Summary
IBM Web Content Manager is prone to an XPath-injection vulnerability.
Impact
An attacker can exploit this issue by manipulating the XPath query logic to carry out unauthorized actions on the application.
Solution
Updates are available. Please see the references or vendor advisory for more information.
Insight
Due to insufficient validation, the 'LIBRARY' element suffers from an XPath-injection vulnerability.
An unauthenticated user is able to perform blind XPath Injection attacks e.g.
get current application configuration, enumerate nodes and extract other valuable information from vulnerable installations of Web Content Manager.
Affected
IBM WebSphere Portal 6.0.0.x through 6.0.0.1,
6.0.1.x through 6.0.1.7,
6.1.0.x through 6.1.0.6 CF27,
6.1.5.x through 6.1.5.3 CF27,
7.0.0.x through 7.0.0.2 CF26,
8.0.0.x through 8.0.0.1 CF08
Detection
Send some special crafted HTTP GET requests and check the response.
References
Severity
Classification
-
CVE CVE-2013-6735 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache Tomcat 'sendfile' Request Attributes Information Disclosure Vulnerability
- Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities
- APC PowerChute Network Shutdown 'security/applet' Cross Site Scripting Vulnerability
- Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
- Apache ActiveMQ Multiple Vulnerabilities