Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.WEBSPHERE_PORTAL_7_0_0_2_CF29.NASL
HistoryDec 03, 2014 - 12:00 a.m.

IBM WebSphere Portal 7.0.0.x < 7.0.0.2 CF29 Multiple Vulnerabilities

2014-12-0300:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
44
JSON

The version of IBM WebSphere Portal installed on the remote host is 7.0.0.x prior to 7.0.0.2 CF29. It is, therefore, affected by multiple vulnerabilities :

  • A remote code execution vulnerability exists in the Apache Struts ClassLoader. A remote attacker can exploit this issue by manipulating the ‘class’ parameter of an ActionForm object to execute arbitrary code.
    (CVE-2014-0114)

  • A cross-site scripting vulnerability exists which allows a remote, authenticated attacker to inject arbitrary web script or HTML. (CVE-2014-0910)

  • An unspecified denial of service vulnerability exists that allows a remote attacker to crash the host by sending a specially crafted web request to cause a consumption of resources. (CVE-2014-0949)

  • A cross-site scripting vulnerability exists in the ‘boot_config.jsp’ script due to improper validation of user-supplied input. An attacker can exploit this issue to execute arbitrary script code in the security context of a user’s browser to steal authentication cookies.
    (CVE-2014-0952)

  • An unspecified cross-site scripting vulnerability exists due to improper validation of user-supplied input.
    (CVE-2014-0953)

  • A privilege escalation vulnerability exists in the Web Content Viewer portlet due to improper handling of JSP includes. A remote attacker can exploit this issue to obtain sensitive information, cause a denial of service, or control the request dispatcher by sending a specially crafted URL request. (CVE-2014-0954)

  • An unspecified cross-site scripting vulnerability exists due to improper validation of user-supplied input. An attacker can exploit this issue to execute arbitrary script code in the security context of a user’s web browser to steal authentication cookies. (CVE-2014-0956)

  • An unspecified denial of service vulnerability exists that allows an authenticated attacker to cause a successful login to loop back to the login page indefinitely. (CVE-2014-0959)

  • An unspecified information disclosure vulnerability exists which allows a remote attacker to gain access to sensitive information. (CVE-2014-3083)

  • An unspecified cross-site scripting vulnerability exists due to improper validation of user-supplied input. An attacker can exploit this issue to execute arbitrary script code in the security context of a user’s browser. (CVE-2014-3102)

  • An information disclosure vulnerability exists due to the returned error codes which an attacker can use to identify devices behind a firewall. (CVE-2014-4746)

  • An unspecified open redirect vulnerability exists that allows an attacker to perform a phishing attack by enticing a user to click on a malicious URL.
    (CVE-2014-4760)

  • An information disclosure vulnerability exists which allows a remote, authenticated attacker to gain access to sensitive information, such as user credentials, through certain HTML pages. (CVE-2014-4761)

  • An unrestricted file upload vulnerability exists which allows a remote, authenticated attacker to upload large files, potentially resulting in a denial of service.
    (CVE-2014-4792)

  • An unspecified vulnerability exists that allows an authenticated attacker to execute arbitrary code on the system. (CVE-2014-4808)

  • A flaw exists due to improper recursion detection during entity expansion. A remote attacker, via a specially crafted XML document, can cause the system to crash, resulting in a denial of service. (CVE-2014-4814)

  • An information disclosure vulnerability exists that allows a remote attacker to identify whether or not a file exists based on the web server error codes.
    (CVE-2014-4821)

  • An unspecified cross-site scripting vulnerability exists that allows a remote, authenticated attacker to execute arbitrary code via a specially crafted URL.
    (CVE-2014-6093)

  • An unspecified reflected cross-site scripting vulnerability exists due to improper validation of user-supplied input. A remote attacker can exploit this flaw using a specially crafted URL to execute arbitrary script code in a user’s web browser within the security context of the hosting website. This allows an attacker to steal a user’s cookie-based authentication credentials. (CVE-2014-6215)

  • An unspecified reflected cross-site scripting vulnerability exists due to improper validation of user-supplied input. A remote attacker can exploit this flaw using a specially crafted URL to execute arbitrary script code in a user’s web browser within the security context of the hosting website. This allows an attacker to steal a user’s cookie-based authentication credentials. (CVE-2014-8909)

