CVE-2014-0954: Input Validation
First published: Thu May 22 2014(Updated: )
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 does not validate JSP includes, which allows remote attackers to obtain sensitive information, bypass intended request-dispatcher access restrictions, or cause a denial of service (memory consumption) via a crafted URL.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM WebSphere Portal | =6.1.0.0 | |
| IBM WebSphere Portal | =6.1.0.1 | |
| IBM WebSphere Portal | =6.1.0.2 | |
| IBM WebSphere Portal | =6.1.0.3 | |
| IBM WebSphere Portal | =6.1.0.4 | |
| IBM WebSphere Portal | =6.1.0.5 | |
| IBM WebSphere Portal | =6.1.0.6 | |
| IBM WebSphere Portal | =6.1.0.6-cf27 | |
| IBM WebSphere Portal | =6.1.5.0 | |
| IBM WebSphere Portal | =6.1.5.1 | |
| IBM WebSphere Portal | =6.1.5.2 | |
| IBM WebSphere Portal | =6.1.5.3 | |
| IBM WebSphere Portal | =6.1.5.3-cf27 | |
| IBM WebSphere Portal | =7.0.0.0 | |
| IBM WebSphere Portal | =7.0.0.0-cf001 | |
| IBM WebSphere Portal | =7.0.0.1 | |
| IBM WebSphere Portal | =7.0.0.1-cf002 | |
| IBM WebSphere Portal | =7.0.0.1-cf003 | |
| IBM WebSphere Portal | =7.0.0.1-cf004 | |
| IBM WebSphere Portal | =7.0.0.1-cf005 | |
| IBM WebSphere Portal | =7.0.0.1-cf006 | |
| IBM WebSphere Portal | =7.0.0.1-cf007 | |
| IBM WebSphere Portal | =7.0.0.1-cf008 | |
| IBM WebSphere Portal | =7.0.0.1-cf009 | |
| IBM WebSphere Portal | =7.0.0.1-cf010 | |
| IBM WebSphere Portal | =7.0.0.1-cf019 | |
| IBM WebSphere Portal | =7.0.0.2 | |
| IBM WebSphere Portal | =7.0.0.2-cf011 | |
| IBM WebSphere Portal | =7.0.0.2-cf012 | |
| IBM WebSphere Portal | =7.0.0.2-cf013 | |
| IBM WebSphere Portal | =7.0.0.2-cf014 | |
| IBM WebSphere Portal | =7.0.0.2-cf015 | |
| IBM WebSphere Portal | =7.0.0.2-cf016 | |
| IBM WebSphere Portal | =7.0.0.2-cf017 | |
| IBM WebSphere Portal | =7.0.0.2-cf018 | |
| IBM WebSphere Portal | =7.0.0.2-cf019 | |
| IBM WebSphere Portal | =7.0.0.2-cf020 | |
| IBM WebSphere Portal | =7.0.0.2-cf021 | |
| IBM WebSphere Portal | =7.0.0.2-cf022 | |
| IBM WebSphere Portal | =7.0.0.2-cf23 | |
| IBM WebSphere Portal | =7.0.0.2-cf24 | |
| IBM WebSphere Portal | =7.0.0.2-cf25 | |
| IBM WebSphere Portal | =7.0.0.2-cf26 | |
| IBM WebSphere Portal | =7.0.0.2-cf27 | |
| IBM WebSphere Portal | =8.0.0.0 | |
| IBM WebSphere Portal | =8.0.0.0-cf01 | |
| IBM WebSphere Portal | =8.0.0.0-cf02 | |
| IBM WebSphere Portal | =8.0.0.0-cf03 | |
| IBM WebSphere Portal | =8.0.0.0-cf04 | |
| IBM WebSphere Portal | =8.0.0.0-cf05 | |
| IBM WebSphere Portal | =8.0.0.1 | |
| IBM WebSphere Portal | =8.0.0.1-cf04 | |
| IBM WebSphere Portal | =8.0.0.1-cf05 | |
| IBM WebSphere Portal | =8.0.0.1-cf07 | |
| IBM WebSphere Portal | =8.0.0.1-cf08 | |
| IBM WebSphere Portal | =8.0.0.1-cf09 | |
| IBM WebSphere Portal | =8.0.0.1-cf10 | |
| IBM WebSphere Portal | =8.0.0.1-cf11 | |
| =6.1.0.0 | ||
| =6.1.0.1 | ||
| =6.1.0.2 | ||
| =6.1.0.3 | ||
| =6.1.0.4 | ||
| =6.1.0.5 | ||
| =6.1.0.6 | ||
| =6.1.0.6-cf27 | ||
| =6.1.5.0 | ||
| =6.1.5.1 | ||
| =6.1.5.2 | ||
| =6.1.5.3 | ||
| =6.1.5.3-cf27 | ||
| =7.0.0.0 | ||
| =7.0.0.0-cf001 | ||
| =7.0.0.1 | ||
| =7.0.0.1-cf002 | ||
| =7.0.0.1-cf003 | ||
| =7.0.0.1-cf004 | ||
| =7.0.0.1-cf005 | ||
| =7.0.0.1-cf006 | ||
| =7.0.0.1-cf007 | ||
| =7.0.0.1-cf008 | ||
| =7.0.0.1-cf009 | ||
| =7.0.0.1-cf010 | ||
| =7.0.0.1-cf019 | ||
| =7.0.0.2 | ||
| =7.0.0.2-cf011 | ||
| =7.0.0.2-cf012 | ||
| =7.0.0.2-cf013 | ||
| =7.0.0.2-cf014 | ||
| =7.0.0.2-cf015 | ||
| =7.0.0.2-cf016 | ||
| =7.0.0.2-cf017 | ||
| =7.0.0.2-cf018 | ||
| =7.0.0.2-cf019 | ||
| =7.0.0.2-cf020 | ||
| =7.0.0.2-cf021 | ||
| =7.0.0.2-cf022 | ||
| =7.0.0.2-cf23 | ||
| =7.0.0.2-cf24 | ||
| =7.0.0.2-cf25 | ||
| =7.0.0.2-cf26 | ||
| =7.0.0.2-cf27 | ||
| =8.0.0.0 | ||
| =8.0.0.0-cf01 | ||
| =8.0.0.0-cf02 | ||
| =8.0.0.0-cf03 | ||
| =8.0.0.0-cf04 | ||
| =8.0.0.0-cf05 | ||
| =8.0.0.1 | ||
| =8.0.0.1-cf04 | ||
| =8.0.0.1-cf05 | ||
| =8.0.0.1-cf07 | ||
| =8.0.0.1-cf08 | ||
| =8.0.0.1-cf09 | ||
| =8.0.0.1-cf10 | ||
| =8.0.0.1-cf11 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-0954?
