Details of VAR-201011-0285

ID

VAR-201011-0285

TITLE

Fujitsu Interstage Multiple Product IP Address Restriction Bypass Vulnerabilities

Trust: 0.6

sources: CNVD: CNVD-2010-2917

DESCRIPTION

There are security vulnerabilities in multiple Fujitsu Interstage products that allow malicious users to bypass some security restrictions. When access is restricted by IP, an attacker can exploit the vulnerability to submit requests using impermissible IP addresses, bypassing restrictions, and obtaining sensitive information. Successful exploits may allow attackers to bypass detection rules; this may aid in further attacks. Given the nature of this issue, attackers may also be able to access sensitive information. ---------------------------------------------------------------------- Secure your corporate defenses and reduce complexity in handling vulnerability threats with the new Secunia Vulnerability Intelligence Manager (VIM) Beta. Join the beta: http://secunia.com/products/corporate/vim/ ---------------------------------------------------------------------- TITLE: Fujitsu Interstage Products IP Address Restriction Bypass Security Issue SECUNIA ADVISORY ID: SA42266 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/42266/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=42266 RELEASE DATE: 2010-11-19 DISCUSS ADVISORY: http://secunia.com/advisories/42266/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/42266/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=42266 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A security issue has been reported in multiple Fujitsu Interstage products, which can be exploited by malicious people to bypass certain security restrictions. Please see the vendor's advisory for a list of affected products and versions. SOLUTION: Apply patches (please see the vendor's advisory for details). PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.fujitsu.com/global/support/software/security/products-f/interstage-201006e.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.08

sources: CNVD: CNVD-2010-2917 // BID: 44976 // IVD: 2fbe954a-1fa8-11e6-abef-000c29c66e3d // PACKETSTORM: 95994

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 2fbe954a-1fa8-11e6-abef-000c29c66e3d // CNVD: CNVD-2010-2917

AFFECTED PRODUCTS

vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	6.0	Trust: 1.1
vendor:	fujitsu	model:	interstage studio enterprise edition	scope:	eq	version:	8.0.1	Trust: 0.9
vendor:	fujitsu	model:	interstage job workload server	scope:	eq	version:	8.1	Trust: 0.9
vendor:	fujitsu	model:	interstage business application server enterprise edition	scope:	eq	version:	8.0	Trust: 0.9
vendor:	fujitsu	model:	interstage apworks modelers-j edition	scope:	eq	version:	7.0	Trust: 0.9
vendor:	fujitsu	model:	interstage apworks modelers-j edition	scope:	eq	version:	6.0	Trust: 0.9
vendor:	fujitsu	model:	interstage apworks modelers-j edition 6.0a	scope:	-	version:	-	Trust: 0.9
vendor:	fujitsu	model:	interstage application server standard-j edition	scope:	eq	version:	8.0	Trust: 0.9
vendor:	fujitsu	model:	interstage application server standard-j edition	scope:	eq	version:	8.0.2	Trust: 0.9
vendor:	fujitsu	model:	interstage application server standard-j edition	scope:	eq	version:	9.0	Trust: 0.9
vendor:	fujitsu	model:	interstage application server standard-j edition	scope:	eq	version:	8.0.1	Trust: 0.9
vendor:	fujitsu	model:	interstage application server standard-j edition a	scope:	eq	version:	9.0	Trust: 0.9
vendor:	fujitsu	model:	interstage application server plus developer	scope:	eq	version:	7.0	Trust: 0.9
vendor:	fujitsu	model:	interstage application server plus developer	scope:	eq	version:	6.0	Trust: 0.9
vendor:	fujitsu	model:	interstage application server plus	scope:	eq	version:	7.0	Trust: 0.9
vendor:	fujitsu	model:	interstage application server plus	scope:	eq	version:	6.0	Trust: 0.9
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	7.0	Trust: 0.9
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	7.0.1	Trust: 0.9
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	8.0	Trust: 0.9
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	8.0.1	Trust: 0.9
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	8.0.2	Trust: 0.9
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	9.0	Trust: 0.9
vendor:	fujitsu	model:	interstage application server enterprise edition a	scope:	eq	version:	9.0	Trust: 0.9
vendor:	fujitsu	model:	interstage studio stadard-j edition	scope:	eq	version:	8.0.1	Trust: 0.6
vendor:	fujitsu	model:	interstage studio standard-j edition	scope:	eq	version:	8.0.1	Trust: 0.3
vendor:	fujitsu	model:	interstage application server plus	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	fujitsu	model:	interstage studio stadard-j edition	scope:	eq	version:	8.0.1*	Trust: 0.2
vendor:	fujitsu	model:	interstage studio enterprise edition	scope:	eq	version:	8.0.1*	Trust: 0.2
vendor:	fujitsu	model:	interstage job workload server	scope:	eq	version:	8.1*	Trust: 0.2
vendor:	fujitsu	model:	interstage business application server enterprise edition	scope:	eq	version:	8.0*	Trust: 0.2
vendor:	fujitsu	model:	interstage apworks modelers-j edition	scope:	eq	version:	7.0*	Trust: 0.2
vendor:	fujitsu	model:	interstage apworks modelers-j edition	scope:	eq	version:	6.0*	Trust: 0.2
vendor:	fujitsu	model:	interstage apworks modelers-j edition 6.0a	scope:	eq	version:	*	Trust: 0.2
vendor:	fujitsu	model:	interstage application server standard-j edition	scope:	eq	version:	8.0*	Trust: 0.2
vendor:	fujitsu	model:	interstage application server standard-j edition	scope:	eq	version:	8.0.2*	Trust: 0.2
vendor:	fujitsu	model:	interstage application server standard-j edition	scope:	eq	version:	9.0*	Trust: 0.2
vendor:	fujitsu	model:	interstage application server standard-j edition	scope:	eq	version:	8.0.1*	Trust: 0.2
vendor:	fujitsu	model:	interstage application server standard-j edition a	scope:	eq	version:	9.0*	Trust: 0.2
vendor:	fujitsu	model:	interstage application server plus developer	scope:	eq	version:	7.0*	Trust: 0.2
vendor:	fujitsu	model:	interstage application server plus developer	scope:	eq	version:	6.0*	Trust: 0.2
vendor:	fujitsu	model:	interstage application server plus	scope:	eq	version:	7.0*	Trust: 0.2
vendor:	fujitsu	model:	interstage application server plus	scope:	eq	version:	6.0*	Trust: 0.2
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	7.0*	Trust: 0.2
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	7.0.1*	Trust: 0.2
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	8.0*	Trust: 0.2
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	8.0.1*	Trust: 0.2
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	8.0.2*	Trust: 0.2
vendor:	fujitsu	model:	interstage application server enterprise edition	scope:	eq	version:	9.0*	Trust: 0.2
vendor:	fujitsu	model:	interstage application server enterprise edition a	scope:	eq	version:	9.0*	Trust: 0.2

