Details of VAR-200909-0086

ID

VAR-200909-0086

CVE

CVE-2008-7194

TITLE

Fujitsu Interstage HTTP Server Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2009-003154

DESCRIPTION

Unspecified vulnerability in Fujitsu Interstage HTTP Server, as used in Interstage Application Server 5.0, 7.0, 7.0.1, and 8.0.0 for Windows, allows attackers to cause a denial of service via a crafted request. Remote attackers can exploit these issues to deny service to legitimate users. Currently, very little is known about these issues. We will update this BID as more information emerges. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. 1) Some errors within the HTTP Server can be exploited to cause a DoS or to conduct cross-site scripting attacks. For more information: SA26273 SA26636 2) An unspecified error when receiving certain requests can be exploited to cause a DoS. This affects Windows systems with the following urgent corrections applied. * TP08940 * TP38940 3) An unspecified error when using SSL can be exploited to cause a DoS. This affects Solaris systems with the following urgent corrections applied. * T023AS-03 Please see the vendor advisory for a list of affected products. SOLUTION: The vendor has released patches for certain versions. Please see vendor advisory for a patch matrix. PROVIDED AND/OR DISCOVERED BY: 2, 3) Reported by the vendor. ORIGINAL ADVISORY: http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html OTHER REFERENCES: SA26273: http://secunia.com/advisories/26273/ SA26636: http://secunia.com/advisories/26636/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.98

sources: NVD: CVE-2008-7194 // JVNDB: JVNDB-2009-003154 // BID: 27391 // PACKETSTORM: 62900

AFFECTED PRODUCTS

vendor:	fujitsu	model:	interstage application server	scope:	eq	version:	5.0	Trust: 2.4
vendor:	fujitsu	model:	interstage application server	scope:	eq	version:	7.0	Trust: 2.4
vendor:	fujitsu	model:	interstage application server	scope:	eq	version:	7.0.1	Trust: 1.8
vendor:	fujitsu	model:	interstage application server	scope:	eq	version:	8.0.0	Trust: 1.6
vendor:	fujitsu	model:	interstage application server	scope:	eq	version:	and 8.0.0	Trust: 0.8
vendor:	fujitsu	model:	interstage apworks modelers-j edition	scope:	eq	version:	7.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server web-j edition	scope:	eq	version:	5.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server standard edition	scope:	eq	version:	5.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server plus developer	scope:	eq	version:	7.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server plus	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	fujitsu	model:	interstage application server plus	scope:	eq	version:	7.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	8.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	7.0	Trust: 0.3
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	5.0	Trust: 0.3

sources: BID: 27391 // JVNDB: JVNDB-2009-003154 // CNNVD: CNNVD-200909-167 // NVD: CVE-2008-7194

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2008-7194
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2008-7194
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200909-167
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2008-7194
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: JVNDB: JVNDB-2009-003154 // CNNVD: CNNVD-200909-167 // NVD: CVE-2008-7194

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2008-7194

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200909-167

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200909-167

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-003154

PATCH

title:

Cross site scripting (XSS) and denial of service (DoS) vulnerabilities in Interstage HTTP Server. December 25th, 2008

url:

http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html

Trust: 0.8

sources: JVNDB: JVNDB-2009-003154

EXTERNAL IDS

db:	NVD	id:	CVE-2008-7194	Trust: 2.7
db:	BID	id:	27391	Trust: 1.9
db:	SECUNIA	id:	28606	Trust: 1.7
db:	VUPEN	id:	ADV-2008-0233	Trust: 1.6
db:	JVNDB	id:	JVNDB-2009-003154	Trust: 0.8
db:	XF	id:	39847	Trust: 0.6
db:	CNNVD	id:	CNNVD-200909-167	Trust: 0.6
db:	PACKETSTORM	id:	62900	Trust: 0.1

sources: BID: 27391 // JVNDB: JVNDB-2009-003154 // PACKETSTORM: 62900 // CNNVD: CNNVD-200909-167 // NVD: CVE-2008-7194

REFERENCES

url:	http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html	Trust: 2.0
url:	http://www.vupen.com/english/advisories/2008/0233	Trust: 1.6
url:	http://www.securityfocus.com/bid/27391	Trust: 1.6
url:	http://secunia.com/advisories/28606	Trust: 1.6
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/39847	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-7194	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-7194	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/39847	Trust: 0.6
url:	http://www.fujitsu.com/global/services/software/interstage/	Trust: 0.3
url:	http://secunia.com/advisories/26273/	Trust: 0.1
url:	http://secunia.com/product/13689/	Trust: 0.1
url:	http://secunia.com/product/13693/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/product/13692/	Trust: 0.1
url:	http://secunia.com/product/15986/	Trust: 0.1
url:	https://psi.secunia.com/?page=changelog	Trust: 0.1
url:	http://secunia.com/product/15610/	Trust: 0.1
url:	http://secunia.com/product/13687/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1
url:	http://secunia.com/product/15987/	Trust: 0.1
url:	http://secunia.com/advisories/28606/	Trust: 0.1
url:	https://psi.secunia.com/	Trust: 0.1
url:	http://secunia.com/product/13688/	Trust: 0.1
url:	http://secunia.com/advisories/26636/	Trust: 0.1
url:	http://secunia.com/product/13685/	Trust: 0.1
url:	http://secunia.com/product/13686/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/13694/	Trust: 0.1
url:	http://secunia.com/product/13690/	Trust: 0.1

sources: BID: 27391 // JVNDB: JVNDB-2009-003154 // PACKETSTORM: 62900 // CNNVD: CNNVD-200909-167 // NVD: CVE-2008-7194

CREDITS

The vendor disclosed these issues.

Trust: 0.9

sources: BID: 27391 // CNNVD: CNNVD-200909-167

SOURCES

db:	BID	id:	27391
db:	JVNDB	id:	JVNDB-2009-003154
db:	PACKETSTORM	id:	62900
db:	CNNVD	id:	CNNVD-200909-167
db:	NVD	id:	CVE-2008-7194

LAST UPDATE DATE

2024-08-14T13:12:04.301000+00:00

SOURCES UPDATE DATE

db:	BID	id:	27391	date:	2016-07-05T22:00:00
db:	JVNDB	id:	JVNDB-2009-003154	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200909-167	date:	2009-09-10T00:00:00
db:	NVD	id:	CVE-2008-7194	date:	2017-08-17T01:29:52.817

SOURCES RELEASE DATE

db:	BID	id:	27391	date:	2008-01-22T00:00:00
db:	JVNDB	id:	JVNDB-2009-003154	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	62900	date:	2008-01-24T03:55:21
db:	CNNVD	id:	CNNVD-200909-167	date:	2009-09-10T00:00:00
db:	NVD	id:	CVE-2008-7194	date:	2009-09-10T10:30:00.953