  • An unspecified flaw exists that is trigged when handling Portal requests. A remote attacker can exploit this to cause a consumption of CPU resources, resulting in a denial of service condition. (CVE-2015-1943)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(79691);
  script_version("1.19");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/19");

  script_cve_id(
    "CVE-2014-0114",
    "CVE-2014-0910",
    "CVE-2014-0949",
    "CVE-2014-0952",
    "CVE-2014-0953",
    "CVE-2014-0954",
    "CVE-2014-0956",
    "CVE-2014-0959",
    "CVE-2014-3083",
    "CVE-2014-3102",
    "CVE-2014-4746",
    "CVE-2014-4760",
    "CVE-2014-4761",
    "CVE-2014-4792",
    "CVE-2014-4808",
    "CVE-2014-4814",
    "CVE-2014-4821",
    "CVE-2014-6093",
    "CVE-2014-6215",
    "CVE-2014-8909",
    "CVE-2015-1943"
  );
  script_bugtraq_id(
    67121,
    67413,
    67417,
    67418,
    67419,
    67421,
    68011,
    69042,
    69044,
    69045,
    69047,
    69298,
    69734,
    70322,
    70755,
    70757,
    70758,
    71358,
    71728,
    73958
  );

  script_name(english:"IBM WebSphere Portal 7.0.0.x < 7.0.0.2 CF29 Multiple Vulnerabilities");
  script_summary(english:"Checks for the installed patch.");

  script_set_attribute(attribute:"synopsis", value:
"The remote Windows host has web portal software installed that is
affected by multiple vulnerabilities.");
  script_set_attribute(attribute:"description", value:
"The version of IBM WebSphere Portal installed on the remote host is
7.0.0.x prior to 7.0.0.2 CF29. It is, therefore, affected by multiple
vulnerabilities :

  - A remote code execution vulnerability exists in the
    Apache Struts ClassLoader. A remote attacker can exploit
    this issue by manipulating the 'class' parameter of an
    ActionForm object to execute arbitrary code.
    (CVE-2014-0114)

  - A cross-site scripting vulnerability exists which allows
    a remote, authenticated attacker to inject arbitrary
    web script or HTML. (CVE-2014-0910)

  - An unspecified denial of service vulnerability exists
    that allows a remote attacker to crash the host by
    sending a specially crafted web request to cause a
    consumption of resources. (CVE-2014-0949)

  - A cross-site scripting vulnerability exists in the
    'boot_config.jsp' script due to improper validation of
    user-supplied input. An attacker can exploit this issue
    to execute arbitrary script code in the security context
    of a user's browser to steal authentication cookies.
    (CVE-2014-0952)

  - An unspecified cross-site scripting vulnerability exists
    due to improper validation of user-supplied input.
    (CVE-2014-0953)

  - A privilege escalation vulnerability exists in the Web
    Content Viewer portlet due to improper handling of JSP
    includes. A remote attacker can exploit this issue to
    obtain sensitive information, cause a denial of service,
    or control the request dispatcher by sending a specially
    crafted URL request. (CVE-2014-0954)

  - An unspecified cross-site scripting vulnerability exists
    due to improper validation of user-supplied input. An
    attacker can exploit this issue to execute arbitrary
    script code in the security context of a user's web
    browser to steal authentication cookies. (CVE-2014-0956)

  - An unspecified denial of service vulnerability exists
    that allows an authenticated attacker to cause a
    successful login to loop back to the login page
    indefinitely. (CVE-2014-0959)

  - An unspecified information disclosure vulnerability
    exists which allows a remote attacker to gain access to
    sensitive information. (CVE-2014-3083)

  - An unspecified cross-site scripting vulnerability
    exists due to improper validation of user-supplied
    input. An attacker can exploit this issue to execute
    arbitrary script code in the security context of a
    user's browser. (CVE-2014-3102)

  - An information disclosure vulnerability exists due to
    the returned error codes which an attacker can use to
    identify devices behind a firewall. (CVE-2014-4746)

  - An unspecified open redirect vulnerability exists that
    allows an attacker to perform a phishing attack by
    enticing a user to click on a malicious URL.
    (CVE-2014-4760)

  - An information disclosure vulnerability exists which
    allows a remote, authenticated attacker to gain access
    to sensitive information, such as user credentials,
    through certain HTML pages. (CVE-2014-4761)

