[Japanese]

JVNDB-2010-002467

Interstage Application Server Information Disclosure Vulnerability

Overview

Interstage Application Server has an information disclosure vulnerability when used in a J2EE environment.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 7.8 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Complete
  • Integrity Impact: None
  • Availability Impact: None
Affected Products


FUJITSU
  • Interstage Application Framework Suite
  • Interstage Application Server
  • Interstage Apworks
  • Interstage Business Application Server
  • Interstage Job Workload Server
  • Interstage Studio
  • Interstage Web Server

Impact

By taking the specific steps, a remote attacker could access the files and directories in the server to which J2EE applications are deployed, and the confidential information may be disclosed.
Solution

Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action.
Vendor Information

FUJITSU
CWE (What is CWE?)

  1. Information Exposure(CWE-200) [IPA Evaluation]
CVE (What is CVE?)

References

Revision History

  • [2010/12/14]
      Web page published

Date Public2010/11/15
Date First Published2010/12/14
Date Last Updated2010/12/14