ID

VAR-200909-0087


CVE

CVE-2008-7195


TITLE

Fujitsu Interstage HTTP Server Service disruption in (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2009-003155

DESCRIPTION

Unspecified vulnerability in Fujitsu Interstage HTTP Server, as used in Interstage Application Server Enterprise Edition 7.0.1 for Solaris, allows attackers to cause a denial of service via unknown vectors related to SSL. Remote attackers can exploit these issues to deny service to legitimate users. Currently, very little is known about these issues. We will update this BID as more information emerges. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. 1) Some errors within the HTTP Server can be exploited to cause a DoS or to conduct cross-site scripting attacks. For more information: SA26273 SA26636 2) An unspecified error when receiving certain requests can be exploited to cause a DoS. This affects Windows systems with the following urgent corrections applied. * TP08940 * TP38940 3) An unspecified error when using SSL can be exploited to cause a DoS. This affects Solaris systems with the following urgent corrections applied. * T023AS-03 Please see the vendor advisory for a list of affected products. SOLUTION: The vendor has released patches for certain versions. Please see vendor advisory for a patch matrix. PROVIDED AND/OR DISCOVERED BY: 2, 3) Reported by the vendor. ORIGINAL ADVISORY: http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html OTHER REFERENCES: SA26273: http://secunia.com/advisories/26273/ SA26636: http://secunia.com/advisories/26636/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2008-7195 // JVNDB: JVNDB-2009-003155 // BID: 27391 // VULMON: CVE-2008-7195 // PACKETSTORM: 62900

AFFECTED PRODUCTS

vendor:fujitsumodel:interstage application serverscope:eqversion:7.0.1

Trust: 2.4

vendor:fujitsumodel:interstage application serverscope:eqversion:8.0.0

Trust: 1.6

vendor:fujitsumodel:interstage application serverscope:eqversion:5.0

Trust: 1.6

vendor:fujitsumodel:interstage application serverscope:eqversion:7.0

Trust: 1.6

vendor:fujitsumodel:interstage apworks modelers-j editionscope:eqversion:7.0

Trust: 0.3

vendor:fujitsumodel:interstage application server web-j editionscope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage application server standard editionscope:eqversion:5.0

Trust: 0.3

vendor:fujitsumodel:interstage application server plus developerscope:eqversion:7.0

Trust: 0.3

vendor:fujitsumodel:interstage application server plusscope:eqversion:7.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server plusscope:eqversion:7.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:8.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:7.0.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:7.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:5.0

Trust: 0.3

sources: BID: 27391 // JVNDB: JVNDB-2009-003155 // CNNVD: CNNVD-200909-168 // NVD: CVE-2008-7195

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-7195
value: MEDIUM

Trust: 1.0

NVD: CVE-2008-7195
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200909-168
value: MEDIUM

Trust: 0.6

VULMON: CVE-2008-7195
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2008-7195
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

sources: VULMON: CVE-2008-7195 // JVNDB: JVNDB-2009-003155 // CNNVD: CNNVD-200909-168 // NVD: CVE-2008-7195

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2008-7195

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200909-168

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-200909-168

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-003155

PATCH

title:Cross site scripting (XSS) and denial of service (DoS) vulnerabilities in Interstage HTTP Server. December 25th, 2008url:http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html

Trust: 0.8

sources: JVNDB: JVNDB-2009-003155

EXTERNAL IDS

db:NVDid:CVE-2008-7195

Trust: 2.8

db:BIDid:27391

Trust: 2.0

db:SECUNIAid:28606

Trust: 1.8

db:VUPENid:ADV-2008-0233

Trust: 1.6

db:JVNDBid:JVNDB-2009-003155

Trust: 0.8

db:XFid:39848

Trust: 0.6

db:CNNVDid:CNNVD-200909-168

Trust: 0.6

db:VUPENid:2008/0233

Trust: 0.1

db:VULMONid:CVE-2008-7195

Trust: 0.1

db:PACKETSTORMid:62900

Trust: 0.1

sources: VULMON: CVE-2008-7195 // BID: 27391 // JVNDB: JVNDB-2009-003155 // PACKETSTORM: 62900 // CNNVD: CNNVD-200909-168 // NVD: CVE-2008-7195

REFERENCES

url:http://www.fujitsu.com/global/support/software/security/products-f/interstage-200802e.html

Trust: 2.1

url:http://www.securityfocus.com/bid/27391

Trust: 1.8

url:http://secunia.com/advisories/28606

Trust: 1.7

url:http://www.vupen.com/english/advisories/2008/0233

Trust: 1.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/39848

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-7195

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-7195

Trust: 0.8

url:http://xforce.iss.net/xforce/xfdb/39848

Trust: 0.6

url:http://www.fujitsu.com/global/services/software/interstage/

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:http://secunia.com/advisories/26273/

Trust: 0.1

url:http://secunia.com/product/13689/

Trust: 0.1

url:http://secunia.com/product/13693/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/product/13692/

Trust: 0.1

url:http://secunia.com/product/15986/

Trust: 0.1

url:https://psi.secunia.com/?page=changelog

Trust: 0.1

url:http://secunia.com/product/15610/

Trust: 0.1

url:http://secunia.com/product/13687/

Trust: 0.1

url:http://secunia.com/about_secunia_advisories/

Trust: 0.1

url:http://secunia.com/product/15987/

Trust: 0.1

url:http://secunia.com/advisories/28606/

Trust: 0.1

url:https://psi.secunia.com/

Trust: 0.1

url:http://secunia.com/product/13688/

Trust: 0.1

url:http://secunia.com/advisories/26636/

Trust: 0.1

url:http://secunia.com/product/13685/

Trust: 0.1

url:http://secunia.com/product/13686/

Trust: 0.1

url:http://secunia.com/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/product/13694/

Trust: 0.1

url:http://secunia.com/product/13690/

Trust: 0.1

sources: VULMON: CVE-2008-7195 // BID: 27391 // JVNDB: JVNDB-2009-003155 // PACKETSTORM: 62900 // CNNVD: CNNVD-200909-168 // NVD: CVE-2008-7195

CREDITS

The vendor disclosed these issues.

Trust: 0.9

sources: BID: 27391 // CNNVD: CNNVD-200909-168

SOURCES

db:VULMONid:CVE-2008-7195
db:BIDid:27391
db:JVNDBid:JVNDB-2009-003155
db:PACKETSTORMid:62900
db:CNNVDid:CNNVD-200909-168
db:NVDid:CVE-2008-7195

LAST UPDATE DATE

2024-11-23T20:36:35.679000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2008-7195date:2017-08-17T00:00:00
db:BIDid:27391date:2016-07-05T22:00:00
db:JVNDBid:JVNDB-2009-003155date:2012-06-26T00:00:00
db:CNNVDid:CNNVD-200909-168date:2009-09-17T00:00:00
db:NVDid:CVE-2008-7195date:2024-11-21T00:58:30.427

SOURCES RELEASE DATE

db:VULMONid:CVE-2008-7195date:2009-09-10T00:00:00
db:BIDid:27391date:2008-01-22T00:00:00
db:JVNDBid:JVNDB-2009-003155date:2012-06-26T00:00:00
db:PACKETSTORMid:62900date:2008-01-24T03:55:21
db:CNNVDid:CNNVD-200909-168date:2009-09-10T00:00:00
db:NVDid:CVE-2008-7195date:2009-09-10T10:30:00.983