Vulnerabilities > CVE-2014-0949 - Resource Management Errors vulnerability in IBM Websphere Portal

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
ibm
CWE-399
nessus

Summary

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to cause a denial of service (resource consumption and daemon crash) via a crafted web request.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyCGI abuses
    NASL idWEBSPHERE_PORTAL_CVE-2014-0949.NASL
    descriptionThe version of IBM WebSphere Portal on the remote host is affected by an unspecified denial of service vulnerability that allows a remote attacker to crash the host by sending a specially crafted web request.
    last seen2020-06-01
    modified2020-06-02
    plugin id74157
    published2014-05-23
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74157
    titleIBM WebSphere Portal Unspecified DoS (PI15692)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(74157);
      script_version("1.7");
      script_cvs_date("Date: 2019/11/26");
    
      script_cve_id("CVE-2014-0949");
      script_bugtraq_id(67413);
    
      script_name(english:"IBM WebSphere Portal Unspecified DoS (PI15692)");
      script_summary(english:"Checks for installed patches.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host has web portal software installed that is
    affected by a denial of service vulnerability.");
      script_set_attribute(attribute:"description", value:
    "The version of IBM WebSphere Portal on the remote host is affected by
    an unspecified denial of service vulnerability that allows a remote
    attacker to crash the host by sending a specially crafted web request.");
      script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21672572");
      # https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_fixes_available_for_security_vulnerabilities_in_ibm_websphere_portal_multiple_cves?lang=en_us
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4e5ca5ae");
      script_set_attribute(attribute:"see_also", value:"http://xforce.iss.net/xforce/xfdb/92622");
      script_set_attribute(attribute:"solution", value:
    "IBM has published Interim Fix PI15692. Refer to IBM's advisory for
    more information.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-0949");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/05/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/05/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/23");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_portal");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"CGI abuses");
    
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("websphere_portal_installed.nbin");
      script_require_keys("installed_sw/IBM WebSphere Portal");
    
      exit(0);
    }
    
    include("websphere_portal_version.inc");
    
    websphere_portal_check_version(
      ranges:make_list(
        "6.1.0.0, 6.1.0.6, CF27",
        "6.1.5.0, 6.1.5.3, CF27",
        "7.0.0.0, 7.0.0.2, CF28"
      ),
      fix:"PI15692",
      severity:SECURITY_WARNING
    );
    
  • NASL familyCGI abuses
    NASL idWEBSPHERE_PORTAL_7_0_0_2_CF29.NASL
    descriptionThe version of IBM WebSphere Portal installed on the remote host is 7.0.0.x prior to 7.0.0.2 CF29. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the Apache Struts ClassLoader. A remote attacker can exploit this issue by manipulating the
    last seen2020-06-01
    modified2020-06-02
    plugin id79691
    published2014-12-03
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79691
    titleIBM WebSphere Portal 7.0.0.x < 7.0.0.2 CF29 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(79691);
      script_version("1.18");
      script_cvs_date("Date: 2019/11/25");
    
      script_cve_id(
        "CVE-2014-0114",
        "CVE-2014-0910",
        "CVE-2014-0949",
        "CVE-2014-0952",
        "CVE-2014-0953",
        "CVE-2014-0954",
        "CVE-2014-0956",
        "CVE-2014-0959",
        "CVE-2014-3083",
        "CVE-2014-3102",
        "CVE-2014-4746",
        "CVE-2014-4760",
        "CVE-2014-4761",
        "CVE-2014-4792",
        "CVE-2014-4808",
        "CVE-2014-4814",
        "CVE-2014-4821",
        "CVE-2014-6093",
        "CVE-2014-6215",
        "CVE-2014-8909",
        "CVE-2015-1943"
      );
      script_bugtraq_id(
        67121,
        67413,
        67417,
        67418,
        67419,
        67421,
        68011,
        69042,
        69044,
        69045,
        69047,
        69298,
        69734,
        70322,
        70755,
        70757,
        70758,
        71358,
        71728,
        73958
      );
    
      script_name(english:"IBM WebSphere Portal 7.0.0.x < 7.0.0.2 CF29 Multiple Vulnerabilities");
      script_summary(english:"Checks for the installed patch.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host has web portal software installed that is
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of IBM WebSphere Portal installed on the remote host is
    7.0.0.x prior to 7.0.0.2 CF29. It is, therefore, affected by multiple
    vulnerabilities :
    
      - A remote code execution vulnerability exists in the
        Apache Struts ClassLoader. A remote attacker can exploit
        this issue by manipulating the 'class' parameter of an
        ActionForm object to execute arbitrary code.
        (CVE-2014-0114)
    
