ID

VAR-201011-0281


TITLE

Multiple Fujitsu Interstage Product Information Disclosure Vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2010-2819

DESCRIPTION

Multiple Fujitsu Interstage products have security vulnerabilities that allow malicious users to obtain sensitive information. A vulnerability exists in the Interstage server that is configured and running a J2EE application, allowing an attacker to gain unauthorized access to files and directories. This issue can be exploited to gain access to arbitrary files and directories and to obtain sensitive information. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fujitsu Interstage Products Information Disclosure Vulnerability SECUNIA ADVISORY ID: SA42222 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42222/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42222 RELEASE DATE: 2010-11-16 DISCUSS ADVISORY: http://secunia.com/advisories/42222/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42222/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42222 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in multiple Fujitsu Interstage products, which can be exploited by malicious people to disclose potentially sensitive information. No further information is currently available. Please see the vendor's advisory for a list of affected products and versions. SOLUTION: Apply patches (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.fujitsu.com/global/support/software/security/products-f/interstage-201005e.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.08

sources: CNVD: CNVD-2010-2819 // BID: 44848 // IVD: a6a8ae0c-1fa8-11e6-abef-000c29c66e3d // PACKETSTORM: 95864

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: a6a8ae0c-1fa8-11e6-abef-000c29c66e3d // CNVD: CNVD-2010-2819

AFFECTED PRODUCTS

vendor:fujitsumodel:interstage studio enterprise editionscope:eqversion:8.0.1

Trust: 0.9

vendor:fujitsumodel:interstage studio enterprise editionscope:eqversion:9.0

Trust: 0.9

vendor:fujitsumodel:interstage job workload serverscope:eqversion:8.1

Trust: 0.9

vendor:fujitsumodel:interstage business application server enterprise editionscope:eqversion:8.0

Trust: 0.9

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:8.0

Trust: 0.9

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:8.0.2

Trust: 0.9

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:9.0

Trust: 0.9

vendor:fujitsumodel:interstage application server plusscope:eqversion:7.0.1

Trust: 0.9

vendor:fujitsumodel:interstage application server plusscope:eqversion:7.0

Trust: 0.9

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:7.0

Trust: 0.9

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:7.0.1

Trust: 0.9

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:8.0

Trust: 0.9

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:8.0.1

Trust: 0.9

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:8.0.2

Trust: 0.9

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:9.0

Trust: 0.9

vendor:fujitsumodel:interstage application server enterprise edition ascope:eqversion:9.0

Trust: 0.9

vendor:fujitsumodel:interstage studio stadard-j editionscope:eqversion:8.0.1

Trust: 0.6

vendor:fujitsumodel:interstage studio stadard-j editionscope:eqversion:9.0

Trust: 0.6

vendor:fujitsumodel:interstage studio standard-j editionscope:eqversion:9.0

Trust: 0.3

vendor:fujitsumodel:interstage studio standard-j editionscope:eqversion:8.0.1

Trust: 0.3

vendor:fujitsumodel:interstage apworks modelers-j editionscope:eqversion:7.0

Trust: 0.3

vendor:fujitsumodel:interstage application server plus developerscope:eqversion:7.0

Trust: 0.3

vendor:fujitsumodel:interstage studio stadard-j editionscope:eqversion:8.0.1*

Trust: 0.2

vendor:fujitsumodel:interstage studio stadard-j editionscope:eqversion:9.0*

Trust: 0.2

vendor:fujitsumodel:interstage studio enterprise editionscope:eqversion:8.0.1*

Trust: 0.2

vendor:fujitsumodel:interstage studio enterprise editionscope:eqversion:9.0*

Trust: 0.2

vendor:fujitsumodel:interstage job workload serverscope:eqversion:8.1*

Trust: 0.2

vendor:fujitsumodel:interstage business application server enterprise editionscope:eqversion:8.0*

Trust: 0.2

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:8.0*

Trust: 0.2

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:8.0.2*

Trust: 0.2

vendor:fujitsumodel:interstage application server standard-j editionscope:eqversion:9.0*

Trust: 0.2

vendor:fujitsumodel:interstage application server plusscope:eqversion:7.0.1*

Trust: 0.2

vendor:fujitsumodel:interstage application server plusscope:eqversion:7.0*

Trust: 0.2

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:7.0*

Trust: 0.2

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:7.0.1*

Trust: 0.2

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:8.0*

Trust: 0.2

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:8.0.1*

Trust: 0.2

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:8.0.2*

Trust: 0.2

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:9.0*

Trust: 0.2

vendor:fujitsumodel:interstage application server enterprise edition ascope:eqversion:9.0*

Trust: 0.2

sources: IVD: a6a8ae0c-1fa8-11e6-abef-000c29c66e3d // CNVD: CNVD-2010-2819 // BID: 44848

CVSS

SEVERITY

CVSSV2

CVSSV3

IVD: a6a8ae0c-1fa8-11e6-abef-000c29c66e3d
value: MEDIUM

Trust: 0.2

IVD: a6a8ae0c-1fa8-11e6-abef-000c29c66e3d
severity: NONE
baseScore: NONE
vectorString: NONE
accessVector: NONE
accessComplexity: NONE
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: UNKNOWN

Trust: 0.2

sources: IVD: a6a8ae0c-1fa8-11e6-abef-000c29c66e3d

THREAT TYPE

network

Trust: 0.3

sources: BID: 44848

TYPE

Input Validation Error

Trust: 0.3

sources: BID: 44848

PATCH

title:Multiple Fujitsu Interstage product information disclosure vulnerability patchesurl:https://www.cnvd.org.cn/patchinfo/show/1740

Trust: 0.6

sources: CNVD: CNVD-2010-2819

EXTERNAL IDS

db:BIDid:44848

Trust: 0.9

db:CNVDid:CNVD-2010-2819

Trust: 0.8

db:SECUNIAid:42222

Trust: 0.7

db:IVDid:A6A8AE0C-1FA8-11E6-ABEF-000C29C66E3D

Trust: 0.2

db:PACKETSTORMid:95864

Trust: 0.1

sources: IVD: a6a8ae0c-1fa8-11e6-abef-000c29c66e3d // CNVD: CNVD-2010-2819 // BID: 44848 // PACKETSTORM: 95864

REFERENCES

url:http://secunia.com/advisories/42222/

Trust: 0.7

url:http://www.fujitsu.com/global/support/software/security/products-f/interstage-201005e.html

Trust: 0.4

url:http://www.fujitsu.com/global/services/software/interstage/apserver/

Trust: 0.3

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=42222

Trust: 0.1

url:http://secunia.com/products/corporate/evm/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:http://secunia.com/products/corporate/vim/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/advisories/42222/#comments

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

sources: CNVD: CNVD-2010-2819 // BID: 44848 // PACKETSTORM: 95864

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 44848

SOURCES

db:IVDid:a6a8ae0c-1fa8-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2010-2819
db:BIDid:44848
db:PACKETSTORMid:95864

LAST UPDATE DATE

2022-05-17T01:56:38.715000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2010-2819date:2013-09-09T00:00:00
db:BIDid:44848date:2010-11-15T15:26:00

SOURCES RELEASE DATE

db:IVDid:a6a8ae0c-1fa8-11e6-abef-000c29c66e3ddate:2010-11-16T00:00:00
db:CNVDid:CNVD-2010-2819date:2010-11-16T00:00:00
db:BIDid:44848date:2010-11-15T00:00:00
db:PACKETSTORMid:95864date:2010-11-16T09:05:02