Sign-up

ID

VAR-201312-0318


CVE

CVE-2013-7105


TITLE

Buffer Overflow Vulnerability in the log function of Interstage HTTP Server

Trust: 0.8

sources: JVNDB: JVNDB-2013-005262

DESCRIPTION

Buffer overflow in the Interstage HTTP Server log functionality, as used in Fujitsu Interstage Application Server 9.0.0, 9.1.0, 9.2.0, 9.3.1, and 10.0.0; and Interstage Studio 9.0.0, 9.1.0, 9.2.0, and 10.0.0, has unspecified impact and attack vectors related to "ihsrlog/rotatelogs.". An attacker could execute arbitrary code. Fujitsu Interstage is a modular software component for enterprise business operations management. Multiple Fujitsu Interstage Products are prone to an unspecified buffer-overflow vulnerability because it fails to properly bounds check data. Failed attempts will likely cause a denial-of-service condition

Trust: 2.61

sources: NVD: CVE-2013-7105 // JVNDB: JVNDB-2013-005262 // CNVD: CNVD-2013-14750 // BID: 63929 // IVD: 671342aa-1efb-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.8

sources: IVD: 671342aa-1efb-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-14750

AFFECTED PRODUCTS

vendor:fujitsumodel:interstage studioscope:eqversion:9.0.0

Trust: 1.6

vendor:fujitsumodel:interstage studioscope:eqversion:9.1.0

Trust: 1.6

vendor:fujitsumodel:interstage application serverscope:eqversion:9.2.0

Trust: 1.6

vendor:fujitsumodel:interstage studioscope:eqversion:9.2.0

Trust: 1.6

vendor:fujitsumodel:interstage studioscope:eqversion:10.0.0

Trust: 1.6

vendor:fujitsumodel:interstage application serverscope:eqversion:9.1.0

Trust: 1.6

vendor:fujitsumodel:interstage application serverscope:eqversion:9.0.0

Trust: 1.6

vendor:fujitsumodel:interstage application serverscope:eqversion:9.3.1

Trust: 1.6

vendor:fujitsumodel:interstage application serverscope:eqversion:10.0.0

Trust: 1.6

vendor:fujitsumodel:interstage application serverscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage studioscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstage web serverscope: - version: -

Trust: 0.8

vendor:fujitsumodel:interstagescope:eqversion:9.x

Trust: 0.6

vendor:fujitsumodel:interstage studio standard-j editionscope:eqversion:9.2

Trust: 0.3

vendor:fujitsumodel:interstage studio standard-j editionscope:eqversion:9.1

Trust: 0.3

vendor:fujitsumodel:interstage studio standard-j editionscope:eqversion:9.0

Trust: 0.3

vendor:fujitsumodel:interstage studio standard-j edition bscope:eqversion:9.1.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:9.2

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:9.1

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition ascope:eqversion:9.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise editionscope:eqversion:9.0

Trust: 0.3

vendor:fujitsumodel:interstage application server enterprise edition 9.1.0ascope: - version: -

Trust: 0.3

vendor:interstage application servermodel: - scope:eqversion:9.0.0

Trust: 0.2

vendor:interstage application servermodel: - scope:eqversion:9.1.0

Trust: 0.2

vendor:interstage application servermodel: - scope:eqversion:9.2.0

Trust: 0.2

vendor:interstage application servermodel: - scope:eqversion:9.3.1

Trust: 0.2

vendor:interstage application servermodel: - scope:eqversion:10.0.0

Trust: 0.2

vendor:interstage studiomodel: - scope:eqversion:9.0.0

Trust: 0.2

vendor:interstage studiomodel: - scope:eqversion:9.1.0

Trust: 0.2

vendor:interstage studiomodel: - scope:eqversion:9.2.0

Trust: 0.2

vendor:interstage studiomodel: - scope:eqversion:10.0.0

Trust: 0.2

sources: IVD: 671342aa-1efb-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-14750 // BID: 63929 // JVNDB: JVNDB-2013-005262 // CNNVD: CNNVD-201312-260 // NVD: CVE-2013-7105

