Path traversal in WebSphere Portal - CVE-2012-4834
Published: November 30, 2012 / Updated: August 11, 2020
Vulnerability identifier: #VU43284
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2012-4834
CWE-ID: CWE-22
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: IBM Corporation
Affected software:
WebSphere Portal
WebSphere Portal
Detailed vulnerability description
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences in LayerLoader.jsp in the theme component in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF19 and 8.0 before CF03. A remote authenticated attacker can send a specially crafted HTTP request and remote attackers to read arbitrary files via a crafted URI.
How to mitigate CVE-2012-4834
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Sources
- http://secunia.com/advisories/51281
- http://www.ibm.com/connections/blogs/PSIRT/entry/security_vulnerability_in_theme_component_for_websphere_portal_versions_7_0_0_x_and_8_0_cve2012_48344
- http://www.ibm.com/support/docview.wss?uid=swg21617713
- http://www.ibm.com/support/docview.wss?uid=swg24033155
- http://www-01.ibm.com/support/docview.wss?uid=swg1PM76354
- https://exchange.xforce.ibmcloud.com/vulnerabilities/78914