IBM WebSphere Portal 6.1.0 up to and including 6.1.0.6 CF27, 6.1.5 up to and including 6.1.5.3 CF27, 7.0 up to and including 7.0.0.2 CF28, and 8.0 prior to 8.0.0.1 CF12 does not validate JSP includes, which allows remote malicious users to obtain sensitive information, bypass intended request-dispatcher access restrictions, or cause a denial of service (memory consumption) via a crafted URL.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibm websphere portal 6.1.5.3 |
||
ibm websphere portal 6.1.0.6 |
||
ibm websphere portal 8.0.0.1 |
||
ibm websphere portal 7.0.0.0 |
||
ibm websphere portal 7.0.0.1 |
||
ibm websphere portal 7.0.0.2 |
||
ibm websphere portal 6.1.5.0 |
||
ibm websphere portal 6.1.5.1 |
||
ibm websphere portal 6.1.0.4 |
||
ibm websphere portal 6.1.0.5 |
||
ibm websphere portal 8.0.0.0 |
||
ibm websphere portal 6.1.0.0 |
||
ibm websphere portal 6.1.0.1 |
||
ibm websphere portal 6.1.0.2 |
||
ibm websphere portal 6.1.0.3 |
||
ibm websphere portal 6.1.5.2 |