Vulnerability CVE-2007-5366
Published: 2007-10-11   Modified: 2012-02-12

Description:
The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application Server 7.0 through 9.0.0 and Interstage Apworks/Studio 7.0 through 9.0.0 allows remote attackers to obtain sensitive information (web root path) via unspecified vectors that trigger an error message, probably related to enabling the useCanonCaches Java Virtual Machine (JVM) option.

Type:

CWE-22

 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'))

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Fujitsu -> Interstage application server 
Fujitsu -> Interstage apworks 
Fujitsu -> Interstage studio 

 References:
http://www.securityfocus.com/bid/25988
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200705e.html
http://secunia.com/advisories/27136
http://osvdb.org/41318
http://xforce.iss.net/xforce/xfdb/37026
Copyright 2024, cxsecurity.com

 

Back to Top