Vulnerabilities > CVE-2015-1921 - Open Redirection vulnerability in IBM Websphere Portal 8.0.0.0/8.0.0.1/8.5.0.0

047910
CVSS 6.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
ibm
nessus

Summary

Open redirect vulnerability in IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF17 and 8.5.0 before CF06 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. <a href="http://cwe.mitre.org/data/definitions/601.html">CWE-601: URL Redirection to Untrusted Site ('Open Redirect')</a>

Vulnerable Configurations

Part Description Count
Application
Ibm
3

Nessus

  • NASL familyCGI abuses
    NASL idWEBSPHERE_PORTAL_8_5_0_0_CF06.NASL
    descriptionThe version of IBM WebSphere Portal installed on the remote host is 8.5.0 prior to 8.5.0 CF06. It is, therefore, affected by multiple vulnerabilities : - An buffer overflow flaw exists in the Outside In Filters subcomponent due to
    last seen2020-06-01
    modified2020-06-02
    plugin id83872
    published2015-05-28
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/83872
    titleIBM WebSphere Portal 8.5.0 < 8.5.0 CF06 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(83872);
      script_version("1.12");
      script_cvs_date("Date: 2019/11/22");
    
      script_cve_id(
        "CVE-2015-0493",
        "CVE-2015-1886",
        "CVE-2015-1899",
        "CVE-2015-1908",
        "CVE-2015-1917",
        "CVE-2015-1921",
        "CVE-2015-1943",
        "CVE-2015-1944"
      );
      script_bugtraq_id(
        74134,
        74173,
        74216,
        74218,
        74705
      );
      script_xref(name:"EDB-ID", value:"36788");
    
      script_name(english:"IBM WebSphere Portal 8.5.0 < 8.5.0 CF06 Multiple Vulnerabilities");
      script_summary(english:"Checks for the installed patch.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host has web portal software installed that is
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of IBM WebSphere Portal installed on the remote host is
    8.5.0 prior to 8.5.0 CF06. It is, therefore, affected by multiple
    vulnerabilities :
    
      - An buffer overflow flaw exists in the Outside In Filters
        subcomponent due to 'ibpsd2.dll' not properly validating
        user-supplied input in PSD files. An attacker can
        exploit this to cause a denial of service or possibly
        execute arbitrary code. (CVE-2015-0493)
    
      - An unspecified flaw exists in the Remote Document
        Conversion Service (DCS) that allows a remote attacker
        to cause a denial of service. (CVE-2015-1886)
    
      - A flaw exists when handling a specially crafted request
        that allows a remote attacker to use too many available
        resources, resulting in a denial of service.
        (CVE-2015-1899)
    
      - A flaw exists that allows a reflected cross-site
        scripting attack due to a failure to validate input
        before returning it back to the user. A remote attacker,
        using a crafted URL, can exploit this to execute code
        or HTML within the user's browser. (CVE-2015-1908,
        CVE-2015-1944)
    
      - A cross-site scripting vulnerability exists in the
        Active Content Filtering component due to improperly
        validating user-supplied input. A remote attacker can
        exploit this by creating a specially crafted URL
        designed to execute script code in the victim's web
        browser. (CVE-2015-1917)
    
      - A flaw exists that allows a cross-site redirection
        attack due to a failure to validate certain unspecified
        input before returning it to the user. An attacker,
        using specially crafted URL, can exploit this to
        redirect victims to a website of the attacker's own
        choosing. (CVE-2015-1921)
    
      - An unspecified flaw exists that is trigged when handling
        Portal requests. A remote attacker can exploit this to
        cause a consumption of CPU resources, resulting in a
        denial of service condition. (CVE-2015-1943)");
      script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg24037786");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to IBM WebSphere Portal 8.5.0 Cumulative Fix 06 (CF06) or
    later. Refer to the IBM advisory for more information.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-1921");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/04/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/05/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/28");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_portal");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"CGI abuses");
    
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("websphere_portal_installed.nbin");
      script_require_keys("installed_sw/IBM WebSphere Portal");
    
      exit(0);
    }
    
    include("websphere_portal_version.inc");
    
    websphere_portal_check_version(
      ranges:make_list("8.5.0.0, 8.5.0.0"),
      fix:"CF06",
      severity:SECURITY_WARNING,
      xss:TRUE
    );
    
