ID

VAR-200912-0451


TITLE

Fujitsu Interstage and Systemwalker SSL Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2009-002358

DESCRIPTION

Fujitsu Interstage and Systemwalker related products have the vulnerabilities listed below: - A buffer overflow vulnerability that can occur when the SSL server verifies the client's certificate. - A vulnerability that makes it possible to make an SSL connection using a server or client certificate issued by the old CA certificate after the CA certificate is renewed, regardless of the settings of the certificate environment variables. - A vulnerability where the depletion of resources, such as file descriptors, can occur on the SSL server.A remote attacker can cause a denial of service (DoS) condition or make an SSL connection using a fake certificate. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Fujitsu Products SSL Implementation Multiple Vulnerabilities SECUNIA ADVISORY ID: SA37989 VERIFY ADVISORY: http://secunia.com/advisories/37989/ DESCRIPTION: Some vulnerabilities have been reported in multiple Fujitsu products, which can be exploited by malicious people to bypass certain security restrictions or cause a DoS (Denial of Service). 3) An error in the implementation of the SSL server can be exploited to exhaust e.g. available file descriptors. Please see the vendor's advisory for a full list of affected products. SOLUTION: Apply patches. Please see the vendor's advisory for details. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: Fujitsu: http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_systemwalker_ssl_200901.html OTHER REFERENCES: JVN: http://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-002358.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 0.81

sources: JVNDB: JVNDB-2009-002358 // PACKETSTORM: 84267

AFFECTED PRODUCTS

vendor:fujitsumodel:infodirectoryscope: - version: -

Trust: 0.8

vendor:fujitsumodel:infoprovider proscope: - version: -

Trust: 0.8

vendor:fujitsumodel:infoproxyscope: - version: -

Trust: 0.8

vendor:fujitsumodel:infoproxy for middlewarescope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstagescope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage apcoordinatorscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage application framework suitescope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage application serverscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage apworksscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage business application managerscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage form coordinator syomei optionscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage security directorscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage traffic directorscope: - version: -

Trust: 0.8

vendor:fujitsumodel:linkexpressscope: - version: -

Trust: 0.8

vendor:fujitsumodel:safeauthorscope: - version: -

Trust: 0.8

vendor:fujitsumodel:safegatescope: - version: -

Trust: 0.8

vendor:fujitsumodel:safegate clientscope: - version: -

Trust: 0.8

vendor:fujitsumodel:safegate syutyu kanriscope: - version: -

Trust: 0.8

vendor:fujitsumodel:symfoware universal data interchangerscope: - version: -

Trust: 0.8

vendor:fujitsumodel:systemwalker centric managerscope: - version: -

Trust: 0.8

vendor:fujitsumodel:systemwalker centricmgr-ascope: - version: -

Trust: 0.8

vendor:fujitsumodel:systemwalker desktop inspectionscope: - version: -

Trust: 0.8

vendor:fujitsumodel:systemwalker desktop patrolscope: - version: -

Trust: 0.8

vendor:fujitsumodel:systemwalker formcoordinator syomei optionscope: - version: -

Trust: 0.8

vendor:fujitsumodel:systemwalker it budget managerscope: - version: -

Trust: 0.8

vendor:fujitsumodel:systemwalker it budgetmgrscope: - version: -

Trust: 0.8

vendor:fujitsumodel:systemwalker software deliveryscope: - version: -

Trust: 0.8

vendor:fujitsumodel:systemwalker/infodirectoryscope: - version: -

Trust: 0.8

vendor:fujitsumodel:trademasterscope: - version: -

Trust: 0.8

vendor:fujitsumodel:trmasterscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2009-002358

CVSS

SEVERITY

CVSSV2

CVSSV3

IPA: JVNDB-2009-002358
value: MEDIUM

Trust: 0.8

IPA: JVNDB-2009-002358
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

sources: JVNDB: JVNDB-2009-002358

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 0.8

problemtype:CWE-399

Trust: 0.8

problemtype:CWE-287

Trust: 0.8

sources: JVNDB: JVNDB-2009-002358

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-002358

PATCH

title:interstage_systemwalker_ssl_200901url:http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_systemwalker_ssl_200901.html

Trust: 0.8

sources: JVNDB: JVNDB-2009-002358

EXTERNAL IDS

db:JVNDBid:JVNDB-2009-002358

Trust: 0.9

db:SECUNIAid:37989

Trust: 0.2

db:PACKETSTORMid:84267

Trust: 0.1

sources: JVNDB: JVNDB-2009-002358 // PACKETSTORM: 84267

REFERENCES

url:http://secunia.com/advisories/37989/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/advisories/business_solutions/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://jvndb.jvn.jp/en/contents/2009/jvndb-2009-002358.html

Trust: 0.1

url:http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_systemwalker_ssl_200901.html

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

sources: PACKETSTORM: 84267

CREDITS

Secunia

Trust: 0.1

sources: PACKETSTORM: 84267

SOURCES

db:JVNDBid:JVNDB-2009-002358
db:PACKETSTORMid:84267

LAST UPDATE DATE

2022-05-17T22:49:29.265000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2009-002358date:2009-12-28T00:00:00

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2009-002358date:2009-12-28T00:00:00
db:PACKETSTORMid:84267date:2009-12-29T10:25:23