[Japanese]

JVNDB-2008-001647

Jasmine WebLink Template Multiple Vulnerabilities

Overview

Jasmin WebLink is vulnerable to buffer overflow (BOF), denial of service
(DoS) and cross-site scripting (XSS) when executing templates.
CVSS Severity (What is CVSS?)

Base Metrics: 7.5 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial

Affected Products


FUJITSU
  • Jasmine Enterprise Edition 2.0
  • Jasmine Enterprise Edition 2.0.1
  • Jasmine Enterprise Edition 2.0.2
  • Jasmine Enterprise Edition 3.1
  • Jasmine Enterprise Edition for Windows NT V2.0L10
  • Jasmine Enterprise Edition for Windows NT V2.0L10a
  • Jasmine Enterprise Edition V3.1L10
  • Jasmine Enterprise Edition for Windows NT V2.0L11
  • Jasmine Enterprise Edition for Windows NT V1.2L10
  • Jasmine Enterprise Edition for Windows NT V1.2L11
  • Jasmine Enterprise Edition 1.2.1
  • Jasmine Workgroup Edition for Windows NT V2.0L10
  • Jasmine Workgroup Edition for Windows NT V2.0L10a
  • Jasmine Workgroup Edition for Windows NT V1.2L10
  • Jasmine Workgroup Edition for Windows NT V1.2L11

Impact

A remote attacker could execute arbitrary code or cause a Denial of
Service (DoS) condition against vulnerable Web sites.
Solution

Please refer to the 'Vendor Information' and 'References' section for
appropriate countermeasure.
Vendor Information

FUJITSU
CWE (What is CWE?)

  1. Buffer Errors(CWE-119) [IPA Evaluation]
  2. Cross-site Scripting(CWE-79) [IPA Evaluation]
CVE (What is CVE?)

References

  1. JVN iPedia (Japanese) : JVNDB-2008-001647
Revision History

[2008/09/18]
  Web page published
[2009/03/30]
  Affected Products : Updated FUJITSU (jasmine200801).

Date Public2008/08/14
Date First Published2008/09/18
Date Last Updated2009/03/30