Vulnerabilities > CVE-2016-0245 - Unspecified vulnerability in IBM Websphere Portal 8.0.0.0/8.0.0.1/8.5.0.0

047910
CVSS 5.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
LOW
network
low complexity
ibm
nessus

Summary

The XML parser in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF10 allows remote authenticated users to read arbitrary files or cause a denial of service via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Vulnerable Configurations

Part Description Count
Application
Ibm
3

Nessus

  • NASL familyCGI abuses
    NASL idWEBSPHERE_PORTAL_SWG21976358.NASL
    descriptionThe IBM WebSphere Portal installed on the remote host is version 6.1.0.x prior to 6.1.0.6 CF27 with patches, 6.1.5.x prior to 6.1.5.3 CF27 with patches, 7.0.0.x prior to 7.0.0.2 CF29 with patches, 8.0.0.x prior to 8.0.0.1 CF20, or 8.5.0.0 prior to 8.5.0.0 CF09 with patches. It is, therefore, affected by multiple vulnerabilities : - An open redirect vulnerability exists due to improper validation of input before returning it to the user. An attacker can exploit this, via a specially crafted link, to redirect a victim to an arbitrary website. (CVE-2015-7428) - A security bypass vulnerability exists due to insecure permissions. A remote attacker can exploit this to make changes to content items. (CVE-2015-7455) - Multiple unspecified cross-site scripting vulnerabilities exist due to improper validation of user-supplied input. A remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user
    last seen2020-06-01
    modified2020-06-02
    plugin id89689
    published2016-03-04
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/89689
    titleIBM WebSphere Portal Multiple Vulnerabilities (swg21976358)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(89689);
      script_version("1.7");
      script_cvs_date("Date: 2019/11/20");
    
      script_cve_id(
        "CVE-2015-7428",
        "CVE-2015-7455",
        "CVE-2015-7457",
        "CVE-2015-7491",
        "CVE-2016-0243",
        "CVE-2016-0244",
        "CVE-2016-0245"
      );
    
      script_name(english:"IBM WebSphere Portal Multiple Vulnerabilities (swg21976358)");
      script_summary(english:"Checks for the install patches.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The web portal software installed on the remote Windows host is
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The IBM WebSphere Portal installed on the remote host is version
    6.1.0.x prior to 6.1.0.6 CF27 with patches, 6.1.5.x prior to 6.1.5.3
    CF27 with patches, 7.0.0.x prior to 7.0.0.2 CF29 with patches, 8.0.0.x
    prior to 8.0.0.1 CF20, or 8.5.0.0 prior to 8.5.0.0 CF09 with patches.
    It is, therefore, affected by multiple vulnerabilities :
    
      - An open redirect vulnerability exists due to improper
        validation of input before returning it to the user. An
        attacker can exploit this, via a specially crafted link,
        to redirect a victim to an arbitrary website.
        (CVE-2015-7428)
    
      - A security bypass vulnerability exists due to insecure
        permissions. A remote attacker can exploit this to make
        changes to content items. (CVE-2015-7455)
    
      - Multiple unspecified cross-site scripting
        vulnerabilities exist due to improper validation of
        user-supplied input. A remote attacker can exploit this,
        via a specially crafted request, to execute arbitrary
        script code in a user's browser session. (CVE-2015-7457,
        CVE-2015-7491, CVE-2016-0243, CVE-2016-0244)
    
      - An XML External Entity (XXE) injection vulnerability
        exists due to an incorrectly configured XML parser
        accepting XML external entities from an untrusted
        source. A remote attacker can exploit this, via
        specially crafted XML data, to cause a denial of service
        condition or to disclose sensitive information.
        (CVE-2016-0245)");
      script_set_attribute(attribute:"see_also", value:"https://www-01.ibm.com/support/docview.wss?uid=swg21976358");
      script_set_attribute(attribute:"solution", value:
    "Apply the appropriate fixes per the vendor advisory.
    
      - For 6.1.0.x, upgrade to version 6.1.0.6 CF27 and apply
        interim fixes PI54088 and PI55327.
    
