Sign-up

ID

VAR-200710-0145


CVE

CVE-2007-5366


TITLE

plural Fujitsu Interstage Vulnerabilities in which important information is obtained in products

Trust: 0.8

sources: JVNDB: JVNDB-2007-002758

DESCRIPTION

The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application Server 7.0 through 9.0.0 and Interstage Apworks/Studio 7.0 through 9.0.0 allows remote attackers to obtain sensitive information (web root path) via unspecified vectors that trigger an error message, probably related to enabling the useCanonCaches Java Virtual Machine (JVM) option. Interstage Application Server is prone to a path-disclosure vulnerability. Exploiting this issue can allow an attacker to access sensitive data that may be used to launch further attacks against a vulnerable computer. ---------------------------------------------------------------------- Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure. The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,700 different Windows applications. Request your account, the Secunia Network Software Inspector (NSI): http://secunia.com/network_software_inspector/ ---------------------------------------------------------------------- TITLE: Interstage Application Server Full Path Disclosure Weakness SECUNIA ADVISORY ID: SA27136 VERIFY ADVISORY: http://secunia.com/advisories/27136/ CRITICAL: Not critical IMPACT: Exposure of system information WHERE: >From remote SOFTWARE: Interstage Application Server 7.x http://secunia.com/product/13692/ Interstage Application Server 8.x http://secunia.com/product/13685/ Interstage Application Server 9.x http://secunia.com/product/15986/ Interstage Apworks 7.x http://secunia.com/product/13689/ Interstage Apworks 8.x http://secunia.com/product/15987/ Interstage Studio 8.x http://secunia.com/product/13690/ Interstage Studio 9.x http://secunia.com/product/15610/ DESCRIPTION: A weakness has been reported in Interstage Application Server, which can be exploited by malicious people to disclose system information. The weakness is caused due to the full web server path being disclosed in error messages when performing certain unspecified actions on the web server. Please see the vendor advisory for a list of affected products. SOLUTION: The vendor will reportedly address this issue in future versions. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.fujitsu.com/global/support/software/security/products-f/interstage-200705e.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.98

sources: NVD: CVE-2007-5366 // JVNDB: JVNDB-2007-002758 // BID: 25988 // PACKETSTORM: 59982

AFFECTED PRODUCTS

vendor:fujitsumodel:interstage studioscope:eqversion:8.01

Trust: 1.6

vendor:fujitsumodel:interstage studioscope:eqversion:9.0

Trust: 1.6

vendor:fujitsumodel:interstage apworksscope:eqversion:8.0

Trust: 1.6

vendor:fujitsumodel:interstage apworksscope:eqversion:7.0

Trust: 1.6

vendor:fujitsumodel:interstage application serverscope:eqversion:9.0a

Trust: 1.6

vendor:fujitsumodel:interstage application serverscope:eqversion:9.0

Trust: 1.6

vendor:fujitsumodel:interstage application serverscope:eqversion:7.0.1

Trust: 1.0

vendor:fujitsumodel:interstage application serverscope:eqversion:8.0.3

Trust: 1.0

vendor:fujitsumodel:interstage application serverscope:eqversion:7.0

Trust: 1.0

vendor:fujitsumodel:interstage application serverscope:eqversion:8.0.1

Trust: 1.0

vendor:fujitsumodel:interstage application serverscope:eqversion:8.0.0

Trust: 1.0

vendor:fujitsumodel:interstage application serverscope:eqversion:8.0.2

Trust: 1.0

vendor:fujitsumodel:interstage application serverscope:eqversion:7.0 to 9.0.0

Trust: 0.8

vendor:fujitsumodel:interstage apworksscope:eqversion:7.0 to 9.0.0

Trust: 0.8

vendor:fujitsumodel:interstage studioscope:eqversion:7.0 to 9.0.0

Trust: 0.8

vendor:fujitsumodel:interstage studio standard-j editionscope:eqversion:9.0

Trust: 0.3

vendor:fujitsumodel:interstage studio standard-j editionscope:eqversion:8.0.1

Trust: 0.3

vendor:fujitsumodel:interstage studio enterprise editionscope:eqversion:9.0

Trust: 0.3

vendor:fujitsumodel:interstage studio enterprise editionscope:eqversion:8.0.1

Trust: 0.3

vendor:fujitsumodel:interstage apworks standard-j editionscope:eqversion:8.0

Trust: 0.3

vendor:fujitsumodel:interstage apworks modelers-j editionscope:eqversion:7.0

Trust: 0.3

vendor:fujitsumodel:interstage apworks enterprise editionscope:eqversion:8.0

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j edition ascope:eqversion:9.0

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:9.0

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:8.0.3

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:8.0.2

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:8.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:8.0

