CVE-2014-0949 : IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0

IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0 through 7.0.0.2 CF28, and 8.0 before 8.0.0.1 CF12 allows remote attackers to cause a denial of service (resource consumption and daemon crash) via a crafted web request.

Published 2014-05-22 11:14:14

Updated 2025-04-12 10:46:41

Source IBM Corporation

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2014-0949

IBM » Websphere Portal » Version: 6.1.0.0
cpe:2.3:a:ibm:websphere_portal:6.1.0.0:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 7.0.0.0
cpe:2.3:a:ibm:websphere_portal:7.0.0.0:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 6.1.5.0
cpe:2.3:a:ibm:websphere_portal:6.1.5.0:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 8.0.0.0
cpe:2.3:a:ibm:websphere_portal:8.0.0.0:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 6.1.0.1
cpe:2.3:a:ibm:websphere_portal:6.1.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 6.1.0.2
cpe:2.3:a:ibm:websphere_portal:6.1.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 6.1.0.3
cpe:2.3:a:ibm:websphere_portal:6.1.0.3:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 7.0.0.1 Update Cf002
cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf002:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 7.0.0.1
cpe:2.3:a:ibm:websphere_portal:7.0.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 7.0.0.1 Update Cf003
cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf003:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 7.0.0.1 Update Cf004
cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf004:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 7.0.0.1 Update Cf005
cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf005:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 7.0.0.2
cpe:2.3:a:ibm:websphere_portal:7.0.0.2:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 7.0.0.2 Update Cf012
cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf012:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 7.0.0.2 Update Cf013
cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf013:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 7.0.0.2 Update Cf014
cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf014:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 7.0.0.2 Update Cf015
cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf015:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 7.0.0.1 Update Cf009
cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf009:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 7.0.0.2 Update Cf011
cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf011:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 7.0.0.2 Update Cf016
cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf016:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 7.0.0.2 Update Cf018
cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf018:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 8.0.0.0 Update Cf01
cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf01:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 7.0.0.1 Update Cf006
cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf006:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 7.0.0.1 Update Cf007
cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf007:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 7.0.0.1 Update Cf008
cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf008:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 8.0.0.0 Update Cf02
cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf02:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 7.0.0.1 Update Cf010
cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf010:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 7.0.0.2 Update Cf017
cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf017:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 7.0.0.2 Update Cf021
cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf021:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 7.0.0.2 Update Cf022
cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf022:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 7.0.0.0 Update Cf001
cpe:2.3:a:ibm:websphere_portal:7.0.0.0:cf001:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 7.0.0.1 Update Cf019
cpe:2.3:a:ibm:websphere_portal:7.0.0.1:cf019:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 7.0.0.2 Update Cf019
cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf019:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 7.0.0.2 Update Cf020
cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf020:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 8.0.0.0 Update Cf05
cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf05:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 8.0.0.0 Update Cf04
cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf04:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 8.0.0.1 Update Cf04
cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf04:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 8.0.0.1 Update Cf05
cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf05:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 8.0.0.0 Update Cf03
cpe:2.3:a:ibm:websphere_portal:8.0.0.0:cf03:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 8.0.0.1
cpe:2.3:a:ibm:websphere_portal:8.0.0.1:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 6.1.5.1
cpe:2.3:a:ibm:websphere_portal:6.1.5.1:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 6.1.0.4
cpe:2.3:a:ibm:websphere_portal:6.1.0.4:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 6.1.5.2
cpe:2.3:a:ibm:websphere_portal:6.1.5.2:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 6.1.5.3
cpe:2.3:a:ibm:websphere_portal:6.1.5.3:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 6.1.0.5
cpe:2.3:a:ibm:websphere_portal:6.1.0.5:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 6.1.0.6
cpe:2.3:a:ibm:websphere_portal:6.1.0.6:*:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 7.0.0.2 Update Cf23
cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf23:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 7.0.0.2 Update Cf26
cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf26:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 7.0.0.2 Update Cf27
cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf27:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 7.0.0.2 Update Cf24
cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf24:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 7.0.0.2 Update Cf25
cpe:2.3:a:ibm:websphere_portal:7.0.0.2:cf25:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 8.0.0.1 Update Cf07
cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf07:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 8.0.0.1 Update Cf08
cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf08:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 8.0.0.1 Update Cf09
cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf09:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 8.0.0.1 Update Cf10
cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf10:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 8.0.0.1 Update Cf11
cpe:2.3:a:ibm:websphere_portal:8.0.0.1:cf11:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 6.1.5.3 Update Cf27
cpe:2.3:a:ibm:websphere_portal:6.1.5.3:cf27:*:*:*:*:*:*
Matching versions
IBM » Websphere Portal » Version: 6.1.0.6 Update Cf27
cpe:2.3:a:ibm:websphere_portal:6.1.0.6:cf27:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-0949

EPSS FAQ

0.59%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 67 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-0949

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Partial

CWE ids for CVE-2014-0949

CWE-399

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-0949

http://www-01.ibm.com/support/docview.wss?uid=swg21672572

IBM Security Bulletin: Fixes available for Security Vulnerabilities in IBM WebSphere Portal (Multiple CVEs)
Patch;Vendor Advisory

CVEs referencing this url
http://www-01.ibm.com/support/docview.wss?uid=swg1PI15692

IBM notice: The page you requested cannot be displayed
https://exchange.xforce.ibmcloud.com/vulnerabilities/92622

IBM WebSphere denial of service CVE-2014-0949 Vulnerability Report

Jump to

Vulnerability Details : CVE-2014-0949

Products affected by CVE-2014-0949

Exploit prediction scoring system (EPSS) score for CVE-2014-0949

CVSS scores for CVE-2014-0949

CWE ids for CVE-2014-0949

References for CVE-2014-0949