|
[Japanese]
|
JVNDB-2015-000001
|
Cybozu Remote Service Manager vulnerable to denial-of-service (DoS)
|
|
Remote Service Manager contains a denial-of-service (DoS) vulnerability.
Remote Service Manager provided by Cybozu, Inc. is a software to access internal systems such as Cybozu products via "Cybozu Remote Service". Remote Service Manager contains a denial-of-service (DoS) vulnerability.
Note that this vulnerability was caused due to an incomplete fix of JVN#10319260.
Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN.
JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early Warning Partnership.
|
|
CVSS V2 Severity:
Base Metrics 7.1 (High) [IPA Score]
- Access Vector: Network
- Access Complexity: Medium
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: Complete
|
|
|
Cybozu, Inc.
- Remote Service Manager 2.3.0 and earlier
- Remote Service Manager 3.1.2 and earlier
|
According to the developer, if server.xml of Tomcat is configured according to the developer's instructions, Remote Service Manager 3.1.2 will not be affected.
|
|
An attacker may cause a denial-of-service (DoS) condition for a server that is running Remote Service Manager. As a result, "Cybozu Remote Service" may be disrupted.
|
|
For Remote Service Manager 3.1.2:
[Change the settings]
Change the settings file (server.xml), according to the instructions provided by the developer.
For Remote Service Manager 3.1.1 and earlier:
[Update the software and change the settings]
Apply the update and change the settings file (server.xml), according to the instructions provided by the developer.
|
|
Cybozu, Inc.
|
|
- No Mapping(CWE-Other) [IPA Evaluation]
|
|
- CVE-2014-7266
|
|
- JVN : JVN#13566542
- JVN : JVN#10319260
- National Vulnerability Database (NVD) : CVE-2014-7266
|
|
- [2015/01/30]
Web page was published
|