Trust: 0.3

vendor:fujitsumodel:interstage application server plus developerscope:eqversion:7.0

Trust: 0.3

vendor:fujitsumodel:interstage application server plusscope:eqversion:7.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server plusscope:eqversion:7.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition ascope:eqversion:9.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:9.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:8.0.3

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:8.0.2

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:8.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:8.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:7.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:7.0

Trust: 0.3

sources: BID: 25988 // JVNDB: JVNDB-2007-002758 // CNNVD: CNNVD-200710-199 // NVD: CVE-2007-5366

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2007-5366
value: MEDIUM

Trust: 1.0

NVD: CVE-2007-5366
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200710-199
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2007-5366
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2007-002758 // CNNVD: CNNVD-200710-199 // NVD: CVE-2007-5366

PROBLEMTYPE DATA

problemtype:CWE-22

Trust: 1.8

sources: JVNDB: JVNDB-2007-002758 // NVD: CVE-2007-5366

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200710-199

TYPE

path traversal

Trust: 0.6

sources: CNNVD: CNNVD-200710-199

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2007-002758

PATCH
title:Web Root Path Disclosure Vulnerability in Interstage Application Server. October 9th, 2007url:http://www.fujitsu.com/global/support/software/security/products-f/interstage-200705e.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2007-002758

EXTERNAL IDS
db:NVDid:CVE-2007-5366
Trust: 2.7
db:BIDid:25988
Trust: 1.9
db:SECUNIAid:27136
Trust: 1.7
db:OSVDBid:41318
Trust: 1.6
db:JVNDBid:JVNDB-2007-002758
Trust: 0.8
db:XFid:37026
Trust: 0.6
db:CNNVDid:CNNVD-200710-199
Trust: 0.6
db:PACKETSTORMid:59982
Trust: 0.1
sources:
            
            
            BID: 25988 // 
            
            
            
            JVNDB: JVNDB-2007-002758 // 
            
            
            
            PACKETSTORM: 59982 // 
            
            
            
            CNNVD: CNNVD-200710-199 // 
            
            
            
            NVD: CVE-2007-5366

REFERENCES
url:http://www.fujitsu.com/global/support/software/security/products-f/interstage-200705e.html
Trust: 2.0
url:http://www.securityfocus.com/bid/25988
Trust: 1.6
url:http://secunia.com/advisories/27136
Trust: 1.6
url:http://osvdb.org/41318
Trust: 1.6
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/37026
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5366
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-5366
Trust: 0.8
url:http://xforce.iss.net/xforce/xfdb/37026
Trust: 0.6
url:http://www.fujitsu.com/global/services/software/interstage/
Trust: 0.3
url:http://secunia.com/advisories/27136/
Trust: 0.1
url:http://secunia.com/product/15986/
Trust: 0.1
url:http://secunia.com/product/13692/
Trust: 0.1
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/network_software_inspector/
Trust: 0.1
url:http://secunia.com/product/13689/
Trust: 0.1
url:http://secunia.com/product/15610/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
url:http://secunia.com/product/13690/
Trust: 0.1
url:http://secunia.com/product/13685/
Trust: 0.1
url:http://secunia.com/product/15987/
Trust: 0.1
sources:
            
            
            BID: 25988 // 
            
            
            
            JVNDB: JVNDB-2007-002758 // 
            
            
            
            PACKETSTORM: 59982 // 
            
            
            
            CNNVD: CNNVD-200710-199 // 
            
            
            
            NVD: CVE-2007-5366

CREDITS
The vendor disclosed this issue.
Trust: 0.9
sources:
            
            
            BID: 25988 // 
            
            
            
            CNNVD: CNNVD-200710-199

SOURCES
db:BIDid:25988
db:JVNDBid:JVNDB-2007-002758
db:PACKETSTORMid:59982
db:CNNVDid:CNNVD-200710-199
db:NVDid:CVE-2007-5366

LAST UPDATE DATE
2024-08-14T15:40:34.213000+00:00

SOURCES UPDATE DATE
db:BIDid:25988date:2015-05-07T17:35:00
db:JVNDBid:JVNDB-2007-002758date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200710-199date:2007-10-15T00:00:00
db:NVDid:CVE-2007-5366date:2017-07-29T01:33:37.803

SOURCES RELEASE DATE
db:BIDid:25988date:2007-10-09T00:00:00
db:JVNDBid:JVNDB-2007-002758date:2012-06-26T00:00:00
db:PACKETSTORMid:59982date:2007-10-11T02:52:18
db:CNNVDid:CNNVD-200710-199date:2007-10-11T00:00:00
db:NVDid:CVE-2007-5366date:2007-10-11T10:17:00