CVE-2012-4834: Path Traversal
First published: Fri Nov 30 2012(Updated: )
Directory traversal vulnerability in LayerLoader.jsp in the theme component in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF19 and 8.0 before CF03 allows remote attackers to read arbitrary files via a crafted URI.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM WebSphere Portal | =7.0.0.1 | |
| IBM WebSphere Portal | =7.0.0.1-cf002 | |
| IBM WebSphere Portal | =7.0.0.1-cf003 | |
| IBM WebSphere Portal | =7.0.0.1-cf004 | |
| IBM WebSphere Portal | =7.0.0.1-cf005 | |
| IBM WebSphere Portal | =7.0.0.1-cf006 | |
| IBM WebSphere Portal | =7.0.0.1-cf007 | |
| IBM WebSphere Portal | =7.0.0.1-cf008 | |
| IBM WebSphere Portal | =7.0.0.1-cf009 | |
| IBM WebSphere Portal | =7.0.0.1-cf010 | |
| IBM WebSphere Portal | =7.0.0.1-cf011 | |
| IBM WebSphere Portal | =7.0.0.1-cf012 | |
| IBM WebSphere Portal | =7.0.0.1-cf013 | |
| IBM WebSphere Portal | =7.0.0.1-cf014 | |
| IBM WebSphere Portal | =7.0.0.1-cf015 | |
| IBM WebSphere Portal | =7.0.0.1-cf016 | |
| IBM WebSphere Portal | =7.0.0.1-cf017 | |
| IBM WebSphere Portal | =7.0.0.1-cf018 | |
| IBM WebSphere Portal | =7.0.0.2 | |
| IBM WebSphere Portal | =7.0.0.2-cf002 | |
| IBM WebSphere Portal | =7.0.0.2-cf003 | |
| IBM WebSphere Portal | =7.0.0.2-cf004 | |
| IBM WebSphere Portal | =7.0.0.2-cf005 | |
| IBM WebSphere Portal | =7.0.0.2-cf006 | |
| IBM WebSphere Portal | =7.0.0.2-cf007 | |
| IBM WebSphere Portal | =7.0.0.2-cf008 | |
| IBM WebSphere Portal | =7.0.0.2-cf009 | |
| IBM WebSphere Portal | =7.0.0.2-cf010 | |
| IBM WebSphere Portal | =7.0.0.2-cf011 | |
| IBM WebSphere Portal | =7.0.0.2-cf012 | |
| IBM WebSphere Portal | =7.0.0.2-cf013 | |
| IBM WebSphere Portal | =7.0.0.2-cf014 | |
| IBM WebSphere Portal | =7.0.0.2-cf015 | |
| IBM WebSphere Portal | =7.0.0.2-cf016 | |
| IBM WebSphere Portal | =7.0.0.2-cf017 | |
| IBM WebSphere Portal | =7.0.0.2-cf018 | |
| IBM WebSphere Portal | =8.0.0.0 | |
| IBM WebSphere Portal | =8.0.0.0-cf01 | |
| IBM WebSphere Portal | =8.0.0.0-cf02 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/51281
- http://www-01.ibm.com/support/docview.wss?uid=swg1PM76354
- http://www.ibm.com/connections/blogs/PSIRT/entry/security_vulnerability_in_theme_component_for_websphere_portal_versions_7_0_0_x_and_8_0_cve2012_48344
- http://www.ibm.com/support/docview.wss?uid=swg21617713
- http://www.ibm.com/support/docview.wss?uid=swg24033155
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78914
- collector/nvd-index
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/tags
- agent/event
- agent/type
- vendor/ibm
- canonical/ibm websphere portal
- version/ibm websphere portal/7.0.0.1
- version/ibm websphere portal/7.0.0.1-cf002
- version/ibm websphere portal/7.0.0.1-cf003
- version/ibm websphere portal/7.0.0.1-cf004
- version/ibm websphere portal/7.0.0.1-cf005
- version/ibm websphere portal/7.0.0.1-cf006
- version/ibm websphere portal/7.0.0.1-cf007
- version/ibm websphere portal/7.0.0.1-cf008
- version/ibm websphere portal/7.0.0.1-cf009
- version/ibm websphere portal/7.0.0.1-cf010
- version/ibm websphere portal/7.0.0.1-cf011
- version/ibm websphere portal/7.0.0.1-cf012
- version/ibm websphere portal/7.0.0.1-cf013
- version/ibm websphere portal/7.0.0.1-cf014
- version/ibm websphere portal/7.0.0.1-cf015
- version/ibm websphere portal/7.0.0.1-cf016
- version/ibm websphere portal/7.0.0.1-cf017
- version/ibm websphere portal/7.0.0.1-cf018
- version/ibm websphere portal/7.0.0.2
- version/ibm websphere portal/7.0.0.2-cf002
- version/ibm websphere portal/7.0.0.2-cf003
- version/ibm websphere portal/7.0.0.2-cf004
- version/ibm websphere portal/7.0.0.2-cf005
- version/ibm websphere portal/7.0.0.2-cf006
- version/ibm websphere portal/7.0.0.2-cf007
- version/ibm websphere portal/7.0.0.2-cf008
- version/ibm websphere portal/7.0.0.2-cf009
- version/ibm websphere portal/7.0.0.2-cf010
- version/ibm websphere portal/7.0.0.2-cf011
- version/ibm websphere portal/7.0.0.2-cf012
- version/ibm websphere portal/7.0.0.2-cf013
- version/ibm websphere portal/7.0.0.2-cf014
- version/ibm websphere portal/7.0.0.2-cf015
- version/ibm websphere portal/7.0.0.2-cf016
- version/ibm websphere portal/7.0.0.2-cf017
- version/ibm websphere portal/7.0.0.2-cf018
- version/ibm websphere portal/8.0.0.0
- version/ibm websphere portal/8.0.0.0-cf01
- version/ibm websphere portal/8.0.0.0-cf02