ID

VAR-200803-0187


CVE

CVE-2008-1207


TITLE

Fujitsu Interstage Smart Service disruption in the repository (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2008-002815

DESCRIPTION

Multiple unspecified vulnerabilities in Fujitsu Interstage Smart Repository, as used in multiple Fujitsu Interstage products, allow remote attackers to cause a denial of service (daemon crash) via (1) an invalid request or (2) a large amount of data sent to the registered attribute value. Fujitsu Interstage Product Fujitsu Intersatage Smart The repository contains service disruptions ( daemon crash ) There is a vulnerability that becomes a condition.Service disruption by a third party via: ( Daemon crash ) There is a possibility of being put into a state. Remote attackers can exploit these issues to deny service to legitimate users. Currently, very little is known about these issues. We will update this BID as more information emerges. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: Fujitsu Interstage Smart Repository Denial of Service Vulnerabilities SECUNIA ADVISORY ID: SA29250 VERIFY ADVISORY: http://secunia.com/advisories/29250/ CRITICAL: Less critical IMPACT: DoS WHERE: >From local network SOFTWARE: Interstage Job Workload Server 8.x http://secunia.com/product/13686/ Interstage Apworks 8.x http://secunia.com/product/15987/ Interstage Apworks 7.x http://secunia.com/product/13689/ Interstage Application Server 8.x http://secunia.com/product/13685/ Interstage Application Server 7.x http://secunia.com/product/13692/ Interstage Business Application Server 8.x http://secunia.com/product/13687/ DESCRIPTION: Some vulnerabilities have been reported in various Fujitsu products, which can be exploited by malicious people to cause a DoS (Denial of Service). sending incorrect requests or sending overly large data. Please see the vendor's advisory for a list of affected products and versions. SOLUTION: Please see the vendor's advisory for patch details. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.fujitsu.com/global/support/software/security/products-f/interstage-sr-200801e.html http://www.fujitsu.com/global/support/software/security/products-f/interstage-sr-200802e.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.98

sources: NVD: CVE-2008-1207 // JVNDB: JVNDB-2008-002815 // BID: 28114 // PACKETSTORM: 64315

AFFECTED PRODUCTS

vendor:fujitsumodel:interstage application server plusscope:eqversion:7.0.1

Trust: 1.9

vendor:fujitsumodel:interstage application server plusscope:eqversion:7.0

Trust: 1.9

vendor:fujitsumodel:interstage application server standard jscope:eqversion:8.0.1

Trust: 1.6

vendor:fujitsumodel:interstage application server enterprisescope:eqversion:8.0.0

Trust: 1.6

vendor:fujitsumodel:interstage application server standard jscope:eqversion:8.0.0

Trust: 1.6

vendor:fujitsumodel:interstage application server enterprisescope:eqversion:7.0.1

Trust: 1.6

vendor:fujitsumodel:interstage application server standard jscope:eqversion:8.0.2

Trust: 1.6

vendor:fujitsumodel:interstage application server enterprisescope:eqversion:8.0.2

Trust: 1.6

vendor:fujitsumodel:interstage application server enterprisescope:eqversion:8.0.1

Trust: 1.6

vendor:fujitsumodel:interstage smart repositoryscope: - version: -

Trust: 1.4

vendor:fujitsumodel:interstage apworks standard jscope:eqversion:8.0.0

Trust: 1.0

vendor:fujitsumodel:interstage smart repositoryscope:eqversion:*

Trust: 1.0

vendor:fujitsumodel:interstage business application serverscope:eqversion:8.0

Trust: 1.0

vendor:fujitsumodel:interstage apworks enterprisescope:eqversion:8.0.0

Trust: 1.0

vendor:fujitsumodel:interstage application server enterprisescope:eqversion:7.0

Trust: 1.0

vendor:fujitsumodel:interstage apworks modelers jscope:eqversion:7.0

Trust: 1.0

vendor:fujitsumodel:interstage smart repositoryscope:eqversion:0

Trust: 0.3

vendor:fujitsumodel:interstage business application server enterprisescope:eqversion:8.0.0

Trust: 0.3

vendor:fujitsumodel:interstage apworks standard-j editionscope:eqversion:8.0

Trust: 0.3

vendor:fujitsumodel:interstage apworks modelers-j editionscope:eqversion:7.0

Trust: 0.3

vendor:fujitsumodel:interstage apworks enterprise editionscope:eqversion:8.0

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:8.0.2

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:8.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:8.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:8.0.2

