[Japanese]

JVNDB-2007-000218

Interstage Application Server cross-site scripting vulnerability

Overview

The Servlet Service for Interstage Business Application and the Servlet Service for Interstage Management Console (may be referred to as "Servlet Service for Interstage Operation Management" in certain versions) included in the Interstage product series from Fujitsu contain a cross-site scripting vulnerability.

As of March 19, 2007, Fujitsu has announced workarounds for this issue. For more information, refer to the vendor's website.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


FUJITSU
  • Interstage Application Framework Suite
  • Interstage Application Server
  • Interstage Apworks
  • Interstage Business Application Server
  • Interstage Job Workload Server
  • Interstage Security Director

Impact

An arbitrary script may be executed on the user's web browser.
Solution

Vendor Information

FUJITSU
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2007-1504
References

  1. JVN : JVN#83832818
  2. National Vulnerability Database (NVD) : CVE-2007-1504
  3. Secunia Advisory : SA24508
  4. ISS X-Force Database : 33099
  5. FrSIRT Advisories : FrSIRT/ADV-2007-0996
Revision History

  • [2008/05/21]
      Web page published