[Japanese]
|
JVNDB-2010-000018
|
Interstage Application Server vulnerable in request processing
|
The Servlet service provided by the Interstage Application Server from Fujitsu Limited, contains a vulnerability where certain requests are not processed properly.
The Servlet service provided by the Interstage Application Server from Fujitsu Limited, contains a vulnerability where certain requests may be handled improperly depending on the settings at the load balancing device.
|
CVSS V2 Severity: Base Metrics 6.4 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: Partial
- Availability Impact: None
|
|
FUJITSU
- Interstage Application Framework Suite
- Interstage Application Server
- Interstage Business Application Manager
- Interstage List Manager
|
|
Invalid requests may be processed or user information may be leaked.
According to the developer, the impact of this vulnerability depends on the implementation of the web application.
|
[Update the Software]
Update to the latest version according to the information provided by the developer.
[Apply a Workaround]
Until an update can be applied, the workaround below may reduce the impact of this vulnerability:
* Adjust the settings at the load balancing device so that each server begins to receive sorted requests, in at least 5 minute intervals.
|
FUJITSU
|
- No Mapping(CWE-noinfo) [IPA Evaluation]
|
- CVE-2010-1942
|
- JVN : JVN#90248889
- National Vulnerability Database (NVD) : CVE-2010-1942
- Secunia Advisory : SA39803
- SecurityFocus : 40189
- VUPEN Security : VUPEN/ADV-2010-1165
- OPEN SOURCE VULNERABILITY DATABASE (OSVDB) : 64703
|
- [2010/05/17]
Web page published
|