via a specially     crafted XML document, can cause the system to crash,     resulting in a denial of service. (CVE-2014-4814)

  - An information disclosure vulnerability exists that     allows a remote attacker to identify whether or not a     file exists based on the web server error codes.
    (CVE-2014-4821)

  - An unspecified reflected cross-site scripting     vulnerability exists due to improper validation of     user-supplied input. A remote attacker can exploit this     flaw using a specially crafted URL to execute arbitrary     script code in a user's web browser within the security     context of the hosting website. This allows an attacker     to steal a user's cookie-based authentication     credentials. (CVE-2014-6215)

  - An unspecified reflected cross-site scripting     vulnerability exists due to improper validation of     user-supplied input. A remote attacker can exploit this     flaw using a specially crafted URL to execute arbitrary     script code in a user's web browser within the security     context of the hosting website. This allows an attacker     to steal a user's cookie-based authentication     credentials. (CVE-2014-8909)

  - An unspecified flaw exists that is trigged when handling     Portal requests. A remote attacker can exploit this to     cause a consumption of CPU resources, resulting in a     denial of service condition. (CVE-2015-1943)

  - An unspecified reflected cross-site scripting     vulnerability exists due to improper validation of     user-supplied input. A remote attacker can exploit this     flaw using a specially crafted URL to execute arbitrary     script code in a user's web browser within the security     context of the hosting website. This allows an attacker     to steal a user's cookie-based authentication     credentials. (CVE-2016-2925)

The version of IBM WebSphere Portal installed on the remote host is 6.1.0.x prior 6.1.0.6 CF27. It is, therefore, affected by multiple vulnerabilities :

  - A cross-site scripting vulnerability exists in the     'boot_config.jsp' script due to improper validation of     user-supplied input. An attacker can exploit this issue     to execute arbitrary script code in the security context     of a user's browser to steal authentication cookies.
    (CVE-2014-0952)

  - An unspecified cross-site scripting vulnerability exists     due to improper validation of user-supplied input. An     attacker can exploit this issue to execute arbitrary     script code in the security context of a user's web     browser to steal authentication cookies. (CVE-2014-0956)

  - An unspecified vulnerability exists that allows an     authenticated attacker to execute arbitrary code on the     system. (CVE-2014-4808)

  - A flaw exists due to improper recursion detection during     entity expansion. A remote attacker, via a specially     crafted XML document, can cause the system to crash,     resulting in a denial of service. (CVE-2014-4814)

  - An information disclosure vulnerability exists that     allows a remote attacker to identify whether or not a     file exists based on the web server error codes.
    (CVE-2014-4821)

  - An unspecified reflected cross-site scripting     vulnerability exists due to improper validation of     user-supplied input. A remote attacker can exploit this     flaw using a specially crafted URL to execute arbitrary     script code in a user's web browser within the security     context of the hosting website. This allows an attacker     to steal a user's cookie-based authentication     credentials. (CVE-2014-6215)

  - An unspecified reflected cross-site scripting     vulnerability exists due to improper validation of     user-supplied input. A remote attacker can exploit this     flaw using a specially crafted URL to execute arbitrary     script code in a user's web browser within the security     context of the hosting website. This allows an attacker     to steal a user's cookie-based authentication     credentials. (CVE-2014-8909)

  - An unspecified flaw exists that is trigged when handling     Portal requests. A remote attacker can exploit this to     cause a consumption of CPU resources, resulting in a     denial of service condition. (CVE-2015-1943)

  - An unspecified reflected cross-site scripting     vulnerability exists due to improper validation of     user-supplied input. A remote attacker can exploit this     flaw using a specially crafted URL to execute arbitrary     script code in a user's web browser within the security     context of the hosting website. This allows an attacker     to steal a user's cookie-based authentication     credentials. (CVE-2016-2925)

ID	Name	Product	Family	Severity
82850	IBM WebSphere Portal 8.0.0.x < 8.0.0.1 CF15 Multiple Vulnerabilities	Nessus	CGI abuses	medium
79691	IBM WebSphere Portal 7.0.0.x < 7.0.0.2 CF29 Multiple Vulnerabilities	Nessus	CGI abuses	high
78744	IBM WebSphere Portal Entity Expansion DoS (PI24622)	Nessus	CGI abuses	low
78742	IBM WebSphere Portal 8.5.0 < 8.5.0 CF03 Multiple Vulnerabilities	Nessus	CGI abuses	medium
78740	IBM WebSphere Portal 6.1.5.x < 6.1.5.3 CF27 Multiple Vulnerabilities	Nessus	CGI abuses	medium
78739	IBM WebSphere Portal 6.1.0.x < 6.1.0.6 CF27 Multiple Vulnerabilities	Nessus	CGI abuses	medium

Detections

Analytics

CVE-2014-4814

medium

Tenable Plugins

medium

high

low

medium

medium

medium