[Japanese]

JVNDB-2009-001135

Fujitsu Jasmine HTTP Response Splitting Vulnerability When Executing WebLink Template

Overview

A vulnerability exists in Fujitsu Jasmine where HTTP response splitting may be conducted when the WebLink template is executed.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 6.8 (Medium) [NVD Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
Affected Products


FUJITSU
  • Jasmine (enterprise) 1.2.1
  • Jasmine (enterprise) 2.0
  • Jasmine (enterprise) 2.0.1
  • Jasmine (enterprise) 2.0.2
  • Jasmine (enterprise) 3.1
  • Jasmine (enterprise) for Windows NT V1.2L10
  • Jasmine (enterprise) for Windows NT V1.2L11
  • Jasmine (enterprise) for Windows NT V2.0L10
  • Jasmine (enterprise) for Windows NT V2.0L10a

Impact

An attacker could insert arbitrary HTTP headers and launch HTTP response splitting attacks.
Solution

Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action.
Vendor Information

FUJITSU
CWE (What is CWE?)

  1. Improper Input Validation(CWE-20) [NVD Evaluation]
CVE (What is CVE?)

  1. CVE-2009-0868
References

  1. National Vulnerability Database (NVD) : CVE-2009-0868
  2. Secunia Advisory : SA33971
  3. SecurityFocus : 33832
  4. ISS X-Force Database : 48818
  5. JVN iPedia (Japanese) : JVNDB-2009-001135
Revision History

  • [2009/04/17]
      Web page published

Date Public2009/02/19
Date First Published2009/04/17
Date Last Updated2009/04/17