-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2014.1546
            Fixes available for Security Vulnerabilities in IBM
              WebSphere Portal (CVE-2014-4762; CVE-2014-4792)
                             10 September 2014

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           IBM WebSphere Portal
Publisher:         IBM
Operating System:  AIX
                   HP-UX
                   Linux variants
                   Solaris
                   Windows
Impact/Access:     Cross-site Scripting -- Remote with User Interaction
                   Denial of Service    -- Remote/Unauthenticated      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2014-4792 CVE-2014-4762 

Original Bulletin: 
   http://www-01.ibm.com/support/docview.wss?uid=swg21681998

- --------------------------BEGIN INCLUDED TEXT--------------------

Security Bulletin: Fixes available for Security Vulnerabilities in IBM 
WebSphere Portal (CVE-2014-4762; CVE-2014-4792)

Document information

More support for:
WebSphere Portal

Software version:
6.1, 7.0, 8.0, 8.5.0

Operating system(s):
AIX, HP-UX, IBM i, Linux, Solaris, Windows, i5/OS, z/OS

eference #:
1681998

Modified date:
2014-09-09

Security Bulletin

Summary

Fixes are available for security vulnerabilities in IBM WebSphere Portal.

Vulnerability Details

Fixes are available for the following security vulnerabilities in IBM 
WebSphere Portal:

CVE-ID: CVE-2014-4762

DESCRIPTION:

IBM WebSphere Portal is vulnerable to cross-site scripting, caused by improper
validation of user-supplied input. A remote attacker could exploit this 
vulnerability using a specially-crafted URL to execute script in a victim's 
Web browser within the security context of the hosting Web site, once the URL
is clicked. An attacker could use this vulnerability to steal the victim's 
cookie-based authentication credentials.

CVSS:

CVSS Base Score: 3.5

CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/94659 for the 
current score

CVSS Environmental Score*: Undefined

CVSS Vector: (AV:N/AC:M/Au:S/C:N/I:P/A:N)

AFFECTED PRODUCTS AND VERSIONS:

WebSphere Portal 8.5

WebSphere Portal 8.0

REMEDIATION:

The recommended solution is to apply PI21973 as soon as practical.

Fix: Apply an Interim Fix or a Cumulative Fix containing PI21973.

For 8.5.0

Upgrade to Cumulative Fix 02 (CF02).

(Combined Cumulative Fixes for WebSphere Portal 8.5.0.0: 
http://www-01.ibm.com/support/docview.wss?uid=swg24037786)

For 8.0.0 through 8.0.0.1

Upgrade to Fix Pack 8.0.0.1 with Cumulative Fix 13 (CF13) and then apply the 
Interim Fix PI21973.

(Combined Cumulative Fixes for WebSphere Portal 8.0.0.1: 
http://www-01.ibm.com/support/docview.wss?uid=swg24034497)

Additional details and manual fix guide (v8 and v85):

The fix is automatically deployed as part of a cumulative fix installation.

To install the fix manually run the the ConfigEngine task 
"apply-wcm-library-update-PI21973"

The deployment of this fix automatically modifies the corresponding web 
content menu component "List of Articles" in base Portal.

This component can be found in one of the following web content library.

- - For WebSphere Portal 8000: "Web Content Templates"

- - For WebSphere Portal 8001: "Web Content Templates 8001"

- - For WebSphere Portal 8500: "Web Content Templates 3.0"

The update cannot be done automatically in case this menu component was 
changed, renamed, or moved to another location.

If you are uncertain if you have modified this component please review the 
ConfigTrace.log in the wp_profile_root/ConfigEngine/log directory.

Open the ConfigTrace.log file and search for all occurrences of "[PI21973]". 
Verify that you see the following success message.

- - For WebSphere Portal 8000:

[PI21973]: The update was applied successfully to the web content library "Web
Content Templates".

- - For WebSphere Portal 8001:

[PI21973]: The update was applied successfully to the web content library "Web
Content Templates 8001".

- - For WebSphere Portal 8500: [PI21973]: The update was applied successfully to
the web

content library "Web Content Templates 3.0".

If the system was migrated from a previous release please verify that you see
a success message also for the migrated web content libraries.

If you cannot find this success message in the ConfigTrace.log the menu 
component could not be modified automatically or the fix has already been 
installed.

To manually apply the fix, replace all occurrences of the following text in 
the mentioned menu component using the Web Content Authoring Portlet.

In WebSphere Portal 8001 search for:

<span class='vcard X-sametime-resolve'>

<a target="" title="" href="javascript:SemTagMenu.a11y(event)" class="fn 

lotusPerson" onclick="return false;" tabindex="0">

[Property context="autofill" type="content" format="cn" field="creator"]

</a>

<span style="display: none;" class="uid">[Property context="autofill" 

type="content" format="dn" field="creator"]

</span>

</span>

In WebSphere Portal 8500 search for:

<span class='vcard X-sametime-resolve'>

<a title="" target="" href="javascript:SemTagMenu.a11y(event)" class="fn 

lotusPerson" onclick="return false;" tabindex="0">

[Property context="autofill" type="content" format="cn" field="creator"]

</a>

<span style="display: none;" class="uid">[Property context="autofill" 

type="content" format="dn" field="creator"]

</span>

</span>


Replace all occurrences with:

[Property context="autofill" type="content" format="cn" awareness="true" 
field="creator"]

In general it is recommended to use the "Property" web content tag together 
with the "awareness" attribute set to a value of "true" to generate a Person 
card in your web content.

In case the web content library was modified automatically by this fix a 
backup of the previous content of the web content library was exported into 
the wp_profile_root/PortalServer/wcm/ilwwcm/system/export directory.

