[Japanese]

JVNDB-2010-000018

Interstage Application Server vulnerable in request processing

Overview

The Servlet service provided by the Interstage Application Server from Fujitsu Limited, contains a vulnerability where certain requests are not processed properly.

The Servlet service provided by the Interstage Application Server from Fujitsu Limited, contains a vulnerability where certain requests may be handled improperly depending on the settings at the load balancing device.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 6.4 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


FUJITSU
  • Interstage Application Framework Suite
  • Interstage Application Server
  • Interstage Business Application Manager
  • Interstage List Manager

Impact

Invalid requests may be processed or user information may be leaked.

According to the developer, the impact of this vulnerability depends on the implementation of the web application.
Solution

[Update the Software]
Update to the latest version according to the information provided by the developer.

[Apply a Workaround]
Until an update can be applied, the workaround below may reduce the impact of this vulnerability:

* Adjust the settings at the load balancing device so that each server begins to receive sorted requests, in at least 5 minute intervals.
Vendor Information

FUJITSU
CWE (What is CWE?)

  1. No Mapping(CWE-noinfo) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2010-1942
References

  1. JVN : JVN#90248889
  2. National Vulnerability Database (NVD) : CVE-2010-1942
  3. Secunia Advisory : SA39803
  4. SecurityFocus : 40189
  5. VUPEN Security : VUPEN/ADV-2010-1165
  6. OPEN SOURCE VULNERABILITY DATABASE (OSVDB) : 64703
Revision History

  • [2010/05/17]
      Web page published