Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2014.0757 Security Bulletin: Fixes available for Security Vulnerabilities in IBM WebSphere Portal (Multiple CVEs) 20 May 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: IBM WebSphere Portal Publisher: IBM Operating System: AIX HP-UX IBM i Linux variants Solaris Windows i5/OS z/OS Impact/Access: Denial of Service -- Remote/Unauthenticated Cross-site Scripting -- Remote with User Interaction Access Confidential Data -- Remote/Unauthenticated Provide Misleading Information -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2014-0959 CVE-2014-0958 CVE-2014-0956 CVE-2014-0955 CVE-2014-0954 CVE-2014-0952 CVE-2014-0951 CVE-2014-0949 Original Bulletin: http://www-01.ibm.com/support/docview.wss?uid=swg21672572 - --------------------------BEGIN INCLUDED TEXT-------------------- Security Bulletin: Fixes available for Security Vulnerabilities in IBM WebSphere Portal (Multiple CVEs) Security Bulletin Document information More support for: WebSphere Portal Software version: 6.1, 7.0, 8.0 Operating system(s): AIX, HP-UX, IBM i, Linux, Solaris, Windows, i5/OS, z/OS Reference #: 1672572 Modified date: 2014-05-13 Summary Fixes are available for security vulnerabilities in IBM WebSphere Portal. Vulnerability Details Fixes are available for the following security vulnerabilities in IBM WebSphere Portal: CVEID: CVE-2014-0951 DESCRIPTION: IBM WebSphere Portal is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the FilterForm.jsp script. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. CVSS: CVSS Base Score: 4.3 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/92624 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) AFFECTED PRODUCTS AND VERSIONS: WebSphere Portal 8 WebSphere Portal 7 REMEDIATION: The recommended solution is to apply PI15690 as soon as practical. Fix: Apply a Cumulative Fix containing PI15690. For 8.0.0 through 8.0.0.1 Upgrade to Fix Pack 8.0.0.1 with Cumulative Fix 12 (CF12) (Combined Cumulative Fixes for WebSphere Portal 8.0.0.1: http://www-01.ibm.com/support/docview.wss?uid=swg24034497) For 7.0.0 through 7.0.0.2 Upgrade to Fix Pack 7.0.0.2 with Cumulative Fix 28 (CF28) (Combined Cumulative fixes for WebSphere Portal 7.0.0.2: http://www.ibm.com/support/docview.wss?uid=swg24029452) Workaround: None. Mitigation: None. CVEID: CVE-2014-0949 DESCRIPTION: IBM Websphere Portal contains a vulnerability that would allow a remote attacker to consume all available resources and crash the system through a malicous web request. CVSS: CVSS Base Score: 4.3 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/92622 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P) AFFECTED PRODUCTS AND VERSIONS: WebSphere Portal 8 WebSphere Portal 7 WebSphere Portal 6.1.x REMEDIATION: The recommended solution is to apply PI15692 as soon as practical. Fix: Apply Interim Fix PI15692 or a Cumulative Fix containing PI15692. For 8.0.0 through 8.0.0.1 Upgrade to Fix Pack 8.0.0.1 with Cumulative Fix 12 (CF12) (Combined Cumulative Fixes for WebSphere Portal 8.0.0.1: http://www-01.ibm.com/support/docview.wss?uid=swg24034497) For 7.0.0 through 7.0.0.2 Upgrade to Fix Pack 7.0.0.2 with Cumulative Fix 28 (CF28) and then apply Interim Fix PI15692 (Combined Cumulative fixes for WebSphere Portal 7.0.0.2: http://www.ibm.com/support/docview.wss?uid=swg24029452) For 6.1.5.0 through 6.1.5.3 Upgrade to Fix Pack 6.1.5.3 with Cumulative Fix 27 (CF27) and then apply Interim Fix PI15692 (Cumulative fixes for WebSphere Portal 6.1.5.3: http://www-01.ibm.com/support/docview.wss?uid=swg24023835) For 6.1.0.0 