      - For 6.1.5.x, upgrade to version 6.1.5.3 CF27 and apply
        interim fixes PI54088 and PI55327.
    
      - For 7.0.0.x, upgrade to version 7.0.0.2 CF29 and apply
        interim fixes PI51234, PI55327, and PI54088.
    
      - For 8.0.0.x, upgrade to version 8.0.0.1 CF20.
    
      - For 8.5.0.x, upgrade to version 8.5.0 CF09 and apply
        interim fix PI56682.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-7428");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/02/29");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/02/29");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/04");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_portal");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"CGI abuses");
    
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("websphere_portal_installed.nbin");
      script_require_keys("installed_sw/IBM WebSphere Portal");
    
      exit(0);
    }
    
    include("websphere_portal_version.inc");
    
    websphere_portal_check_version(
      checks:make_array(
        "8.5.0.0, 8.5.0.0, CF00-CF09", make_list('PI56682'),
        "8.0.0.0, 8.0.0.1", make_list("CF20"),
        "7.0.0.0, 7.0.0.2, CF00-CF29", make_list('PI51234', 'PI54088', 'PI55327'),
        "6.1.5.0, 6.1.5.3, CF00-CF27", make_list('PI54088', 'PI55327'),
        "6.1.0.0, 6.1.0.6, CF00-CF27", make_list('PI54088', 'PI55327')
     ),
      severity:SECURITY_WARNING,
      xss: TRUE
    );
    
  • NASL familyCGI abuses
    NASL idWEBSPHERE_PORTAL_8_0_0_1_CF20.NASL
    descriptionThe version of IBM WebSphere Portal installed on the remote host is 8.0.0.x prior to 8.0.0.1 CF20. It is, therefore, affected by multiple vulnerabilities : - An open redirect vulnerability exists due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted link, to redirect a user from the intended legitimate web site to an arbitrary web site of the attacker
    last seen2020-06-01
    modified2020-06-02
    plugin id93076
    published2016-08-23
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93076
    titleIBM WebSphere Portal 8.0.0.x < 8.0.0.1 CF20 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(93076);
      script_version("1.5");
      script_cvs_date("Date: 2019/11/14");
    
      script_cve_id("CVE-2015-7428", "CVE-2016-0245");
      script_bugtraq_id(83479, 83485);
    
      script_name(english:"IBM WebSphere Portal 8.0.0.x < 8.0.0.1 CF20 Multiple Vulnerabilities");
      script_summary(english:"Checks for the installed patch.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The web portal software installed on the remote Windows host is
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of IBM WebSphere Portal installed on the remote host is
    8.0.0.x prior to 8.0.0.1 CF20. It is, therefore, affected by multiple
    vulnerabilities :
    
      - An open redirect vulnerability exists due to improper
        validation of user-supplied input. An unauthenticated,
        remote attacker can exploit this, via a specially
        crafted link, to redirect a user from the intended
        legitimate web site to an arbitrary web site of the
        attacker's choosing. (CVE-2015-7428)
     
      - An XML external entity (XXE) injection vulnerability
        exists due to an incorrectly configured XML parser
        accepting XML external entities from an untrusted
        source. An authenticated, remote attacker can exploit
        this, via specially crafted XML data, to cause a denial
        of service or disclose sensitive information.
        (CVE-2016-0245)");
      script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg24034497#CF20");
      script_set_attribute(attribute:"see_also", value:"https://www-01.ibm.com/support/docview.wss?uid=swg21976358");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to IBM WebSphere Portal version 8.0.0.1 CF20 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-7428");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2016/02/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2016/02/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/23");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:ibm:websphere_portal");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"CGI abuses");
    
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("websphere_portal_installed.nbin");
      script_require_keys("installed_sw/IBM WebSphere Portal");
    
      exit(0);
    }
    
    include("websphere_portal_version.inc");
    
    websphere_portal_check_version(
      ranges:make_list("8.0.0.0, 8.0.0.1"),
      fix:"CF20",
      severity:SECURITY_WARNING,
      xss:TRUE
    );
    