  - An unrestricted file upload vulnerability exists which
    allows a remote, authenticated attacker to upload large
    files, potentially resulting in a denial of service.
    (CVE-2014-4792)

  - An unspecified vulnerability exists that allows an
    authenticated attacker to execute arbitrary code on the
    system. (CVE-2014-4808)

  - A flaw exists due to improper recursion detection during
    entity expansion. A remote attacker, via a specially
    crafted XML document, can cause the system to crash,
    resulting in a denial of service. (CVE-2014-4814)

  - An information disclosure vulnerability exists that
    allows a remote attacker to identify whether or not a
    file exists based on the web server error codes.
    (CVE-2014-4821)

  - An unspecified cross-site scripting vulnerability exists
    that allows a remote, authenticated attacker to execute
    arbitrary code via a specially crafted URL.
    (CVE-2014-6093)

  - An unspecified reflected cross-site scripting
    vulnerability exists due to improper validation of
    user-supplied input. A remote attacker can exploit this
    flaw using a specially crafted URL to execute arbitrary
    script code in a user's web browser within the security
    context of the hosting website. This allows an attacker
    to steal a user's cookie-based authentication
    credentials. (CVE-2014-6215)

  - An unspecified reflected cross-site scripting
    vulnerability exists due to improper validation of
    user-supplied input. A remote attacker can exploit this
    flaw using a specially crafted URL to execute arbitrary
    script code in a user's web browser within the security
    context of the hosting website. This allows an attacker
    to steal a user's cookie-based authentication
    credentials. (CVE-2014-8909)

  - An unspecified flaw exists that is trigged when handling
    Portal requests. A remote attacker can exploit this to
    cause a consumption of CPU resources, resulting in a
    denial of service condition. (CVE-2015-1943)");
  script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21672572");
  # http://www-01.ibm.com/support/docview.wss?uid=swg24029452#CF029
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2a808243");
  script_set_attribute(attribute:"solution", value:
"Upgrade to IBM WebSphere Portal 7.0.0.2 Cumulative Fix 29 (CF29) or
later.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");

  script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Apache Struts ClassLoader Manipulation Remote Code Execution');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/29");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/11/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/03");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_portal");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("websphere_portal_installed.nbin");
  script_require_keys("installed_sw/IBM WebSphere Portal");

  exit(0);
}

include("websphere_portal_version.inc");

websphere_portal_check_version(
  ranges:make_list("7.0.0.0, 7.0.0.2"),
  fix:"CF29",
  severity:SECURITY_HOLE,
  xss:TRUE
);
VendorProductVersionCPE
ibmwebsphere_portalcpe:/a:ibm:websphere_portal