through 6.1.0.6 Upgrade to Fix Pack 6.1.0.6 with Cumulative Fix 27 (CF27) and then apply Interim Fix PI15692 (Cumulative fixes for WebSphere Portal 6.1.0.6: http://www-01.ibm.com/support/docview.wss?uid=swg24023835) Workaround: None. Mitigation: None. CVEID: CVE-2014-0954 DESCRIPTION: IBM WebSphere Portal contains a vulnerability that would allow a remote attacker to send a specially-crafted URL request which could allow the attacker to obtain sensitive information, consume all available memory resources or control the request dispatcher on the vulnerable Web server due to unvalidated JSP includes. CVSS: CVSS Base Score: 6.8 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/92627 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P) AFFECTED PRODUCTS AND VERSIONS: WebSphere Portal 8 WebSphere Portal 7 WebSphere Portal 6.1.x REMEDIATION: The recommended solution is to apply PI15723 as soon as practical. Fix: Apply Interim Fix PI15723 or a Cumulative Fix containing PI15723. For 8.0.0 through 8.0.0.1 Upgrade to Fix Pack 8.0.0.1 with Cumulative Fix 12 (CF12) (Combined Cumulative Fixes for WebSphere Portal 8.0.0.1: http://www-01.ibm.com/support/docview.wss?uid=swg24034497) For 7.0.0 through 7.0.0.2 Upgrade to Fix Pack 7.0.0.2 with Cumulative Fix 28 (CF28) and then apply Interim Fix PI15723 (Combined Cumulative fixes for WebSphere Portal 7.0.0.2: http://www.ibm.com/support/docview.wss?uid=swg24029452) For 6.1.5.0 through 6.1.5.3 Upgrade to Fix Pack 6.1.5.3 with Cumulative Fix 27 (CF27) and then apply Interim Fix PI15723 (Cumulative fixes for WebSphere Portal 6.1.5.3: http://www-01.ibm.com/support/docview.wss?uid=swg24023835) For 6.1.0.0 through 6.1.0.6 Upgrade to Fix Pack 6.1.0.6 with Cumulative Fix 27 (CF27) and then apply Interim Fix PI15723 (Cumulative fixes for WebSphere Portal 6.1.0.6: http://www-01.ibm.com/support/docview.wss?uid=swg24023835) Workaround/Mitigation: If the Web Content Viewer (JSR 286) portlet is not used: Stop or uninstall the Web Content Viewer (JSR 286) portlet. CVEID: CVE-2014-0955 DESCRIPTION: IBM WebSphere Portal, if using IBM Connections integration using the Social Rendering feature, is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. CVSS: CVSS Base Score: 3.5 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/92628 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N) AFFECTED PRODUCTS AND VERSIONS: WebSphere Portal 8 (Fix Pack level 8.0.0.1) REMEDIATION: The recommended solution is to apply PI15583 as soon as practical. Fix: Apply a Cumulative Fix containing PI15583. For 8.0.0.1 Upgrade to Fix Pack 8.0.0.1 with Cumulative Fix 12 (CF12) (Combined Cumulative Fixes for WebSphere Portal 8.0.0.1: http://www-01.ibm.com/support/docview.wss?uid=swg24034497) Workaround: None. Mitigation: None. CVEID: CVE-2014-0959 DESCRIPTION: IBM WebSphere Portal is vulnerable to a denial of service, caused by redirecting a successful login back to itself resulting in an infinite loop. An authenticated remote attacker could exploit this vulnerability to cause a denial of service. CVSS: CVSS Base Score: 4.0 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/92741 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:L/Au:S/C:N/I:N/A:P) AFFECTED PRODUCTS AND VERSIONS: WebSphere Portal 8 WebSphere Portal 7 WebSphere Portal 6.1.x REMEDIATION: The recommended solution is to apply PI16462 as soon as practical. Fix: Apply Interim Fix PI16462 or a Cumulative Fix containing PI16462. For 8.0.0 through 8.0.0.1 Upgrade to Fix Pack 8.0.0.1 with Cumulative Fix 12 (CF12) (Combined Cumulative Fixes for WebSphere Portal 8.0.0.1: http://www-01.ibm.com/support/docview.wss?uid=swg24034497) For 7.0.0 through 7.0.0.2 Upgrade to Fix Pack 7.0.0.2 with Cumulative Fix 28 (CF28) and then apply Interim Fix PI16462 (Combined Cumulative fixes for WebSphere Portal 7.0.0.2: http://www.ibm.com/support/docview.wss?uid=swg24029452) For 6.1.5.0 through 6.1.5.3 Upgrade to Fix Pack 6.1.5.3 with Cumulative Fix 27 (CF27) and then apply Interim Fix PI16462 (Cumulative fixes for WebSphere Portal 6.1.5.3: http://www-01.ibm.com/support/docview.wss?uid=swg24023835) For 6.1.0.0 through 6.1.0.6 Upgrade to Fix Pack 6.1.0.6 with Cumulative Fix 27 (CF27) and then apply Interim Fix PI16462 (Cumulative fixes for WebSphere Portal 6.1.0.6: http://www-01.ibm.com/support/docview.wss?uid=swg24023835) Workaround: None. Mitigation: None. CVEID: CVE-2014-0956 DESCRIPTION: IBM WebSphere Portal is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by a .jsp script. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. CVSS: CVSS Base Score: 4.3 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/92629 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) AFFECTED PRODUCTS AND VERSIONS: WebSphere Portal 8 WebSphere Portal 7 WebSphere Portal 6.1.x REMEDIATION: The recommended solution is to apply PI16040 as soon as practical. Fix: Apply Interim Fix PI16040 or a Cumulative Fix containing PI16040. For 8.0.0 through 8.0.0.1 Upgrade to Fix Pack 8.0.0.1 with Cumulative Fix 12 (CF12) (Combined Cumulative Fixes for WebSphere Portal 8.0.0.1: http://www-01.ibm.com/support/docview.wss?uid=swg24034497) For 7.0.0 through 7.0.0.2 Upgrade to Fix Pack 7.0.0.2 with Cumulative Fix 27 (CF28) and then apply Interim Fix PI16040 (Combined Cumulative fixes for WebSphere Portal 7.0.0.2: http://www.ibm.com/support/docview.wss?uid=swg24029452) For 6.1.5.0 through 6.1.5.3 Upgrade to Fix Pack 6.1.5.3 with Cumulative Fix 27 (CF27) and then apply Interim Fix PI16040 (Cumulative fixes for WebSphere Portal 6.1.5.3: http://www-01.ibm.com/support/docview.wss?uid=swg24023835) For 6.1.0.0 through 6.1.0.6 Upgrade to Fix Pack 6.1.0.6 with Cumulative Fix 27 (CF27) and then apply Interim Fix PI16040 (Cumulative fixes for WebSphere Portal 6.1.0.6: http://www-01.ibm.com/support/docview.wss?uid=swg24023835) Workaround: None. Mitigation: None. CVEID: CVE-2014-0952 DESCRIPTION: IBM WebSphere Portal is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the boot_config.jsp script. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. CVSS: CVSS Base Score: 4.3 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/92625 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) AFFECTED PRODUCTS AND VERSIONS: WebSphere Portal 8 WebSphere Portal 7 WebSphere Portal 6.1.x REMEDIATION: The recommended solution is to apply PI16041 as soon as practical. Fix: Apply Interim Fix PI16041 or a Cumulative Fix containing PI16041. For 8.0.0 through 8.0.0.1 Upgrade to Fix Pack 8.0.0.1 with Cumulative Fix 12 (CF12) (Combined Cumulative Fixes for WebSphere Portal 8.0.0.1: http://www-01.ibm.com/support/docview.wss?uid=swg24034497) For 7.0.0 through 7.0.0.2 Upgrade to Fix Pack 7.0.0.2 with Cumulative Fix 28 (CF28) and then apply Interim Fix PI16041 (Combined Cumulative fixes for WebSphere Portal 7.0.0.2: http://www.ibm.com/support/docview.wss?uid=swg24029452) For 6.1.5.0 through 6.1.5.3 Upgrade to Fix Pack 6.1.5.3 with Cumulative Fix 28 (CF28) and then apply Interim Fix PI16041 (Cumulative fixes for WebSphere Portal 6.1.5.3: http://www-01.ibm.com/support/docview.wss?uid=swg24023835) For 6.1.0.0 through 6.1.0.6 Upgrade to Fix Pack 6.1.0.6 with Cumulative Fix 27 (CF27) and