      - A cross-site scripting vulnerability exists which allows
        a remote, authenticated attacker to inject arbitrary
        web script or HTML. (CVE-2014-0910)
    
      - An unspecified denial of service vulnerability exists
        that allows a remote attacker to crash the host by
        sending a specially crafted web request to cause a
        consumption of resources. (CVE-2014-0949)
    
      - A cross-site scripting vulnerability exists in the
        'boot_config.jsp' script due to improper validation of
        user-supplied input. An attacker can exploit this issue
        to execute arbitrary script code in the security context
        of a user's browser to steal authentication cookies.
        (CVE-2014-0952)
    
      - An unspecified cross-site scripting vulnerability exists
        due to improper validation of user-supplied input.
        (CVE-2014-0953)
    
      - A privilege escalation vulnerability exists in the Web
        Content Viewer portlet due to improper handling of JSP
        includes. A remote attacker can exploit this issue to
        obtain sensitive information, cause a denial of service,
        or control the request dispatcher by sending a specially
        crafted URL request. (CVE-2014-0954)
    
      - An unspecified cross-site scripting vulnerability exists
        due to improper validation of user-supplied input. An
        attacker can exploit this issue to execute arbitrary
        script code in the security context of a user's web
        browser to steal authentication cookies. (CVE-2014-0956)
    
      - An unspecified denial of service vulnerability exists
        that allows an authenticated attacker to cause a
        successful login to loop back to the login page
        indefinitely. (CVE-2014-0959)
    
      - An unspecified information disclosure vulnerability
        exists which allows a remote attacker to gain access to
        sensitive information. (CVE-2014-3083)
    
      - An unspecified cross-site scripting vulnerability
        exists due to improper validation of user-supplied
        input. An attacker can exploit this issue to execute
        arbitrary script code in the security context of a
        user's browser. (CVE-2014-3102)
    
      - An information disclosure vulnerability exists due to
        the returned error codes which an attacker can use to
        identify devices behind a firewall. (CVE-2014-4746)
    
      - An unspecified open redirect vulnerability exists that
        allows an attacker to perform a phishing attack by
        enticing a user to click on a malicious URL.
        (CVE-2014-4760)
    
      - An information disclosure vulnerability exists which
        allows a remote, authenticated attacker to gain access
        to sensitive information, such as user credentials,
        through certain HTML pages. (CVE-2014-4761)
    
      - An unrestricted file upload vulnerability exists which
        allows a remote, authenticated attacker to upload large
        files, potentially resulting in a denial of service.
        (CVE-2014-4792)
    
      - An unspecified vulnerability exists that allows an
        authenticated attacker to execute arbitrary code on the
        system. (CVE-2014-4808)
    
      - A flaw exists due to improper recursion detection during
        entity expansion. A remote attacker, via a specially
        crafted XML document, can cause the system to crash,
        resulting in a denial of service. (CVE-2014-4814)
    
      - An information disclosure vulnerability exists that
        allows a remote attacker to identify whether or not a
        file exists based on the web server error codes.
        (CVE-2014-4821)
    
      - An unspecified cross-site scripting vulnerability exists
        that allows a remote, authenticated attacker to execute
        arbitrary code via a specially crafted URL.
        (CVE-2014-6093)
    
      - An unspecified reflected cross-site scripting
        vulnerability exists due to improper validation of
        user-supplied input. A remote attacker can exploit this
        flaw using a specially crafted URL to execute arbitrary
        script code in a user's web browser within the security
        context of the hosting website. This allows an attacker
        to steal a user's cookie-based authentication
        credentials. (CVE-2014-6215)
    
      - An unspecified reflected cross-site scripting
        vulnerability exists due to improper validation of
        user-supplied input. A remote attacker can exploit this
        flaw using a specially crafted URL to execute arbitrary
        script code in a user's web browser within the security
        context of the hosting website. This allows an attacker
        to steal a user's cookie-based authentication
        credentials. (CVE-2014-8909)
    
      - An unspecified flaw exists that is trigged when handling
        Portal requests. A remote attacker can exploit this to
        cause a consumption of CPU resources, resulting in a
        denial of service condition. (CVE-2015-1943)");
      script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21672572");
      # http://www-01.ibm.com/support/docview.wss?uid=swg24029452#CF029
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2a808243");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to IBM WebSphere Portal 7.0.0.2 Cumulative Fix 29 (CF29) or
    later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Apache Struts ClassLoader Manipulation Remote Code Execution');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/04/29");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/11/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/03");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_portal");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"CGI abuses");
    
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("websphere_portal_installed.nbin");
      script_require_keys("installed_sw/IBM WebSphere Portal");
    
      exit(0);
    }
    
    include("websphere_portal_version.inc");
    
    websphere_portal_check_version(
      ranges:make_list("7.0.0.0, 7.0.0.2"),
      fix:"CF29",
      severity:SECURITY_HOLE,
      xss:TRUE
    );
    
