What is the severity of CVE-2014-0891?

CVE-2014-0891 is classified as a moderate severity vulnerability.

How do I fix CVE-2014-0891?

To mitigate CVE-2014-0891, upgrade IBM WebSphere Application Server to the latest patched version as recommended by IBM.

What versions of IBM WebSphere Application Server are affected by CVE-2014-0891?

CVE-2014-0891 affects IBM WebSphere Application Server versions 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.2.

What type of attacks does CVE-2014-0891 enable?

CVE-2014-0891 allows remote attackers to obtain sensitive information through incorrect request handling by the Proxy or ODR server.

Is there a workaround for CVE-2014-0891 if I cannot immediately upgrade?

There are no known workarounds for CVE-2014-0891, and immediate upgrading is the recommended course of action.

Vulnerability/
CVE-2014-0891

medium

CWE

200

28/6/2014

6/8/2024

CVE-2014-0891: Infoleak

First published: Sat Jun 28 2014(Updated: )

IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.2 allows remote attackers to obtain sensitive information by leveraging incorrect request handling by the (1) Proxy or (2) ODR server.

Credit: psirt@us.ibm.com

Affected Software	Affected Version	How to fix
IBM WebSphere Application Server Feature Pack for Web Services	=7.0
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.1
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.2
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.3
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.4
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.5
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.6
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.7
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.8
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.9
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.10
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.11
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.12
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.13
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.14
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.15
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.16
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.17
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.18
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.19
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.21
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.22
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.23
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.24
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.25
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.27
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.29
IBM WebSphere Application Server Feature Pack for Web Services	=7.0.0.31
IBM WebSphere Application Server Feature Pack for Web Services	=8.5.0.0
IBM WebSphere Application Server Feature Pack for Web Services	=8.5.0.1
IBM WebSphere Application Server Feature Pack for Web Services	=8.5.0.2
IBM WebSphere Application Server Feature Pack for Web Services	=8.5.5.0
IBM WebSphere Application Server Feature Pack for Web Services	=8.5.5.1
IBM WebSphere Application Server Feature Pack for Web Services	=8.0.0.0
IBM WebSphere Application Server Feature Pack for Web Services	=8.0.0.1
IBM WebSphere Application Server Feature Pack for Web Services	=8.0.0.2
IBM WebSphere Application Server Feature Pack for Web Services	=8.0.0.3
IBM WebSphere Application Server Feature Pack for Web Services	=8.0.0.4
IBM WebSphere Application Server Feature Pack for Web Services	=8.0.0.5
IBM WebSphere Application Server Feature Pack for Web Services	=8.0.0.6
IBM WebSphere Application Server Feature Pack for Web Services	=8.0.0.7
IBM WebSphere Application Server Feature Pack for Web Services	=8.0.0.8

Remedy

http://www-01.ibm.com/support/docview.wss?uid=swg21676091

Remedy

http://www-01.ibm.com/support/docview.wss?uid=swg21676092

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-0891?
CVE-2014-0891 is classified as a moderate severity vulnerability.
How do I fix CVE-2014-0891?
To mitigate CVE-2014-0891, upgrade IBM WebSphere Application Server to the latest patched version as recommended by IBM.
What versions of IBM WebSphere Application Server are affected by CVE-2014-0891?
CVE-2014-0891 affects IBM WebSphere Application Server versions 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.2.
What type of attacks does CVE-2014-0891 enable?
CVE-2014-0891 allows remote attackers to obtain sensitive information through incorrect request handling by the Proxy or ODR server.
Is there a workaround for CVE-2014-0891 if I cannot immediately upgrade?
There are no known workarounds for CVE-2014-0891, and immediate upgrading is the recommended course of action.

agent/type
agent/remedy
collector/mitre-cve
source/MITRE
agent/weakness
agent/last-modified-date
agent/references
agent/severity
agent/author
agent/first-publish-date
agent/description
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/ibm
canonical/ibm websphere application server feature pack for web services
version/ibm websphere application server feature pack for web services/7.0
version/ibm websphere application server feature pack for web services/7.0.0.1
version/ibm websphere application server feature pack for web services/7.0.0.2
version/ibm websphere application server feature pack for web services/7.0.0.3
version/ibm websphere application server feature pack for web services/7.0.0.4
version/ibm websphere application server feature pack for web services/7.0.0.5
version/ibm websphere application server feature pack for web services/7.0.0.6
version/ibm websphere application server feature pack for web services/7.0.0.7
version/ibm websphere application server feature pack for web services/7.0.0.8
version/ibm websphere application server feature pack for web services/7.0.0.9
version/ibm websphere application server feature pack for web services/7.0.0.10
version/ibm websphere application server feature pack for web services/7.0.0.11
version/ibm websphere application server feature pack for web services/7.0.0.12
version/ibm websphere application server feature pack for web services/7.0.0.13
version/ibm websphere application server feature pack for web services/7.0.0.14
version/ibm websphere application server feature pack for web services/7.0.0.15
version/ibm websphere application server feature pack for web services/7.0.0.16
version/ibm websphere application server feature pack for web services/7.0.0.17
version/ibm websphere application server feature pack for web services/7.0.0.18
version/ibm websphere application server feature pack for web services/7.0.0.19
version/ibm websphere application server feature pack for web services/7.0.0.21
version/ibm websphere application server feature pack for web services/7.0.0.22
version/ibm websphere application server feature pack for web services/7.0.0.23
version/ibm websphere application server feature pack for web services/7.0.0.24
version/ibm websphere application server feature pack for web services/7.0.0.25
version/ibm websphere application server feature pack for web services/7.0.0.27
version/ibm websphere application server feature pack for web services/7.0.0.29
version/ibm websphere application server feature pack for web services/7.0.0.31
version/ibm websphere application server feature pack for web services/8.5.0.0
version/ibm websphere application server feature pack for web services/8.5.0.1
version/ibm websphere application server feature pack for web services/8.5.0.2
version/ibm websphere application server feature pack for web services/8.5.5.0
version/ibm websphere application server feature pack for web services/8.5.5.1
version/ibm websphere application server feature pack for web services/8.0.0.0
version/ibm websphere application server feature pack for web services/8.0.0.1
version/ibm websphere application server feature pack for web services/8.0.0.2
version/ibm websphere application server feature pack for web services/8.0.0.3
version/ibm websphere application server feature pack for web services/8.0.0.4
version/ibm websphere application server feature pack for web services/8.0.0.5
version/ibm websphere application server feature pack for web services/8.0.0.6
version/ibm websphere application server feature pack for web services/8.0.0.7
version/ibm websphere application server feature pack for web services/8.0.0.8

CVE-2014-0891: Infoleak

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2014-0891?

How do I fix CVE-2014-0891?

What versions of IBM WebSphere Application Server are affected by CVE-2014-0891?

What type of attacks does CVE-2014-0891 enable?

Is there a workaround for CVE-2014-0891 if I cannot immediately upgrade?

Company

Resources

Contact