CVE-2014-0954
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 does not validate JSP includes, which allows remote attackers to obtain sensitive information, bypass intended request-dispatcher access restrictions, or cause a denial of service (memory consumption) via a crafted URL.
Ver en NVDSeveridad
N/A
EPSS
Probabilidad de explotación (próx. 30 días): 0.0025 (0.3%)
Percentil: 48.6%
EPSS: 2026-05-06
Afecta
ibm:websphere_portalDescripción técnica
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 does not validate JSP includes, which allows remote attackers to obtain sensitive information, bypass intended request-dispatcher access restrictions, or cause a denial of service (memory consumption) via a crafted URL.
Publicada: 22/5/2014, 11:14:14
Última modificación: 6/5/2026, 22:30:45
Referencias
- http://www-01.ibm.com/support/docview.wss?uid=swg1PI15723
- http://www-01.ibm.com/support/docview.wss?uid=swg21672572
- https://exchange.xforce.ibmcloud.com/vulnerabilities/92627
- http://www-01.ibm.com/support/docview.wss?uid=swg1PI15723
- http://www-01.ibm.com/support/docview.wss?uid=swg21672572
- https://exchange.xforce.ibmcloud.com/vulnerabilities/92627