  • NASL familyCGI abuses
    NASL idWEBSPHERE_PORTAL_7_0_0_2_CF28.NASL
    descriptionThe version of IBM WebSphere Portal installed on the remote host is affected by multiple vulnerabilities : - An unspecified denial of service vulnerability exists that allows a remote attacker to crash the host by sending a specially crafted web request. (CVE-2014-0949) - A cross-site scripting (XSS) vulnerability exists in the
    last seen2020-06-01
    modified2020-06-02
    plugin id74155
    published2014-05-23
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/74155
    titleIBM WebSphere Portal 7.0.0.x < 7.0.0.2 CF28 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(74155);
      script_version("1.11");
      script_cvs_date("Date: 2018/08/06 14:03:14");
    
      script_cve_id("CVE-2014-0949", "CVE-2014-0951", "CVE-2014-0958");
      script_bugtraq_id(67412, 67413, 67414);
    
      script_name(english:"IBM WebSphere Portal 7.0.0.x < 7.0.0.2 CF28 Multiple Vulnerabilities");
      script_summary(english:"Checks for the installed patch.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host has web portal software installed that is
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of IBM WebSphere Portal installed on the remote host is
    affected by multiple vulnerabilities :
    
      - An unspecified denial of service vulnerability exists
        that allows a remote attacker to crash the host by
        sending a specially crafted web request. (CVE-2014-0949)
    
      - A cross-site scripting (XSS) vulnerability exists in the
        'FilterForm.jsp' script due to improper user input
        validation. An attacker can exploit the vulnerability to
        execute code in the security context of a user's browser
        to steal authentication cookies. (CVE-2014-0951)
    
      - An unspecified open redirect vulnerability exists that
        allows an attacker to perform a phishing attack by
        enticing a user to click on a malicious URL.
        (CVE-2014-0958)");
      script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21672572");
      # https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_fixes_available_for_security_vulnerabilities_in_ibm_websphere_portal_multiple_cves?lang=en_us
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4e5ca5ae");
      script_set_attribute(attribute:"see_also", value:"http://xforce.iss.net/xforce/xfdb/92624");
      script_set_attribute(attribute:"see_also", value:"http://xforce.iss.net/xforce/xfdb/92739");
      script_set_attribute(attribute:"solution", value:
    "IBM has published a cumulative fix (CF28) for WebSphere Portal
    7.0.0.2. Refer to IBM's advisory for more information.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
      script_set_attribute(attribute:"exploit_available", value:"false");
      script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/05/13");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/04/24");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/23");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_portal");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"CGI abuses");
    
      script_copyright(english:"This script is Copyright (C) 2014-2018 Tenable Network Security, Inc.");
    
      script_dependencies("websphere_portal_installed.nbin");
      script_require_keys("installed_sw/IBM WebSphere Portal");
    
      exit(0);
    }
    
    include("websphere_portal_version.inc");
    
    websphere_portal_check_version(
      ranges:make_list("7.0.0.0, 7.0.0.2"),
      fix:"CF28",
      severity:SECURITY_WARNING,
      xss:TRUE
    );
    
  • NASL familyCGI abuses
    NASL idWEBSPHERE_PORTAL_8_0_0_1_CF12.NASL
    descriptionThe version of IBM WebSphere Portal on the remote host is affected by multiple vulnerabilities : - A denial of service vulnerability exists in the Apache Commons FileUpload library that allows an attacker to cause the application to enter an infinite loop. (CVE-2014-0050) - An unspecified denial of service vulnerability exists that allows a remote attacker to crash the host by sending a specially crafted web request. (CVE-2014-0949) - A cross-site scripting (XSS) vulnerability exists in the
    last seen2020-06-01
    modified2020-06-02
    plugin id74156
    published2014-05-23
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/74156
    titleIBM WebSphere Portal 8.x < 8.0.0.1 CF12 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(74156);
      script_version("1.12");
      script_cvs_date("Date: 2019/11/26");
    
      script_cve_id(
        "CVE-2014-0050",
        "CVE-2014-0949",
        "CVE-2014-0951",
        "CVE-2014-0952",
        "CVE-2014-0953",
        "CVE-2014-0954",
        "CVE-2014-0955",
        "CVE-2014-0956",
        "CVE-2014-0958",
        "CVE-2014-0959"
      );
      script_bugtraq_id(
        65400,
        67412,
        67413,
        67414,
        67415,
        67417,
        67418,
        67419,
        67421,
        69042
      );
      script_xref(name:"EDB-ID", value:"31615");
    
      script_name(english:"IBM WebSphere Portal 8.x < 8.0.0.1 CF12 Multiple Vulnerabilities");
      script_summary(english:"Checks for installed patches.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host has web portal software installed that is
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of IBM WebSphere Portal on the remote host is affected by
    multiple vulnerabilities :
    
