[Japanese]

JVNDB-2008-001575

Fujitsu Interstage Application Server Single Sign-On Buffer Overflow Vulnerability

Overview

The Single Sign-On function in Fujitsu Interstage Application Server has a buffer overflow vulnerability due to improper URI handling.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 10.0 (High) [NVD Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Complete
  • Integrity Impact: Complete
  • Availability Impact: Complete
Affected Products


FUJITSU
  • Interstage Application Server
  • Interstage Apworks
  • Interstage Business Application Server
  • Interstage Job Workload Server
  • Interstage Studio

Impact

A remote attacker could execute arbitrary code by sending a long URI.
Solution

Please refer to the 'Vendor Information' section for the vendor recommended workaround.
Vendor Information

FUJITSU
CWE (What is CWE?)

  1. Buffer Errors(CWE-119) [NVD Evaluation]
CVE (What is CVE?)

  1. CVE-2008-1040
References

  1. National Vulnerability Database (NVD) : CVE-2008-1040
  2. Secunia Advisory : SA29088
  3. SecurityFocus : 27966
  4. FrSIRT Advisories : FrSIRT/ADV-2008-0662
  5. JVN iPedia (Japanese) : JVNDB-2008-001575
Revision History

  • [2008/09/03]
      Web page published