CVE-2014-0954

by Fred · 22/05/2014

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 does not validate JSP includes, which allows remote attackers to obtain sensitive information, bypass intended request-dispatcher access restrictions, or cause a denial of service (memory consumption) via a crafted URL.

Date published : 2014-05-22

http://www-01.ibm.com/support/docview.wss?uid=swg1PI15723

http://www-01.ibm.com/support/docview.wss?uid=swg21672572

CVE-2014-0954

Similar

Recent Posts

Categories

CVE-2014-0954

Share this:

Similar

Recent Posts

Categories

Tags