      - A denial of service vulnerability exists in the Apache
        Commons FileUpload library that allows an attacker to
        cause the application to enter an infinite loop.
        (CVE-2014-0050)
    
      - An unspecified denial of service vulnerability exists
        that allows a remote attacker to crash the host by
        sending a specially crafted web request.
        (CVE-2014-0949)
    
      - A cross-site scripting (XSS) vulnerability exists in the
        'FilterForm.jsp' script due to improper user input
        validation. (CVE-2014-0951)
    
      - An XSS vulnerability exists in the 'boot_config.jsp'
        script due to improper user input validation.
        (CVE-2014-0952)
    
      - An unspecified XSS vulnerability exists due to improper
        validation of user input. (CVE-2014-0953)
    
      - A privilege escalation vulnerability exists in the Web
        Content Viewer portlet due to improper handling of JSP
        includes. A remote attacker can exploit this issue to
        obtain sensitive information, cause a denial of service,
        or control the request dispatcher by sending a specially
        crafted URL request. (CVE-2014-0954)
    
      - An XSS vulnerability exists in the Social Rendering
        feature due to improper validation of user input. Note
        that this only affects installs using IBM Connections
        with the Social Rendering feature. (CVE-2014-0955)
    
      - An unspecified XSS vulnerability exists due to improper
        validation of user input in a JSP script.
        (CVE-2014-0956)
    
      - An unspecified open redirect vulnerability exists that
        allows an attacker to perform a phishing attack by
        enticing a user to click on a malicious URL.
        (CVE-2014-0958)
    
      - An unspecified denial of service vulnerability exists
        that allows an authenticated attacker to cause a
        successful login to loop back to the login page
        indefinitely. (CVE-2014-0959)
    
    An attacker can exploit the XSS vulnerabilities to execute code in the
    security context of a user's browser in order to steal authentication
    cookies.");
      script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21672572");
      # https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_fixes_available_for_vulnerability_in_apache_commons_fileupload_contained_in_ibm_websphere_portal_cve_2014_0050?lang=en_us
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?12fd87aa");
      script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21672575");
      # https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_fixes_available_for_security_vulnerabilities_in_ibm_websphere_portal_multiple_cves?lang=en_us
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4e5ca5ae");
      script_set_attribute(attribute:"see_also", value:"https://www-304.ibm.com/support/docview.wss?uid=swg21680230");
      # https://www-304.ibm.com/connections/blogs/PSIRT/entry/ibm_security_bulletin_fixes_available_for_security_vulnerabilities_in_ibm_websphere_portal_multiple_cves1?lang=en_us
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ad660435");
      script_set_attribute(attribute:"see_also", value:"http://xforce.iss.net/xforce/xfdb/92622");
      script_set_attribute(attribute:"see_also", value:"http://xforce.iss.net/xforce/xfdb/92624");
      script_set_attribute(attribute:"see_also", value:"http://xforce.iss.net/xforce/xfdb/92625");
      script_set_attribute(attribute:"see_also", value:"http://web.archive.org/web/20140903072727/http://xforce.iss.net:80/xforce/xfdb/92626");
      script_set_attribute(attribute:"see_also", value:"http://xforce.iss.net/xforce/xfdb/92627");
      script_set_attribute(attribute:"see_also", value:"http://xforce.iss.net/xforce/xfdb/92628");
      script_set_attribute(attribute:"see_also", value:"http://xforce.iss.net/xforce/xfdb/92629");
      script_set_attribute(attribute:"see_also", value:"http://xforce.iss.net/xforce/xfdb/92739");
      script_set_attribute(attribute:"see_also", value:"http://xforce.iss.net/xforce/xfdb/92741");
      script_set_attribute(attribute:"solution", value:
    "IBM has published a cumulative fix for WebSphere Portal 8.0.0.1
    (CF12). Refer to IBM's advisory for more information.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2014/02/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2014/05/13");
      script_set_attribute(attribute:"plugin_publication_date", value:"2014/05/23");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_portal");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"CGI abuses");
    
      script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("websphere_portal_installed.nbin");
      script_require_keys("installed_sw/IBM WebSphere Portal");
    
      exit(0);
    }
    
    include("websphere_portal_version.inc");
    
    websphere_portal_check_version(
      ranges:make_list("8.0.0.0, 8.0.0.1"),
      fix:"CF12",
      severity:SECURITY_HOLE,
      xss:TRUE
    );