Path traversal in WebSphere Portal

#VU8566 Path traversal in WebSphere Portal

Published: 2017-09-21 | Updated: 2017-09-21

Vulnerability identifier: #VU8566

Vulnerability risk: Medium

CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-1577

CWE-ID: CWE-22

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
WebSphere Portal
Server applications / Application servers

Vendor: IBM Corporation

Description

The vulnerability allows a remote attacker to read arbitrary files on the target system.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can use a specially crafted URL, containing directory traversal sequences (e.g. “../”) to view contents of arbitrary files on the target system.

Mitigation
Install updates from vendor's website:

Product	VRMF	Fix
IBM WebSphere Portal	9.0	Upgrade to Cumulative Fix 15 (CF15), targeted for 4Q 2017. OR Upgrade to either Cumulative Fix 13 (CF13) or Cumulative Fix 14 (CF14). Then apply the Interim Fix PI87495. (Combined Cumulative Fixes for WebSphere Portal 9.0.0.0)
IBM WebSphere Portal	8.5	Upgrade to Cumulative Fix 15 (CF15), targeted for 4Q 2017. OR Upgrade to either Cumulative Fix 13 (CF13) or Cumulative Fix 14 (CF14). Then apply the Interim Fix PI87495. (Combined Cumulative Fixes for WebSphere Portal 8.5.0.0)
IBM WebSphere Portal	8.0.0.0 through 8.0.0.1	Upgrade to Fix Pack 8.0.0.1 with Cumulative Fix 22 (CF22) and then apply the Interim Fix PI87495. (Combined Cumulative Fixes for WebSphere Portal 8.0.0.1)
IBM WebSphere Portal	7.0.0.0 through 7.0.0.2	Upgrade to Fix Pack 7.0.0.2 with Cumulative Fix 30 (CF30) and then apply the Interim Fix PI87495. (Combined Cumulative fixes for WebSphere Portal 7.0.0.2)

Vulnerable software versions

WebSphere Portal: 7.0.0 - 9.0.0.0

External links
http://www-01.ibm.com/support/docview.wss?uid=swg22008586

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Directory traversal in IBM WebSphere Portal