Design/Logic Flaw

2014-05-2211:14:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.8%

JSON

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 does not validate JSP includes, which allows remote attackers to obtain sensitive information, bypass intended request-dispatcher access restrictions, or cause a denial of service (memory consumption) via a crafted URL.

CPENameOperatorVersion
websphere_portaleq7.0.0.1
websphere_portaleq7.0.0.2 cf26
websphere_portaleq7.0.0.2 cf27
websphere_portaleq6.1.5.3 cf27
websphere_portaleq8.0.0.1 cf8
websphere_portaleq8.0.0.1
websphere_portaleq7.0.0.2 cf23
websphere_portaleq7.0.0.1 cf4
websphere_portaleq7.0.0.0
websphere_portaleq8.0.0.0

Name	Operator	Version
websphere_portal	eq	7.0.0.1
websphere_portal	eq	7.0.0.2 cf26
websphere_portal	eq	7.0.0.2 cf27
websphere_portal	eq	6.1.5.3 cf27
websphere_portal	eq	8.0.0.1 cf8
websphere_portal	eq	8.0.0.1
websphere_portal	eq	7.0.0.2 cf23
websphere_portal	eq	7.0.0.1 cf4
websphere_portal	eq	7.0.0.0
websphere_portal	eq	8.0.0.0