[Japanese]

JVNDB-2008-001647

Jasmine WebLink Template Multiple Vulnerabilities

Overview

Jasmin WebLink is vulnerable to buffer overflow (BOF), denial of service
(DoS) and cross-site scripting (XSS) when executing templates.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 7.5 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
Affected Products


FUJITSU
  • Jasmine (enterprise) 2.0
  • Jasmine (enterprise) 2.0.1
  • Jasmine (enterprise) 2.0.2
  • Jasmine (enterprise) 3.1
  • Jasmine (enterprise) for Windows NT V2.0L10
  • Jasmine (enterprise) for Windows NT V2.0L10a
  • Jasmine (enterprise) V3.1L10
  • Jasmine (workgroup) for Windows NT V2.0L10
  • Jasmine (workgroup) for Windows NT V2.0L10a
  • Jasmine (enterprise) for Windows NT V2.0L11
  • Jasmine (workgroup) for Windows NT V1.2L10
  • Jasmine (enterprise) for Windows NT V1.2L10
  • Jasmine (workgroup) for Windows NT V1.2L11
  • Jasmine (enterprise) for Windows NT V1.2L11
  • Jasmine (enterprise) 1.2.1

Impact

A remote attacker could execute arbitrary code or cause a Denial of
Service (DoS) condition against vulnerable Web sites.
Solution

Please refer to the 'Vendor Information' and 'References' section for
appropriate countermeasure.
Vendor Information

FUJITSU
CWE (What is CWE?)

  1. Buffer Errors(CWE-119) [IPA Evaluation]
  2. Cross-site Scripting(CWE-79) [IPA Evaluation]
CVE (What is CVE?)

References

  1. JVN iPedia (Japanese) : JVNDB-2008-001647
Revision History

  • [2008/09/18]
      Web page published
    [2009/03/30]
      Affected Products : Updated FUJITSU (jasmine200801).

Date Public2008/08/14
Date First Published2008/09/18
Date Last Updated2009/03/30