ID

VAR-200909-0086


CVE

CVE-2008-7194


TITLE

Fujitsu Interstage HTTP Server Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2009-003154

DESCRIPTION

Unspecified vulnerability in Fujitsu Interstage HTTP Server, as used in Interstage Application Server 5.0, 7.0, 7.0.1, and 8.0.0 for Windows, allows attackers to cause a denial of service via a crafted request. Remote attackers can exploit these issues to deny service to legitimate users. Currently, very little is known about these issues. We will update this BID as more information emerges. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. 1) Some errors within the HTTP Server can be exploited to cause a DoS or to conduct cross-site scripting attacks. For more information: SA26273 SA26636 2) An unspecified error when receiving certain requests can be exploited to cause a DoS. This affects Windows systems with the following urgent corrections applied. * TP08940 * TP38940 3) An unspecified error when using SSL can be exploited to cause a DoS. This affects Solaris systems with the following urgent corrections applied. * T023AS-03 Please see the vendor advisory for a list of affected products. SOLUTION: The vendor has released patches for certain versions. Please see vendor advisory for a patch matrix. PROVIDED AND/OR DISCOVERED BY: 2, 3) Reported by the vendor. ORIGINAL ADVISORY: http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html OTHER REFERENCES: SA26273: http://secunia.com/advisories/26273/ SA26636: http://secunia.com/advisories/26636/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.98

sources: NVD: CVE-2008-7194 // JVNDB: JVNDB-2009-003154 // BID: 27391 // PACKETSTORM: 62900

AFFECTED PRODUCTS

vendor:fujitsumodel:interstage application serverscope:eqversion:5.0

Trust: 2.4

vendor:fujitsumodel:interstage application serverscope:eqversion:7.0

Trust: 2.4

vendor:fujitsumodel:interstage application serverscope:eqversion:7.0.1

Trust: 1.8

vendor:fujitsumodel:interstage application serverscope:eqversion:8.0.0

Trust: 1.6

vendor:fujitsumodel:interstage application serverscope:eqversion:and 8.0.0

Trust: 0.8

vendor:fujitsumodel:interstage apworks modelers-j editionscope:eqversion:7.0

Trust: 0.3

vendor:fujitsumodel:interstage application server web-j editionscope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage application server standard editionscope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage application server plus developerscope:eqversion:7.0

Trust: 0.3

vendor:fujitsumodel:interstage application server plusscope:eqversion:7.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server plusscope:eqversion:7.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:8.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:7.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:7.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:5.0

Trust: 0.3

sources: BID: 27391 // JVNDB: JVNDB-2009-003154 // CNNVD: CNNVD-200909-167 // NVD: CVE-2008-7194

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-7194
value: MEDIUM

Trust: 1.0

NVD: CVE-2008-7194
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200909-167
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2008-7194
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2009-003154 // CNNVD: CNNVD-200909-167 // NVD: CVE-2008-7194

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2008-7194

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200909-167

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200909-167

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-003154

PATCH

title:Cross site scripting (XSS) and denial of service (DoS) vulnerabilities in Interstage HTTP Server. December 25th, 2008url:http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html

Trust: 0.8

sources: JVNDB: JVNDB-2009-003154

EXTERNAL IDS

db:NVDid:CVE-2008-7194

Trust: 2.7

db:BIDid:27391

Trust: 1.9

db:SECUNIAid:28606

Trust: 1.7

db:VUPENid:ADV-2008-0233

Trust: 1.6

db:JVNDBid:JVNDB-2009-003154

Trust: 0.8

db:XFid:39847

Trust: 0.6

db:CNNVDid:CNNVD-200909-167

Trust: 0.6

db:PACKETSTORMid:62900

Trust: 0.1

sources: BID: 27391 // JVNDB: JVNDB-2009-003154 // PACKETSTORM: 62900 // CNNVD: CNNVD-200909-167 // NVD: CVE-2008-7194

REFERENCES

url:http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html

Trust: 2.0

url:http://www.vupen.com/english/advisories/2008/0233

Trust: 1.6

url:http://www.securityfocus.com/bid/27391

Trust: 1.6

url:http://secunia.com/advisories/28606

Trust: 1.6

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/39847

Trust: 1.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-7194

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-7194

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/39847

Trust: 0.6

url:http://www.fujitsu.com/global/services/software/interstage/

Trust: 0.3

url:http://secunia.com/advisories/26273/

Trust: 0.1

url:http://secunia.com/product/13689/

Trust: 0.1

url:http://secunia.com/product/13693/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/product/13692/

Trust: 0.1

url:http://secunia.com/product/15986/

Trust: 0.1

url:https://psi.secunia.com/?page=changelog

Trust: 0.1

url:http://secunia.com/product/15610/

Trust: 0.1

url:http://secunia.com/product/13687/

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

url:http://secunia.com/product/15987/

Trust: 0.1

url:http://secunia.com/advisories/28606/

Trust: 0.1

url:https://psi.secunia.com/

Trust: 0.1

url:http://secunia.com/product/13688/

Trust: 0.1

url:http://secunia.com/advisories/26636/

Trust: 0.1

url:http://secunia.com/product/13685/

Trust: 0.1

url:http://secunia.com/product/13686/

Trust: 0.1

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/product/13694/

Trust: 0.1

url:http://secunia.com/product/13690/

Trust: 0.1

sources: BID: 27391 // JVNDB: JVNDB-2009-003154 // PACKETSTORM: 62900 // CNNVD: CNNVD-200909-167 // NVD: CVE-2008-7194

CREDITS

The vendor disclosed these issues.

Trust: 0.9

sources: BID: 27391 // CNNVD: CNNVD-200909-167

SOURCES

db:BIDid:27391
db:JVNDBid:JVNDB-2009-003154
db:PACKETSTORMid:62900
db:CNNVDid:CNNVD-200909-167
db:NVDid:CVE-2008-7194

LAST UPDATE DATE

2024-11-23T20:28:23.087000+00:00


SOURCES UPDATE DATE

db:BIDid:27391date:2016-07-05T22:00:00
db:JVNDBid:JVNDB-2009-003154date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200909-167date:2009-09-10T00:00:00
db:NVDid:CVE-2008-7194date:2024-11-21T00:58:30.277

SOURCES RELEASE DATE

db:BIDid:27391date:2008-01-22T00:00:00
db:JVNDBid:JVNDB-2009-003154date:2012-06-26T00:00:00
db:PACKETSTORMid:62900date:2008-01-24T03:55:21
db:CNNVDid:CNNVD-200909-167date:2009-09-10T00:00:00
db:NVDid:CVE-2008-7194date:2009-09-10T10:30:00.953