Vulnerability CVE-2008-5810
Published: 2009-01-02   Modified: 2012-02-12

Description:
WBPublish (aka WBPublish.exe) in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allows remote attackers to execute arbitrary commands via shell metacharacters in input that is sent through HTTP and improperly used during temporary session data cleanup, possibly related to (1) directory names, (2) template names, and (3) session IDs.

See advisories in our WLB2 database:
Topic
Author
Date
High
Fujitsu-Siemens WebTransactions Remote Command
SEC-CONSULT
04.01.2009

Type:

CWE-20

 (Improper Input Validation)

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Fujitsu-siemens -> Webtransactions 

 References:
http://bs2www.fujitsu-siemens.de/update/securitypatch.htm#english
http://securityreason.com/securityalert/4856
http://www.sec-consult.com/files/20081219-0_fujitsu-siemens_webta_cmdexec.txt
http://www.securityfocus.com/archive/1/499417/100/0/threaded
http://www.securityfocus.com/bid/32927
http://www.securitytracker.com/id?1021475
http://www.vupen.com/english/advisories/2008/3462
https://exchange.xforce.ibmcloud.com/vulnerabilities/47495
Copyright 2024, cxsecurity.com

 

Back to Top