[Japanese]

JVNDB-2013-005262

Buffer Overflow Vulnerability in the log function of Interstage HTTP Server

Overview

The log function (ihsrlog/rotatelogs) of Interstage HTTP Server contains a buffer overflow vulnerability.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 10.0 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Complete
  • Integrity Impact: Complete
  • Availability Impact: Complete
Affected Products


FUJITSU
  • Interstage Application Server
  • Interstage Studio
  • Interstage Web Server

Impact

An attacker could execute arbitrary code.
Solution

Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action.
Vendor Information

FUJITSU
CWE (What is CWE?)

  1. Buffer Errors(CWE-119) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2013-7105
References

  1. National Vulnerability Database (NVD) : CVE-2013-7105
Revision History

  • [2013/11/28]
      Web page was published
    [2013/12/18]
      CVE : CVE-ID was added
      References : Content was added

Date Public2013/11/26
Date First Published2013/11/28
Date Last Updated2013/12/18