[Japanese]
|
JVNDB-2009-002358
|
Fujitsu Interstage and Systemwalker SSL Vulnerabilities
|
Fujitsu Interstage and Systemwalker related products have the vulnerabilities listed below:
- A buffer overflow vulnerability that can occur when the SSL server verifies the client's certificate.
- A vulnerability that makes it possible to make an SSL connection using a server or client certificate issued by the old CA certificate after the CA certificate is renewed, regardless of the settings of the certificate environment variables.
- A vulnerability where the depletion of resources, such as file descriptors, can occur on the SSL server.
|
CVSS V2 Severity: Base Metrics 5.0 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Partial
|
|
FUJITSU
- InfoDirectory
- InfoProvider Pro
- InfoProxy
- InfoProxy for Middleware
- Interstage
- Interstage Apcoordinator
- Interstage Application Framework Suite
- Interstage Application Server
- Interstage Apworks
- Interstage Business Application Manager
- Interstage Form Coordinator syomei option
- Interstage Security Director
- Interstage Traffic Director
- Linkexpress
- Safeauthor
- Safegate
- safegate Client
- Safegate syutyu kanri
- SymfoWARE Universal Data Interchanger
- Systemwalker Centric Manager
- Systemwalker CentricMGR-A
- Systemwalker Desktop Inspection
- Systemwalker Desktop Patrol
- Systemwalker Formcoordinator syomei option
- Systemwalker IT Budget Manager
- SystemWalker IT BudgetMGR
- Systemwalker Software Delivery
- SystemWalker/InfoDirectory
- TRADEMASTER
- TRMASTER
|
|
A remote attacker can cause a denial of service (DoS) condition or make an SSL connection using a fake certificate.
|
Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action.
|
FUJITSU
|
- Buffer Errors(CWE-119) [IPA Evaluation]
- Improper Authentication(CWE-287) [IPA Evaluation]
- Resource Management Errors(CWE-399) [IPA Evaluation]
|
|
|
- [2009/12/28]
Web page published
|