References

Related

nessus 39
prion 24
cve 23
ibm 65
exploitpack 1
packetstorm 2
zdt 1
openvas 12
securityvulns 2
redhat 6
debian 2
ubuntucve 1
oraclelinux 2
suse 1
fedora 1
mageia 1
checkpoint_advisories 1
osv 4
centos 1
jvn 2
f5 2
debiancve 1
github 1
gentoo 1
exploitdb 1
redhatcve 1
ubuntu 1
nessus
nessus
IBM WebSphere Portal 6.1.5.x < 6.1.5.3 CF27 Multiple Vulnerabilities
2014-10-30 00:00:00
IBM WebSphere Portal 6.1.0.x < 6.1.0.6 CF27 Multiple Vulnerabilities
2014-10-30 00:00:00
IBM WebSphere Portal 8.5.0 < 8.5.0 CF02 Multiple Vulnerabilities
2014-11-12 00:00:00
prion
prion
Design/Logic Flaw
2014-08-12 05:01:00
Cross site scripting
2014-12-11 23:59:00
Cross site scripting
2014-11-26 02:59:00
cve
cve
CVE-2014-4746
2014-08-12 05:01:00
CVE-2014-8909
2015-02-13 02:59:00
CVE-2014-6215
2014-12-11 23:59:00
ibm
ibm
Security Bulletin: varying error codes allows detection of existing systems behind firewall
2018-06-15 07:02:14
Security Bulletin: Security vulnerabilities have been identified in IBM WebSphere Enterprise Service Bus shipped with WebSphere Remote Server (CVE-2014-4746)
2018-06-15 07:02:45
Security Bulletin: Security Vulnerability in Portlet Container
2020-02-05 00:09:48
exploitpack
exploitpack
IBM Websphere Portal - Persistent Cross-Site Scripting
2015-05-07 00:00:00
packetstorm
packetstorm
IBM WebSphere Portal 7.0 / 6.1.5 / 6.1.0 Cross Site Scripting
2015-05-07 00:00:00
OSCAR EMR 15.21beta361 XSS / Disclosure / CSRF / Insecure Direct Object Reference
2018-08-23 00:00:00
zdt
zdt
IBM WebSphere Portal Stored Cross-Site Scripting Vulnerability
2015-05-24 00:00:00
openvas
openvas
IBM Websphere Application Server Information Disclosure Vulnerability-03 (Mar 2016)
2016-03-03 00:00:00
RedHat Update for struts RHSA-2014:0474-01
2014-05-12 00:00:00
RedHat Update for struts RHSA-2014:0474-01
2014-05-12 00:00:00
securityvulns
securityvulns
Apache commons-beanutils code exeuction
2014-06-17 00:00:00
[oss-security] CVE request for commons-beanutils: &#39;class&#39; property is exposed, potentially leading to RCE
2014-06-17 00:00:00
redhat
redhat
(RHSA-2014:0500) Important: struts security update
2014-05-14 00:00:00
(RHSA-2014:0474) Important: struts security update
2014-05-07 00:00:00
(RHSA-2014:0497) Important: Red Hat JBoss Fuse 6.1.0 security update
2014-05-14 18:02:20
debian
debian
[SECURITY] [DSA 2940-1] libstruts1.2-java security update
2014-08-21 06:39:48
[SECURITY] [DLA 57-1] libstruts1.2-java security update
2014-09-17 12:59:07
ubuntucve
ubuntucve
CVE-2014-0114
2014-04-30 00:00:00
oraclelinux
oraclelinux
struts security update
2014-05-06 00:00:00
apache-commons-beanutils security update
2020-01-22 00:00:00
suse
suse
Security update for struts (important)
2014-07-16 01:10:20
fedora
fedora
[SECURITY] Fedora 20 Update: struts-1.3.10-10.fc20
2014-08-23 02:00:36
mageia
mageia
Updated struts packages fix CVE-2014-0114
2014-05-15 02:13:20
checkpoint_advisories
checkpoint_advisories
Apache Struts ActionForm ClassLoader Security Bypass (CVE-2014-0114)
2014-05-18 00:00:00
osv
osv
Arbitrary code execution in Apache Commons BeanUtils
2020-06-10 23:38:01
libstruts1.2-java - security update
2014-08-21 00:00:00
libstruts1.2-java - security update
2014-09-17 00:00:00
centos
centos
struts security update
2014-05-07 14:04:43
jvn
jvn
JVN#30962312: TERASOLUNA Server Framework for Java(Web) vulnerable to ClassLoader manipulation
2014-06-17 00:00:00
JVN#19118282: Seasar S2Struts vulnerable to ClassLoader manipulation
2014-07-15 00:00:00
f5
f5
K15282 : Apache Struts vulnerability CVE-2014-0114
2014-10-20 00:00:00
SOL15282 - Apache Struts vulnerability CVE-2014-0114
2014-05-19 00:00:00
debiancve
debiancve
CVE-2014-0114
2014-04-30 10:49:00
github
github
Arbitrary code execution in Apache Commons BeanUtils
2020-06-10 23:38:01
gentoo
gentoo
Commons-BeanUtils: Arbitrary code execution
2016-07-20 00:00:00
exploitdb
exploitdb
IBM Websphere Portal - Persistent Cross-Site Scripting
2015-05-07 00:00:00
redhatcve
redhatcve
CVE-2019-3834
2019-10-02 20:20:56
ubuntu
ubuntu
Apache Commons BeanUtils vulnerabilities
2021-03-15 00:00:00
JSON
Related for WEBSPHERE_PORTAL_7_0_0_2_CF29.NASL
nessus39prion24cve23ibm65exploitpack1packetstorm2zdt1openvas12securityvulns2redhat6debian2ubuntucve1oraclelinux2suse1fedora1mageia1checkpoint_advisories1osv4centos1jvn2f52debiancve1github1gentoo1exploitdb1redhatcve1ubuntu1