CVE-2013-6735 Information

Description

IBM WebSphere Portal 6.0.0.x through 6.0.0.1 6.0.1.x through 6.0.1.7 6.1.0.x through 6.1.0.6 CF27 6.1.5.x through 6.1.5.3 CF27 7.0.0.x through 7.0.0.2 CF26 and 8.0.0.x through 8.0.0.1 CF08 allows remote attackers to obtain sensitive Java Content Repository (JCR) information via a modified Web Content Manager (WCM) URL.

Reference

http://osvdb.org/101255 http://packetstormsecurity.com/files/124611/IBM-Web-Content-Manager-XPath-Injection.html http://secunia.com/advisories/56161 http://www.securityfocus.com/archive/1/530552/100/0/threaded http://www.securityfocus.com/bid/64496 http://www.securitytracker.com/id/1029539 http://www-01.ibm.com/support/docview.wss?uid=swg1PI07777 http://www-01.ibm.com/support/docview.wss?uid=swg21660289 https://exchange.xforce.ibmcloud.com/vulnerabilities/89591 https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_fix_available_for_unauthorized_information_retrieval_security_vulnerability_in_ibm_websphere_portal_cve_2013_6735