sources: IVD: 2fbe954a-1fa8-11e6-abef-000c29c66e3d // CNVD: CNVD-2010-2917 // BID: 44976

CVSS

SEVERITY

CVSSV2

CVSSV3

IVD:	2fbe954a-1fa8-11e6-abef-000c29c66e3d
value:	LOW
Trust: 0.2

IVD:	2fbe954a-1fa8-11e6-abef-000c29c66e3d
severity:	NONE
baseScore:	NONE
vectorString:	NONE
accessVector:	NONE
accessComplexity:	NONE
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	UNKNOWN
Trust: 0.2

sources: IVD: 2fbe954a-1fa8-11e6-abef-000c29c66e3d

THREAT TYPE

network

Trust: 0.3

sources: BID: 44976

TYPE

Unknown

Trust: 0.3

sources: BID: 44976

PATCH

title:

Fujitsu Interstage Multiple Product IP Address Restriction Vulnerability Patch

url:

https://www.cnvd.org.cn/patchinfo/show/1845

Trust: 0.6

sources: CNVD: CNVD-2010-2917

EXTERNAL IDS

db:	BID	id:	44976	Trust: 0.9
db:	CNVD	id:	CNVD-2010-2917	Trust: 0.8
db:	SECUNIA	id:	42266	Trust: 0.7
db:	IVD	id:	2FBE954A-1FA8-11E6-ABEF-000C29C66E3D	Trust: 0.2
db:	PACKETSTORM	id:	95994	Trust: 0.1

sources: IVD: 2fbe954a-1fa8-11e6-abef-000c29c66e3d // CNVD: CNVD-2010-2917 // BID: 44976 // PACKETSTORM: 95994

REFERENCES

url:	http://secunia.com/advisories/42266/	Trust: 0.7
url:	http://www.fujitsu.com/global/support/software/security/products-f/interstage-201006e.html	Trust: 0.4
url:	http://www.fujitsu.com/	Trust: 0.3
url:	http://secunia.com/products/corporate/evm/	Trust: 0.1
url:	http://secunia.com/advisories/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/	Trust: 0.1
url:	https://ca.secunia.com/?page=viewadvisory&vuln_id=42266	Trust: 0.1
url:	http://secunia.com/advisories/42266/#comments	Trust: 0.1
url:	http://secunia.com/products/corporate/vim/	Trust: 0.1
url:	http://secunia.com/vulnerability_scanning/personal/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/advisories/about_secunia_advisories/	Trust: 0.1

sources: CNVD: CNVD-2010-2917 // BID: 44976 // PACKETSTORM: 95994

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 44976

SOURCES

db:	IVD	id:	2fbe954a-1fa8-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2010-2917
db:	BID	id:	44976
db:	PACKETSTORM	id:	95994

LAST UPDATE DATE

2022-05-17T01:45:42.246000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2010-2917	date:	2010-11-22T00:00:00
db:	BID	id:	44976	date:	2010-11-19T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	2fbe954a-1fa8-11e6-abef-000c29c66e3d	date:	2010-11-22T00:00:00
db:	CNVD	id:	CNVD-2010-2917	date:	2010-11-22T00:00:00
db:	BID	id:	44976	date:	2010-11-19T00:00:00
db:	PACKETSTORM	id:	95994	date:	2010-11-19T06:22:01