then apply Interim Fix PI16041 (Cumulative fixes for WebSphere Portal 6.1.0.6: http://www-01.ibm.com/support/docview.wss?uid=swg24023835) Workaround: None. Mitigation: None. CVEID: CVE-2014-0958 DESCRIPTION: IBM WebSphere Portal could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Web sites. CVSS: CVSS Base Score: 4.3 CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/92739 for the current score CVSS Environmental Score*: Undefined CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) AFFECTED PRODUCTS AND VERSIONS: WebSphere Portal 8 WebSphere Portal 7 WebSphere Portal 6.1.x REMEDIATION: The recommended solution is to apply PI15689 as soon as practical. Fix: Apply Interim Fix PI15689 or a Cumulative Fix containing PI15689. For 8.0.0 through 8.0.0.1 Upgrade to Fix Pack 8.0.0.1 with Cumulative Fix 12 (CF12) (Combined Cumulative Fixes for WebSphere Portal 8.0.0.1: http://www-01.ibm.com/support/docview.wss?uid=swg24034497) For 7.0.0 through 7.0.0.2 Upgrade to Fix Pack 7.0.0.2 with Cumulative Fix 28 (CF28) (Combined Cumulative fixes for WebSphere Portal 7.0.0.2: http://www.ibm.com/support/docview.wss?uid=swg24029452) For 6.1.5.0 through 6.1.5.3 Upgrade to Fix Pack 6.1.5.3 with Cumulative Fix 27 (CF27) and then apply Interim Fix PI15689 (Cumulative fixes for WebSphere Portal 6.1.5.3: http://www-01.ibm.com/support/docview.wss?uid=swg24023835) For 6.1.0.0 through 6.1.0.6 Upgrade to Fix Pack 6.1.0.6 with Cumulative Fix 27 (CF27) and then apply Interim Fix PI15689 (Cumulative fixes for WebSphere Portal 6.1.0.6: http://www-01.ibm.com/support/docview.wss?uid=swg24023835) Workaround: None. Mitigation: None. Important note IBM strongly suggests that all System z customers be subscribed to the System z Security Portal to receive the latest critical System z security and integrity service. If you are not subscribed, see the instructions on the System z Security web site. Security and integrity APARs and associated fixes will be posted to this portal. IBM suggests reviewing the CVSS scores and applying all security or integrity fixes as soon as possible to minimize any potential risk. References Complete CVSS Guide On-line Calculator V2 Related information IBM Secure Engineering Web Portal IBM Product Security Incident Response Blog Change History 13th May 2014: Original Copy Published *The CVSS Environment Score is customer environment specific and will ultimately impact the Overall CVSS Score. Customers can evaluate the impact of this vulnerability in their environments by accessing the links in the Reference section of this Security Bulletin. Disclaimer According to the Forum of Incident Response and Security Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry open standard designed to convey vulnerability severity and help to determine urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBU3qcRhLndAQH1ShLAQK56A/+JtXuKxYMXqi+WMfTvgsQccc7VC2Mmr5P d0SG6NFoUTTQ6wjqmtgi+Y3MZOxCVJeJOXQV2vX7nefoOwLvLybo3/EuGlKi3x+I 5NqkhCy2LDmFUWancljinSrE7ObYr+kf4hTInSxbn2rTgBIzk4VqaMdAJ9ffKvma fcsFv//d6sfiFSvD1La7Q99rT9f7bU+iSUyJHkTbi32dvn8Mh+fQhOB2STSpbMWg O0hwvweqqLb2tTg5jzXSH64WfLat3R25Q+fbMQwONwqDZMm+nkU3TvloCU5pmFEe NTTdWsVRhgZLXD++j63C3947Rngj7AmHFB2XTnUIZ7SO1QBu3PHePvtzsw1+n1bC H/2SuGcPFpcLIhzBQfSSVd16/RUrtJ9GJ55yAk94oz5U/uXqR98KyapACsIBCJ39 ouRJh81HhsXqndpFFqjqOh8xRU2ETQfs3DmcXhpbqvUnEHbEUIM74K3VcyUgx/T1 d6jIWh59VurhxWIgijK6gzyxNU7jZ9zKkFrov+bALrAP02/ZTfoKmjnPRMVRXAfM MwA4dlg+rvDNQ0xduuM1IwITT3C5taC10QXY5s5MZqsTzci4ohRCRLB8zTj04V7S +aUQHPjXyadt+ObeoN3SFcfTxqOVlYzzToyGHD0UmwkYwyuPa9tmDckr4RvLUaU0 fTLco3me28Q= =4EPs -----END PGP SIGNATURE-----