Vulnerabilities > CVE-2015-1943 - Resource Management Errors vulnerability in IBM Websphere Portal
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 CF17, and 8.5.0 before CF06 allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted request.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family CGI abuses NASL id WEBSPHERE_PORTAL_6_1_0_6_CF27.NASL description The version of IBM WebSphere Portal installed on the remote host is 6.1.0.x prior 6.1.0.6 CF27. It is, therefore, affected by multiple vulnerabilities : - A cross-site scripting vulnerability exists in the last seen 2020-06-01 modified 2020-06-02 plugin id 78739 published 2014-10-30 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/78739 title IBM WebSphere Portal 6.1.0.x < 6.1.0.6 CF27 Multiple Vulnerabilities NASL family CGI abuses NASL id WEBSPHERE_PORTAL_8_5_0_0_CF06.NASL description The version of IBM WebSphere Portal installed on the remote host is 8.5.0 prior to 8.5.0 CF06. It is, therefore, affected by multiple vulnerabilities : - An buffer overflow flaw exists in the Outside In Filters subcomponent due to last seen 2020-06-01 modified 2020-06-02 plugin id 83872 published 2015-05-28 reporter This script is Copyright (C) 2015-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/83872 title IBM WebSphere Portal 8.5.0 < 8.5.0 CF06 Multiple Vulnerabilities NASL family CGI abuses NASL id WEBSPHERE_PORTAL_6_1_5_3_CF27.NASL description The version of IBM WebSphere Portal installed on the remote host is 6.1.5.x prior to 6.1.5.3 CF27. It is, therefore, affected by multiple vulnerabilities : - A cross-site scripting vulnerability exists in the last seen 2020-06-01 modified 2020-06-02 plugin id 78740 published 2014-10-30 reporter This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/78740 title IBM WebSphere Portal 6.1.5.x < 6.1.5.3 CF27 Multiple Vulnerabilities NASL family CGI abuses NASL id WEBSPHERE_PORTAL_7_0_0_2_CF29.NASL description The version of IBM WebSphere Portal installed on the remote host is 7.0.0.x prior to 7.0.0.2 CF29. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the Apache Struts ClassLoader. A remote attacker can exploit this issue by manipulating the last seen 2020-06-01 modified 2020-06-02 plugin id 79691 published 2014-12-03 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/79691 title IBM WebSphere Portal 7.0.0.x < 7.0.0.2 CF29 Multiple Vulnerabilities
References
- http://www.securitytracker.com/id/1033444
- http://www.securitytracker.com/id/1033444
- http://www-01.ibm.com/support/docview.wss?uid=swg1PI39617
- http://www-01.ibm.com/support/docview.wss?uid=swg1PI39617
- http://www-01.ibm.com/support/docview.wss?uid=swg21962567
- http://www-01.ibm.com/support/docview.wss?uid=swg21962567