CVE-2014-0954 is rated as a medium to high severity vulnerability due to potential unauthorized access to sensitive information.
How do I fix CVE-2014-0954?
To fix CVE-2014-0954, apply the latest security patches provided by IBM for WebSphere Portal installations.
What versions are affected by CVE-2014-0954?
CVE-2014-0954 affects IBM WebSphere Portal versions 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12.
What type of attacks can CVE-2014-0954 enable?
CVE-2014-0954 can allow remote attackers to obtain sensitive information and bypass request-dispatcher access restrictions.
Is there a workaround for CVE-2014-0954 until I can patch?
Implementing strict input validation and access controls can serve as a temporary workaround for CVE-2014-0954.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/remedy
- agent/author
- agent/weakness
- agent/description
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/ibm
- canonical/ibm websphere portal
- version/ibm websphere portal/6.1.0.0
- version/ibm websphere portal/6.1.0.1
- version/ibm websphere portal/6.1.0.2
- version/ibm websphere portal/6.1.0.3
- version/ibm websphere portal/6.1.0.4
- version/ibm websphere portal/6.1.0.5
- version/ibm websphere portal/6.1.0.6
- version/ibm websphere portal/6.1.0.6-cf27
- version/ibm websphere portal/6.1.5.0
- version/ibm websphere portal/6.1.5.1
- version/ibm websphere portal/6.1.5.2
- version/ibm websphere portal/6.1.5.3
- version/ibm websphere portal/6.1.5.3-cf27
- version/ibm websphere portal/7.0.0.0
- version/ibm websphere portal/7.0.0.0-cf001
- version/ibm websphere portal/7.0.0.1
- version/ibm websphere portal/7.0.0.1-cf002
- version/ibm websphere portal/7.0.0.1-cf003
- version/ibm websphere portal/7.0.0.1-cf004
- version/ibm websphere portal/7.0.0.1-cf005
- version/ibm websphere portal/7.0.0.1-cf006
- version/ibm websphere portal/7.0.0.1-cf007
- version/ibm websphere portal/7.0.0.1-cf008
- version/ibm websphere portal/7.0.0.1-cf009
- version/ibm websphere portal/7.0.0.1-cf010
- version/ibm websphere portal/7.0.0.1-cf019
- version/ibm websphere portal/7.0.0.2
- version/ibm websphere portal/7.0.0.2-cf011
- version/ibm websphere portal/7.0.0.2-cf012
- version/ibm websphere portal/7.0.0.2-cf013
- version/ibm websphere portal/7.0.0.2-cf014
- version/ibm websphere portal/7.0.0.2-cf015
- version/ibm websphere portal/7.0.0.2-cf016
- version/ibm websphere portal/7.0.0.2-cf017
- version/ibm websphere portal/7.0.0.2-cf018
- version/ibm websphere portal/7.0.0.2-cf019
- version/ibm websphere portal/7.0.0.2-cf020
- version/ibm websphere portal/7.0.0.2-cf021
- version/ibm websphere portal/7.0.0.2-cf022
- version/ibm websphere portal/7.0.0.2-cf23
- version/ibm websphere portal/7.0.0.2-cf24
- version/ibm websphere portal/7.0.0.2-cf25
- version/ibm websphere portal/7.0.0.2-cf26
- version/ibm websphere portal/7.0.0.2-cf27
- version/ibm websphere portal/8.0.0.0
- version/ibm websphere portal/8.0.0.0-cf01
- version/ibm websphere portal/8.0.0.0-cf02
- version/ibm websphere portal/8.0.0.0-cf03
- version/ibm websphere portal/8.0.0.0-cf04
- version/ibm websphere portal/8.0.0.0-cf05
- version/ibm websphere portal/8.0.0.1
- version/ibm websphere portal/8.0.0.1-cf04
- version/ibm websphere portal/8.0.0.1-cf05
- version/ibm websphere portal/8.0.0.1-cf07
- version/ibm websphere portal/8.0.0.1-cf08
- version/ibm websphere portal/8.0.0.1-cf09
- version/ibm websphere portal/8.0.0.1-cf10
- version/ibm websphere portal/8.0.0.1-cf11