[Japanese]

JVNDB-2009-002358

Fujitsu Interstage and Systemwalker SSL Vulnerabilities

Overview

Fujitsu Interstage and Systemwalker related products have the vulnerabilities listed below:
- A buffer overflow vulnerability that can occur when the SSL server verifies the client's certificate.
- A vulnerability that makes it possible to make an SSL connection using a server or client certificate issued by the old CA certificate after the CA certificate is renewed, regardless of the settings of the certificate environment variables.
- A vulnerability where the depletion of resources, such as file descriptors, can occur on the SSL server.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 5.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: Partial
Affected Products


FUJITSU
  • InfoDirectory
  • InfoProvider Pro
  • InfoProxy
  • InfoProxy for Middleware
  • Interstage
  • Interstage Apcoordinator
  • Interstage Application Framework Suite
  • Interstage Application Server
  • Interstage Apworks
  • Interstage Business Application Manager
  • Interstage Form Coordinator syomei option
  • Interstage Security Director
  • Interstage Traffic Director
  • Linkexpress
  • Safeauthor
  • Safegate
  • safegate Client
  • Safegate syutyu kanri
  • SymfoWARE Universal Data Interchanger
  • Systemwalker Centric Manager
  • Systemwalker CentricMGR-A
  • Systemwalker Desktop Inspection
  • Systemwalker Desktop Patrol
  • Systemwalker Formcoordinator syomei option
  • Systemwalker IT Budget Manager
  • SystemWalker IT BudgetMGR
  • Systemwalker Software Delivery
  • SystemWalker/InfoDirectory
  • TRADEMASTER
  • TRMASTER

Impact

A remote attacker can cause a denial of service (DoS) condition or make an SSL connection using a fake certificate.
Solution

Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action.
Vendor Information

FUJITSU
CWE (What is CWE?)

  1. Buffer Errors(CWE-119) [IPA Evaluation]
  2. Improper Authentication(CWE-287) [IPA Evaluation]
  3. Resource Management Errors(CWE-399) [IPA Evaluation]
CVE (What is CVE?)

References

Revision History

  • [2009/12/28]
      Web page published