CVE-2014-0954 Information

Description

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27 6.1.5 through 6.1.5.3 CF27 7.0 through 7.0.0.2 CF28 and 8.0 before 8.0.0.1 CF12 does not validate JSP includes which allows remote attackers to obtain sensitive information bypass intended request-dispatcher access restrictions or cause a denial of service (memory consumption) via a crafted URL.

Reference

http://www-01.ibm.com/support/docview.wss?uid=swg1PI15723 http://www-01.ibm.com/support/docview.wss?uid=swg21672572 https://exchange.xforce.ibmcloud.com/vulnerabilities/92627