To restore the backup unpack the exported file and import the library using 
the "export-wcm-data" task. For more information please see the topic 
"Exporting and importing a web content library" in the product documentation.

If you have syndicated the web content library to another virtual portal 
please syndicate the updated library again after the changes have been 
applied.

In case you created copies of the web content library please make sure to also
manually apply the fix to these copies.

Workaround: None.

Mitigation: None.

CVE-ID: CVE-2014-4792

DESCRIPTION:

IBM WebSphere Portal could allow a remote attacker to upload files. A remote 
attacker could upload a very large file that could filll the filesystem and 
cause a denial of service.

CVSS:

CVSS Base Score: 4.0

CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/95204 for the 
current score

CVSS Environmental Score*: Undefined

CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:N/A:N)

AFFECTED PRODUCTS AND VERSIONS:

WebSphere Portal 8.5

WebSphere Portal 8.0

WebSphere Portal 7

WebSphere Portal 6

REMEDIATION:

The recommended solution is to apply PI23334 as soon as practical.

Fix: Apply an Interim Fix or a Cumulative Fix containing PI23334.

For 8.5.0

Upgrade to Cumulative Fix 02 (CF02).

(Combined Cumulative Fixes for WebSphere Portal 8.5.0.0: 
http://www-01.ibm.com/support/docview.wss?uid=swg24037786)

For 8.0.0 through 8.0.0.1

Upgrade to Fix Pack 8.0.0.1 with Cumulative Fix 13 (CF13) and then apply the 
Interim Fix PI23334.

(Combined Cumulative Fixes for WebSphere Portal 8.0.0.1: 
http://www-01.ibm.com/support/docview.wss?uid=swg24034497)

For 7.0.0 through 7.0.0.2

Upgrade to Fix Pack 7.0.0.2 with Cumulative Fix 28 (CF28) and then apply the 
Interim Fix PI23334.(Combined Cumulative fixes for WebSphere Portal 7.0.0.2: 
http://www.ibm.com/support/docview.wss?uid=swg24029452)

For 6.1.5.0 through 6.1.5.3

Upgrade to Fix Pack 6.1.5.3 with Cumulative Fix 27 (CF27) and then apply the 
Interim Fix PI23334. (Cumulative fixes for WebSphere Portal 6.1.5.3: 
http://www-01.ibm.com/support/docview.wss?uid=swg24023835)

For 6.1.0.0 through 6.1.0.6

Upgrade to Fix Pack 6.1.0.6 with Cumulative Fix 27 (CF27) and then apply the 
Interim Fix PI23334.

(Cumulative fixes for WebSphere Portal 6.1.0.6: 
http://www-01.ibm.com/support/docview.wss?uid=swg24023835)

Workaround: None. Mitigation: None. Important note IBM strongly suggests that
all System z customers be subscribed to the System z Security Portal to 
receive the latest critical System z security and integrity service. If you 
are not subscribed, see the instructions on the System z Security web site. 
Security and integrity APARs and associated fixes will be posted to this 
portal. IBM suggests reviewing the CVSS scores and applying all security or 
integrity fixes as soon as possible to minimize any potential risk. References
Complete CVSS Guide On-line Calculator V2 Related information IBM Secure 
Engineering Web Portal IBM Product Security Incident Response Blog Change 
History 2014-09-09: Original Copy Published *The CVSS Environment Score is 
customer environment specific and will ultimately impact the Overall CVSS 
Score. Customers can evaluate the impact of this vulnerability in their 
environments by accessing the links in the Reference section of this Security
Bulletin. Disclaimer According to the Forum of Incident Response and Security
Teams (FIRST), the Common Vulnerability Scoring System (CVSS) is an "industry
open standard designed to convey vulnerability severity and help to determine
urgency and priority of response." IBM PROVIDES THE CVSS SCORES "AS IS" 
WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED WARRANTIES OF 
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. CUSTOMERS ARE 
RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR POTENTIAL SECURITY 
VULNERABILITY.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVA+zARLndAQH1ShLAQKJeQ//Q7b1FlC2SHqEzeDH6Lx+lse265dtJtNN
At5l2Fru4gdyy9UoymPWr4clo0U+QWBTQ7TDrMauGnP8OP5Xsq/aQ9kgwg+XMoeU
Lz2pj417LkA9Ms+E/hsQM7u5wJ4tuae7fk+/UJekhP00/RtbS1A+1OVkpG8UeEjP
+F2S9w4HWAbnbenCgffuzSUvXxT/XY3DIl6sp98CnJwEpWKKkQwRKzv8Af0TYgFw
Fqgl34OtWN2wTPRSCQ9wgYU7M6+Nc30OgPKrT1GLv7XjXOs8o7FeqjD04Ud1OwgC
7DFGA0SQG9Uug6bq80qpRwkmYsM6M8YHSN9MePbOHgijRanJmeTI+tWk034Xz4Qc
fJC6uWZrK3DO3k7yfREN1dJ2JUyDpOpaVUX8Tx7DNVyZBec4wgz+cN6VSMirlAbY
kegPkbeObKth2jJjHjNYcFM/okdXwjRru7STHgw/w3prYPT3rJeEoGzKEP9b0CQ2
Tjpii2Fcj/7IpLPGR6ZTTef6CfOoVA0kY79VnjuLBPIOOSJYRLn+oO+LEpKoa3kf
4GtMSIAH4VOQzLbUJmcxILf67DiSd7KNcbLCUFnHBQix3nx/fnmz45egjRiWFeEU
5xkAULmo/rSZR7AsrVR/zDEj6+0p0YN6zLJxUb1Dq/l9pG6/vmOleYg8rb+ki2rZ
9R96WwSnu8g=
=6eRb
-----END PGP SIGNATURE-----