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:8.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:8.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:7.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:7.0

Trust: 0.3

sources: BID: 28114 // JVNDB: JVNDB-2008-002815 // CNNVD: CNNVD-200803-092 // NVD: CVE-2008-1207

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-1207
value: MEDIUM

Trust: 1.0

NVD: CVE-2008-1207
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200803-092
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2008-1207
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2008-002815 // CNNVD: CNNVD-200803-092 // NVD: CVE-2008-1207

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2008-002815 // NVD: CVE-2008-1207

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200803-092

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-200803-092

CONFIGURATIONS

sources: JVNDB: JVNDB-2008-002815

PATCH

title:Cross site scripting (XSS) and denial of service (DoS) vulnerabilities in Interstage HTTP Server. December 25th, 2008url:http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html

Trust: 0.8

sources: JVNDB: JVNDB-2008-002815

EXTERNAL IDS

db:NVDid:CVE-2008-1207

Trust: 2.7

db:BIDid:28114

Trust: 1.9

db:SECUNIAid:29250

Trust: 1.7

db:VUPENid:ADV-2008-0786

Trust: 1.6

db:JVNDBid:JVNDB-2008-002815

Trust: 0.8

db:XFid:41039

Trust: 0.6

db:XFid:41041

Trust: 0.6

db:CNNVDid:CNNVD-200803-092

Trust: 0.6

db:PACKETSTORMid:64315

Trust: 0.1

sources: BID: 28114 // JVNDB: JVNDB-2008-002815 // PACKETSTORM: 64315 // CNNVD: CNNVD-200803-092 // NVD: CVE-2008-1207

REFERENCES

url:http://www.fujitsu.com/global/support/software/security/products-f/interstage-sr-200801e.html

Trust: 2.0

url:http://www.fujitsu.com/global/support/software/security/products-f/interstage-sr-200802e.html

Trust: 2.0

url:http://www.securityfocus.com/bid/28114

Trust: 1.6

url:http://secunia.com/advisories/29250

Trust: 1.6

url:http://www.vupen.com/english/advisories/2008/0786

Trust: 1.0

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/41039

Trust: 1.0

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/41041

Trust: 1.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1207

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-1207

Trust: 0.8

url:http://www.frsirt.com/english/advisories/2008/0786

Trust: 0.6

url:http://xforce.iss.net/xforce/xfdb/41041

Trust: 0.6

url:http://xforce.iss.net/xforce/xfdb/41039

Trust: 0.6

url:http://www.fujitsu.com/global/services/software/interstage/

Trust: 0.3

url:http://secunia.com/product/13686/

Trust: 0.1

url:http://secunia.com/product/13692/

Trust: 0.1

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:https://psi.secunia.com/?page=changelog

Trust: 0.1

url:https://psi.secunia.com/

Trust: 0.1

url:http://secunia.com/product/13689/

Trust: 0.1

url:http://secunia.com/product/13687/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

url:http://secunia.com/product/13685/

Trust: 0.1

url:http://secunia.com/advisories/29250/

Trust: 0.1

url:http://secunia.com/product/15987/

Trust: 0.1

sources: BID: 28114 // JVNDB: JVNDB-2008-002815 // PACKETSTORM: 64315 // CNNVD: CNNVD-200803-092 // NVD: CVE-2008-1207

CREDITS

The vendor disclosed these issues.

Trust: 0.3

sources: BID: 28114

SOURCES

db:BIDid:28114
db:JVNDBid:JVNDB-2008-002815
db:PACKETSTORMid:64315
db:CNNVDid:CNNVD-200803-092
db:NVDid:CVE-2008-1207

LAST UPDATE DATE

2024-08-14T14:53:11.865000+00:00


SOURCES UPDATE DATE

db:BIDid:28114date:2015-05-07T17:32:00
db:JVNDBid:JVNDB-2008-002815date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200803-092date:2008-09-05T00:00:00
db:NVDid:CVE-2008-1207date:2017-08-08T01:29:57.683

SOURCES RELEASE DATE

db:BIDid:28114date:2008-03-06T00:00:00
db:JVNDBid:JVNDB-2008-002815date:2012-06-26T00:00:00
db:PACKETSTORMid:64315date:2008-03-12T17:55:23
db:CNNVDid:CNNVD-200803-092date:2008-03-07T00:00:00
db:NVDid:CVE-2008-1207date:2008-03-08T00:44:00