ID

VAR-201312-0318


CVE

CVE-2013-7105


TITLE

Buffer Overflow Vulnerability in the log function of Interstage HTTP Server

Trust: 0.8

sources: JVNDB: JVNDB-2013-005262

DESCRIPTION

Buffer overflow in the Interstage HTTP Server log functionality, as used in Fujitsu Interstage Application Server 9.0.0, 9.1.0, 9.2.0, 9.3.1, and 10.0.0; and Interstage Studio 9.0.0, 9.1.0, 9.2.0, and 10.0.0, has unspecified impact and attack vectors related to "ihsrlog/rotatelogs.". An attacker could execute arbitrary code. Fujitsu Interstage is a modular software component for enterprise business operations management. Multiple Fujitsu Interstage Products are prone to an unspecified buffer-overflow vulnerability because it fails to properly bounds check data. Failed attempts will likely cause a denial-of-service condition

Trust: 2.61

sources: NVD: CVE-2013-7105 // JVNDB: JVNDB-2013-005262 // CNVD: CNVD-2013-14750 // BID: 63929 // IVD: 671342aa-1efb-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 671342aa-1efb-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-14750

AFFECTED PRODUCTS

vendor:fujitsumodel:interstage studioscope:eqversion:9.0.0

Trust: 1.6

vendor:fujitsumodel:interstage studioscope:eqversion:9.1.0

Trust: 1.6

vendor:fujitsumodel:interstage application serverscope:eqversion:9.2.0

Trust: 1.6

vendor:fujitsumodel:interstage studioscope:eqversion:9.2.0

Trust: 1.6

vendor:fujitsumodel:interstage studioscope:eqversion:10.0.0

Trust: 1.6

vendor:fujitsumodel:interstage application serverscope:eqversion:9.1.0

Trust: 1.6

vendor:fujitsumodel:interstage application serverscope:eqversion:9.0.0

Trust: 1.6

vendor:fujitsumodel:interstage application serverscope:eqversion:9.3.1

Trust: 1.6

vendor:fujitsumodel:interstage application serverscope:eqversion:10.0.0

Trust: 1.6

vendor:fujitsumodel:interstage application serverscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage studioscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage web serverscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstagescope:eqversion:9.x

Trust: 0.6

vendor:fujitsumodel:interstage studio standard-j editionscope:eqversion:9.2

Trust: 0.3

vendor:fujitsumodel:interstage studio standard-j editionscope:eqversion:9.1

Trust: 0.3

vendor:fujitsumodel:interstage studio standard-j editionscope:eqversion:9.0

Trust: 0.3

vendor:fujitsumodel:interstage studio standard-j edition bscope:eqversion:9.1.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:9.2

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:9.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition ascope:eqversion:9.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:9.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition 9.1.0ascope: - version: -

Trust: 0.3

vendor:interstage application servermodel: - scope:eqversion:9.0.0

Trust: 0.2

vendor:interstage application servermodel: - scope:eqversion:9.1.0

Trust: 0.2

vendor:interstage application servermodel: - scope:eqversion:9.2.0

Trust: 0.2

vendor:interstage application servermodel: - scope:eqversion:9.3.1

Trust: 0.2

vendor:interstage application servermodel: - scope:eqversion:10.0.0

Trust: 0.2

vendor:interstage studiomodel: - scope:eqversion:9.0.0

Trust: 0.2

vendor:interstage studiomodel: - scope:eqversion:9.1.0

Trust: 0.2

vendor:interstage studiomodel: - scope:eqversion:9.2.0

Trust: 0.2

vendor:interstage studiomodel: - scope:eqversion:10.0.0

Trust: 0.2

sources: IVD: 671342aa-1efb-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-14750 // BID: 63929 // JVNDB: JVNDB-2013-005262 // CNNVD: CNNVD-201312-260 // NVD: CVE-2013-7105

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-7105
value: HIGH

Trust: 1.0

IPA: JVNDB-2013-005262
value: HIGH

Trust: 0.8

CNVD: CNVD-2013-14750
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201312-260
value: CRITICAL

Trust: 0.6

IVD: 671342aa-1efb-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

nvd@nist.gov: CVE-2013-7105
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2013-005262
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2013-14750
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 671342aa-1efb-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 671342aa-1efb-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-14750 // JVNDB: JVNDB-2013-005262 // CNNVD: CNNVD-201312-260 // NVD: CVE-2013-7105

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2013-005262 // NVD: CVE-2013-7105

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201312-260

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: 671342aa-1efb-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201312-260

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-005262

PATCH

title:Interstage HTTP Server: Buffer Overflow Vulnerability in Log Feature.url:http://www.fujitsu.com/global/support/software/security/products-f/interstage-201302e.html

Trust: 0.8

title:Patch for multiple Fujitsu Interstage products HTTP Server Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/41353

Trust: 0.6

sources: CNVD: CNVD-2013-14750 // JVNDB: JVNDB-2013-005262

EXTERNAL IDS

db:NVDid:CVE-2013-7105

Trust: 2.9

db:BIDid:63929

Trust: 1.9

db:SECTRACKid:1029398

Trust: 1.6

db:CNVDid:CNVD-2013-14750

Trust: 0.8

db:CNNVDid:CNNVD-201312-260

Trust: 0.8

db:JVNDBid:JVNDB-2013-005262

Trust: 0.8

db:IVDid:671342AA-1EFB-11E6-ABEF-000C29C66E3D

Trust: 0.2

sources: IVD: 671342aa-1efb-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-14750 // BID: 63929 // JVNDB: JVNDB-2013-005262 // CNNVD: CNNVD-201312-260 // NVD: CVE-2013-7105

REFERENCES

url:http://www.fujitsu.com/global/support/software/security/products-f/interstage-201302e.html

Trust: 1.9

url:http://www.securitytracker.com/id/1029398

Trust: 1.6

url:http://www.securityfocus.com/bid/63929

Trust: 1.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7105

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7105

Trust: 0.8

url:http://www.securityfocus.com/bid/63929/

Trust: 0.6

url:http://www.fujitsu.com/global/services/software/interstage/

Trust: 0.3

sources: CNVD: CNVD-2013-14750 // BID: 63929 // JVNDB: JVNDB-2013-005262 // CNNVD: CNNVD-201312-260 // NVD: CVE-2013-7105

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 63929

SOURCES

db:IVDid:671342aa-1efb-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-14750
db:BIDid:63929
db:JVNDBid:JVNDB-2013-005262
db:CNNVDid:CNNVD-201312-260
db:NVDid:CVE-2013-7105

LAST UPDATE DATE

2024-08-14T14:58:13.898000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2013-14750date:2013-11-28T00:00:00
db:BIDid:63929date:2015-03-19T09:23:00
db:JVNDBid:JVNDB-2013-005262date:2013-12-18T00:00:00
db:CNNVDid:CNNVD-201312-260date:2013-12-19T00:00:00
db:NVDid:CVE-2013-7105date:2013-12-20T04:39:00.007

SOURCES RELEASE DATE

db:IVDid:671342aa-1efb-11e6-abef-000c29c66e3ddate:2013-11-28T00:00:00
db:CNVDid:CNVD-2013-14750date:2013-11-28T00:00:00
db:BIDid:63929date:2013-11-26T00:00:00
db:JVNDBid:JVNDB-2013-005262date:2013-11-28T00:00:00
db:CNNVDid:CNNVD-201312-260date:2013-12-19T00:00:00
db:NVDid:CVE-2013-7105date:2013-12-14T20:55:03.720