概要
リモートのWindowsホストにインストールされているWeb ポータルソフトウェアが、複数の脆弱性の影響を受けています。
説明
リモートのWindowsホストにインストールされたIBM WebSphere Portalのバージョンは、8.5.0.0 CF14より前の8.5.0またはCF14より前の9.0.0です。したがって、以下の複数の脆弱性による影響を受けます。
- Multiple cross-site scripting (XSS) vulnerabilities exist in the web UI due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit these, via a specially crafted request, to execute arbitrary script code in a user's browser session. (CVE-2017-1120, CVE-2017-1217)
- A cross-site redirection vulnerability exists due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user to follow a specially crafted link, to redirect the unsuspecting user from an intended trusted website to an arbitrary website of the attacker's choosing, which then can be used to conduct further attacks. (CVE-2017-1156)
- A use-after-free error exists in the Outside In Filters subcomponent when handling PageHeight and PageWidth values in VSDX files. 認証されていないリモートの攻撃者がこれを悪用し、すでに解放されたメモリをデリファレンスして、任意のコードを実行する可能性があります。
(CVE-2017-3266)
- Multiple unspecified flaws exist in the Outside In Filters subcomponent that allow an unauthenticated, remote attacker to cause a denial of service condition.
(CVE-2017-3267, CVE-2017-3268, CVE-2017-3270)
- Multiple unspecified flaws exist in the Outside In Filters subcomponent that allow an unauthenticated, remote attacker to impact confidentiality, integrity, and availability. (CVE-2017-3269, CVE-2017-3271, CVE-2017-3293)
- A denial of service vulnerability exists in the Outside In Filters subcomponent, specifically in the Content Access functionality within the vspdf.dll library, when parsing the /Pages key in a Catalog Dictionary. An unauthenticated, remote attacker can exploit this, via a specially crafted PDF file, to crash an application linked to the library. (CVE-2017-3294)
- A denial of service vulnerability exists in the Outside In Filters subcomponent, specifically in the Content Access functionality within the vspdf.dll library, when parsing the /Matrix entry in a /CalRGB element within a PDF file. An unauthenticated, remote attacker can exploit this, via a specially crafted PDF file that triggers an invalid read, to crash an application linked to the library. (CVE-2017-3295)
ソリューション
IBM WebSphere Portalバージョン8.5.0 CF14/9.0.0 CF14以降にアップグレードしてください。
プラグインの詳細
ファイル名: websphere_portal_cve-2017-1120.nasl
エージェント: windows
サポートされているセンサー: Nessus Agent, Nessus
リスク情報
ベクトル: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
ベクトル: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
現状ベクトル: CVSS:3.0/E:U/RL:O/RC:C
脆弱性情報
CPE: cpe:/a:ibm:websphere_portal
必要な KB アイテム: installed_sw/IBM WebSphere Portal
エクスプロイトの容易さ: No known exploits are available
参照情報
CVE: CVE-2017-1120, CVE-2017-1156, CVE-2017-1217, CVE-2017-3266, CVE-2017-3267, CVE-2017-3268, CVE-2017-3269, CVE-2017-3270, CVE-2017-3271, CVE-2017-3293, CVE-2017-3294, CVE-2017-3295
BID: 95507, 95513, 95522, 95524, 95529, 95532, 95534, 95536, 95539, 97075, 98340, 99350