  • NASL familyCGI abuses
    NASL idWEBSPHERE_PORTAL_CVE-2015-1921.NASL
    descriptionThe version of IBM WebSphere Portal installed on the Windows remote host is affected by an unspecified open redirect vulnerability due to improper validation of user-supplied input. A remote attacker, using a specially crafted URL, can exploit this flaw to redirect a victim to an arbitrary website.
    last seen2020-06-01
    modified2020-06-02
    plugin id83873
    published2015-05-28
    reporterThis script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/83873
    titleIBM WebSphere Portal Unspecified Open Redirect (PI38632)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(83873);
      script_version("1.4");
      script_cvs_date("Date: 2018/08/06 14:03:14");
    
      script_cve_id("CVE-2015-1921");
      script_bugtraq_id(74705);
    
      script_name(english:"IBM WebSphere Portal Unspecified Open Redirect (PI38632)");
      script_summary(english:"Checks for installed patches.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host has web portal software installed that is
    affected by an open redirect vulnerability.");
      script_set_attribute(attribute:"description", value:
    "The version of IBM WebSphere Portal installed on the Windows remote
    host is affected by an unspecified open redirect vulnerability due to
    improper validation of user-supplied input. A remote attacker, using a
    specially crafted URL, can exploit this flaw to redirect a victim to
    an arbitrary website.");
      script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg21884060");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to IBM WebSphere Portal 8.5.0 CF06 / 8.0.0.1 CF16 with interim
    fix PI38632.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/05/15");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/05/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/05/28");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_portal");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"CGI abuses");
    
      script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.");
    
      script_dependencies("websphere_portal_installed.nbin");
      script_require_keys("installed_sw/IBM WebSphere Portal");
    
      exit(0);
    }
    
    include("websphere_portal_version.inc");
    
    websphere_portal_check_version(
      ranges:make_list(
        "8.0.0.0, 8.0.0.1, CF16"
      ),
      fix:"PI38632",
      severity:SECURITY_WARNING
    );
    
  • NASL familyCGI abuses
    NASL idWEBSPHERE_PORTAL_8_0_0_1_CF17.NASL
    descriptionThe version of IBM WebSphere Portal installed on the remote host is 8.0.0.x prior to 8.0.0.1 CF17. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists in the Outside In Filters subcomponent. An attacker, using a specially crafted DOCX file, can exploit this to corrupt memory, resulting in a denial of service or the execution of arbitrary code. (CVE-2015-0474) - An buffer overflow flaw exists in the Outside In Filters subcomponent due to
    last seen2020-06-01
    modified2020-06-02
    plugin id84571
    published2015-07-07
    reporterThis script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/84571
    titleIBM WebSphere Portal 8.0.0.x < 8.0.0.1 CF17 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(84571);
      script_version("1.8");
      script_cvs_date("Date: 2019/11/22");
    
      script_cve_id(
        "CVE-2015-0474",
        "CVE-2015-0493",
        "CVE-2015-1887",
        "CVE-2015-1917",
        "CVE-2015-1921",
        "CVE-2015-1944"
      );
      script_bugtraq_id(74134, 74139, 74705);
      script_xref(name:"EDB-ID", value:"36788");
    
      script_name(english:"IBM WebSphere Portal 8.0.0.x < 8.0.0.1 CF17 Multiple Vulnerabilities");
      script_summary(english:"Checks for the installed patch.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote Windows host has web portal software installed that is
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of IBM WebSphere Portal installed on the remote host is
    8.0.0.x prior to 8.0.0.1 CF17. It is, therefore, affected by multiple
    vulnerabilities :
    
      - An unspecified flaw exists in the Outside In Filters
        subcomponent. An attacker, using a specially crafted
        DOCX file, can exploit this to corrupt memory, resulting
        in a denial of service or the execution of arbitrary
        code. (CVE-2015-0474)
    
      - An buffer overflow flaw exists in the Outside In Filters
        subcomponent due to 'ibpsd2.dll' not properly validating
        user-supplied input in PSD files. An attacker can
        exploit this to cause a denial of service or possibly
        execute arbitrary code. (CVE-2015-0493)
    
      - A flaw exists in the access control enforcement of the
        JCR component that allows a remote, unauthenticated
        attacker, using a specially crafted request, to gain
        access to potentially sensitive information.
        (CVE-2015-1887)
    
      - A cross-site scripting vulnerability exists in the
        Active Content Filtering component due to improperly
        validating user-supplied input. A remote attacker can
        exploit this by creating a specially crafted URL
        designed to execute script code in the victim's web
        browser. (CVE-2015-1917)
    
      - A flaw exists that allows a cross-site redirection
        attack due to a failure to validate certain unspecified
        input before returning it to the user. An attacker,
        using specially crafted URL, can exploit this to
        redirect victims to a website of the attacker's own
        choosing. (CVE-2015-1921)
        
      - A flaw exists that allows a reflected cross-site
        scripting attack due to a failure to validate input
        before returning it back to the user. A remote attacker,
        using a crafted URL, can exploit this to execute code
        or HTML within the user's browser. (CVE-2015-1944)");
      script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg24034497#CF17");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to IBM WebSphere Portal 8.0.0.1 Cumulative Fix 17 (CF17) or
    later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/04/14");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/06/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2015/07/07");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_portal");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"CGI abuses");
    
      script_copyright(english:"This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("websphere_portal_installed.nbin");
      script_require_keys("installed_sw/IBM WebSphere Portal");
    
      exit(0);
    }
    
    include("websphere_portal_version.inc");
    
    websphere_portal_check_version(
      ranges:make_list("8.0.0.0, 8.0.0.1"),
      fix:"CF17",
      severity:SECURITY_WARNING,
      xss:TRUE
    );