CVE-2014-4821

Name of the Vulnerable Software and Affected Versions IBM WebSphere Portal versions 6.1.0 through 6.1.0.6 CF27 IBM WebSphere Portal versions 6.1.5 through 6.1.5.3 CF27 IBM WebSphere Portal versions 7.0 through 7.0.0.2 CF28 IBM WebSphere Portal versions 8.0 through 8.0.0.1 CF14 IBM WebSphere Portal version 8.5.0 before CF03

Description The issue allows remote attackers to determine the validity of filenames via a series of requests, as different web-server error codes are provided depending on whether a requested file exists.

Recommendations For versions 6.1.0 through 6.1.0.6 CF27, update to a version after CF27 to resolve the issue. For versions 6.1.5 through 6.1.5.3 CF27, update to a version after CF27 to resolve the issue. For versions 7.0 through 7.0.0.2 CF28, update to a version after CF28 to resolve the issue. For versions 8.0 through 8.0.0.1 CF14, update to a version after CF14 to resolve the issue. For version 8.5.0 before CF03, update to CF03 or later to resolve the issue.