Fujitsu Jasmine HTTP Response Splitting Vulnerability When Executing WebLink Template


A vulnerability exists in Fujitsu Jasmine where HTTP response splitting may be conducted when the WebLink template is executed.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 6.8 (Medium) [NVD Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
Affected Products

  • Jasmine (enterprise) 1.2.1
  • Jasmine (enterprise) 2.0
  • Jasmine (enterprise) 2.0.1
  • Jasmine (enterprise) 2.0.2
  • Jasmine (enterprise) 3.1
  • Jasmine (enterprise) for Windows NT V1.2L10
  • Jasmine (enterprise) for Windows NT V1.2L11
  • Jasmine (enterprise) for Windows NT V2.0L10
  • Jasmine (enterprise) for Windows NT V2.0L10a


An attacker could insert arbitrary HTTP headers and launch HTTP response splitting attacks.

Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action.
Vendor Information

CWE (What is CWE?)

  1. Improper Input Validation(CWE-20) [NVD Evaluation]
CVE (What is CVE?)

  1. CVE-2009-0868

  1. National Vulnerability Database (NVD) : CVE-2009-0868
  2. Secunia Advisory : SA33971
  3. SecurityFocus : 33832
  4. ISS X-Force Database : 48818
  5. JVN iPedia (Japanese) : JVNDB-2009-001135
Revision History

  • [2009/04/17]
      Web page published