| Title | IBM WebSphere Portal における重要な情報を取得される脆弱性 |
|---|---|
| Summary | IBM WebSphere Portal は、JSP を含んでいることを検証をしないため、重要な情報を取得される、リクエストディスパッチャ (request-dispatcher) のアクセス制限を回避される、またはサービス運用妨害 (メモリ消費) 状態にされる脆弱性が存在します。 |
| Possible impacts | 第三者により、巧妙に細工された URL を介して、重要な情報を取得される、リクエストディスパッチャ (request-dispatcher) のアクセス制限を回避される、またはサービス運用妨害 (メモリ消費) 状態にされる可能性があります。 |
| Solution | ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date | May 13, 2014, midnight |
| Registration Date | May 26, 2014, 12:13 p.m. |
| Last Update | July 2, 2014, 11:10 a.m. |
| CVSS2.0 : 警告 | |
| Score | 6.8 |
|---|---|
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
| IBM |
| IBM WebSphere Portal 6.1.5 から 6.1.5.3 CF27 |
| IBM WebSphere Portal 7.0 から 7.0.0.2 CF28 |
| IBM WebSphere Portal 8.0 以上 8.0.0.1 CF12 未満 |
| No | Changed Details | Date of change |
|---|---|---|
| 0 | [2014年05月26日] 掲載 [2014年07月02日] CVSS による深刻度:内容を更新 |
Feb. 17, 2018, 10:37 a.m. |
| Summary | IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 does not validate JSP includes, which allows remote attackers to obtain sensitive information, bypass intended request-dispatcher access restrictions, or cause a denial of service (memory consumption) via a crafted URL. |
|---|---|
| Publication Date | May 22, 2014, 8:14 p.m. |
| Registration Date | Jan. 26, 2021, 3:05 p.m. |
| Last Update | Nov. 21, 2024, 11:03 a.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf26:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf27:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:6.1.5.3:cf27:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf08:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf23:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf004:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf017:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf022:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf005:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf006:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:7.0.0.0:cf001:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf003:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf013:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf020:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf019:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf015:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf11:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf012:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf018:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf016:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf019:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf07:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf24:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:6.1.0.6:cf27:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf10:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf009:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf002:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf007:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf008:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf09:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf25:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf014:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf010:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf021:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf011:*:*:*:*:*:* | |||||