[Japanese]

JVNDB-2008-001576

Fujitsu Interstage Application Server Interstage Management Console Arbitrary File Read/Delete Vulnerability

Overview

The Interstage Management Console used in Fujitsu Interstage Application Server has a vulnerability which allows remote attackers to read or delete arbitrary files.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 6.4 (Medium) [NVD Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


FUJITSU
  • Interstage Application Framework Suite
  • Interstage Application Server
  • Interstage Apworks
  • Interstage Business Application Server
  • Interstage Job Workload Server
  • Interstage Studio
  • Interstage Web Server

Impact

A remote attacker could read or delete arbitrary files.
Solution

Please refer to the 'Vendor Information' section for the vendor recommended workaround.
Vendor Information

FUJITSU
CWE (What is CWE?)

  1. No Mapping(CWE-noinfo) [NVD Evaluation]
CVE (What is CVE?)

  1. CVE-2008-2674
References

  1. National Vulnerability Database (NVD) : CVE-2008-2674
  2. Secunia Advisory : SA30589
  3. SecurityFocus : 27966
  4. FrSIRT Advisories : FrSIRT/ADV-2008-1771
  5. JVN iPedia (Japanese) : JVNDB-2008-001576
Revision History

  • [2008/09/03]
      Web page published
    [2012/02/15]
      Affected Products : Products were added