    
  • NASL familyCGI abuses
    NASL idWEBSPHERE_PORTAL_8_5_0_0_CF10.NASL
    descriptionThe version of IBM WebSphere Portal installed on the remote Windows host is 8.5.0.0 prior to 8.5.0.0 CF10. It is, therefore, affected by multiple vulnerabilities : - An unspecified flaw exists that is triggered when handling a specially crafted request. An unauthenticated, remote attacker can exploit this to inject arbitrary LDAP content and view, add, modify or delete information in the user repository. (CVE-2015-7472) - An XXE (XML external entity) injection vulnerability exists due to an incorrectly configured XML parser accepting XML external entities from an untrusted source. An unauthenticated, remote attacker can exploit this, via specially crafted XML data, to cause a denial of service condition or disclose sensitive information. (CVE-2016-0245) - A cross-site scripting (XSS) vulnerability exists due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in a user
    last seen2020-06-01
    modified2020-06-02
    plugin id93027
    published2016-08-18
    reporterThis script is Copyright (C) 2016-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/93027
    titleIBM WebSphere Portal 8.5.0.0 < 8.5.0.0 CF10 Multiple Vulnerabilities
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(93027);
      script_version("1.6");
      script_cvs_date("Date: 2018/08/06 14:03:14");
    
      script_cve_id(
        "CVE-2015-7472",
        "CVE-2016-0245",
        "CVE-2016-2925"
      );
      script_bugtraq_id(
        82548,
        83485,
        92180
      );
    
      script_name(english:"IBM WebSphere Portal 8.5.0.0 < 8.5.0.0 CF10 Multiple Vulnerabilities");
      script_summary(english:"Checks for the installed patch.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The web portal software installed on the remote Windows host is
    affected by multiple vulnerabilities.");
      script_set_attribute(attribute:"description", value:
    "The version of IBM WebSphere Portal installed on the remote Windows
    host is 8.5.0.0 prior to 8.5.0.0 CF10. It is, therefore, affected by
    multiple vulnerabilities :
    
      - An unspecified flaw exists that is triggered when
        handling a specially crafted request. An
        unauthenticated, remote attacker can exploit this to
        inject arbitrary LDAP content and view, add, modify or
        delete information in the user repository.
        (CVE-2015-7472)
    
      - An XXE (XML external entity) injection vulnerability
        exists due to an incorrectly configured XML parser
        accepting XML external entities from an untrusted
        source. An unauthenticated, remote attacker can exploit
        this, via specially crafted XML data, to cause a denial
        of service condition or disclose sensitive information.
        (CVE-2016-0245)
    
      - A cross-site scripting (XSS) vulnerability exists due to
        improper validation of user-supplied input. An
        unauthenticated, remote attacker can exploit this, via a
        specially crafted request, to execute arbitrary script
        code in a user's browser session. (CVE-2016-2925)");
      script_set_attribute(attribute:"see_also", value:"http://www-01.ibm.com/support/docview.wss?uid=swg24037786#CF10");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to IBM WebSphere Portal version 8.5.0.0 CF10.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date",value:"2016/02/02");
      script_set_attribute(attribute:"patch_publication_date",value:"2016/02/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/08/18");
    
      script_set_attribute(attribute:"plugin_type",value:"local");
      script_set_attribute(attribute:"cpe",value:"cpe:/a:ibm:websphere_portal");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"CGI abuses");
    
      script_copyright(english:"This script is Copyright (C) 2016-2018 Tenable Network Security, Inc.");
    
      script_dependencies("websphere_portal_installed.nbin");
      script_require_keys("installed_sw/IBM WebSphere Portal");
    
      exit(0);
    }
    
    include("websphere_portal_version.inc");
    
    websphere_portal_check_version(
      ranges:make_list("8.5.0.0, 8.5.0.0"),
      fix:"CF10",
      severity:SECURITY_WARNING,
      xss:TRUE
    );