Improper input validation in WebSphere Portal - CVE-2016-5954
Published: September 12, 2016 / Updated: February 1, 2017
Vulnerability identifier: #VU404
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2016-5954
CWE-ID: CWE-399
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: IBM Corporation
Affected software:
WebSphere Portal
WebSphere Portal
Detailed vulnerability description
The vulnerability allows a remote authenticated user to cause denial of service.
The weakness exists in IBM WebSphere Portal due to possibility to upload temporary files. A remote authenticated attacker can cause denial of service (DoS).
Successful exploitation of this vulnerability may result in denial of service.
The weakness exists in IBM WebSphere Portal due to possibility to upload temporary files. A remote authenticated attacker can cause denial of service (DoS).
Successful exploitation of this vulnerability may result in denial of service.
How to mitigate CVE-2016-5954
The recommended solution is to apply Interim Fix PI67037 or a Cumulative Fix containing it as soon as practical.
For 8.5.0
- Upgrade to Cumulative Fix 12 (CF12).
(Combined Cumulative Fixes for WebSphere Portal 8.5.0.0: http://www-01.ibm.com/support/docview.wss?uid=swg24037786)
For 8.0.0 through 8.0.0.1
- Upgrade to Fix Pack 8.0.0.1 with Cumulative Fix 21 (CF21) and then apply the Interim Fix PI67037.
(Combined Cumulative Fixes for WebSphere Portal 8.0.0.1: http://www-01.ibm.com/support/docview.wss?uid=swg24034497)
For 7.0.0 through 7.0.0.2
- Upgrade to Fix Pack 7.0.0.2 with Cumulative Fix 30 (CF30) and then apply the Interim Fix PI67037.
(Combined Cumulative fixes for WebSphere Portal 7.0.0.2: http://www.ibm.com/support/docview.wss?uid=swg24029452)
For 6.1.5.0 through 6.1.5.3
- Upgrade to Fix Pack 6.1.5.3 with Cumulative Fix 27 (CF27) and then apply the Interim Fix PI67037.
(Cumulative fixes for WebSphere Portal 6.1.5.3: http://www-01.ibm.com/support/docview.wss?uid=swg24023835)
For 6.1.0.0 through 6.1.0.6
- Upgrade to Fix Pack 6.1.0.6 with Cumulative Fix 27 (CF27) and then apply the Interim Fix PI67037.
(Cumulative fixes for WebSphere Portal 6.1.0.6: http://www-01.ibm.com/support/docview.wss?uid=swg24023835)