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-7105
value: HIGH

Trust: 1.0

IPA: JVNDB-2013-005262
value: HIGH

Trust: 0.8

CNVD: CNVD-2013-14750
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201312-260
value: CRITICAL

Trust: 0.6

IVD: 671342aa-1efb-11e6-abef-000c29c66e3d
value: CRITICAL

Trust: 0.2

nvd@nist.gov: CVE-2013-7105
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2013-005262
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2013-14750
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

IVD: 671342aa-1efb-11e6-abef-000c29c66e3d
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.9 [IVD]

Trust: 0.2

sources: IVD: 671342aa-1efb-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-14750 // JVNDB: JVNDB-2013-005262 // CNNVD: CNNVD-201312-260 // NVD: CVE-2013-7105

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.8

sources: JVNDB: JVNDB-2013-005262 // NVD: CVE-2013-7105

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201312-260

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: 671342aa-1efb-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201312-260

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005262

PATCH
title:Interstage HTTP Server: Buffer Overflow Vulnerability in Log Feature.url:http://www.fujitsu.com/global/support/software/security/products-f/interstage-201302e.html
Trust: 0.8
title:Patch for multiple Fujitsu Interstage products HTTP Server Buffer Overflow Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/41353
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2013-14750 // 
            
            
            
            JVNDB: JVNDB-2013-005262

EXTERNAL IDS
db:NVDid:CVE-2013-7105
Trust: 2.9
db:BIDid:63929
Trust: 1.9
db:SECTRACKid:1029398
Trust: 1.6
db:CNVDid:CNVD-2013-14750
Trust: 0.8
db:CNNVDid:CNNVD-201312-260
Trust: 0.8
db:JVNDBid:JVNDB-2013-005262
Trust: 0.8
db:IVDid:671342AA-1EFB-11E6-ABEF-000C29C66E3D
Trust: 0.2
sources:
            
            
            IVD: 671342aa-1efb-11e6-abef-000c29c66e3d // 
            
            
            
            CNVD: CNVD-2013-14750 // 
            
            
            
            BID: 63929 // 
            
            
            
            JVNDB: JVNDB-2013-005262 // 
            
            
            
            CNNVD: CNNVD-201312-260 // 
            
            
            
            NVD: CVE-2013-7105

REFERENCES
url:http://www.fujitsu.com/global/support/software/security/products-f/interstage-201302e.html
Trust: 1.9
url:http://www.securitytracker.com/id/1029398
Trust: 1.6
url:http://www.securityfocus.com/bid/63929
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7105
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7105
Trust: 0.8
url:http://www.securityfocus.com/bid/63929/
Trust: 0.6
url:http://www.fujitsu.com/global/services/software/interstage/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2013-14750 // 
            
            
            
            BID: 63929 // 
            
            
            
            JVNDB: JVNDB-2013-005262 // 
            
            
            
            CNNVD: CNNVD-201312-260 // 
            
            
            
            NVD: CVE-2013-7105

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 63929

SOURCES
db:IVDid:671342aa-1efb-11e6-abef-000c29c66e3d
db:CNVDid:CNVD-2013-14750
db:BIDid:63929
db:JVNDBid:JVNDB-2013-005262
db:CNNVDid:CNNVD-201312-260
db:NVDid:CVE-2013-7105

LAST UPDATE DATE
2024-08-14T14:58:13.898000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2013-14750date:2013-11-28T00:00:00
db:BIDid:63929date:2015-03-19T09:23:00
db:JVNDBid:JVNDB-2013-005262date:2013-12-18T00:00:00
db:CNNVDid:CNNVD-201312-260date:2013-12-19T00:00:00
db:NVDid:CVE-2013-7105date:2013-12-20T04:39:00.007

SOURCES RELEASE DATE
db:IVDid:671342aa-1efb-11e6-abef-000c29c66e3ddate:2013-11-28T00:00:00
db:CNVDid:CNVD-2013-14750date:2013-11-28T00:00:00
db:BIDid:63929date:2013-11-26T00:00:00
db:JVNDBid:JVNDB-2013-005262date:2013-11-28T00:00:00
db:CNNVDid:CNNVD-201312-260date:2013-12-19T00:00:00
db:NVDid:CVE-2013-7105date:2013-12-14T20:55:03.720