cvelistv5 - cve-2007-5366

CVE-2007-5366 (GCVE-0-2007-5366)

Vulnerability from cvelistv5 – Published: 2007-10-11 10:00 – Updated: 2024-08-07 15:31

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://secunia.com/advisories/27136	third-party-advisoryx_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://osvdb.org/41318	vdb-entryx_refsource_OSVDB
	http://www.securityfocus.com/bid/25988	vdb-entryx_refsource_BID
	http://www.fujitsu.com/global/support/software/se…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T15:31:57.935Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "27136",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27136"
          },
          {
            "name": "interstage-servlet-path-disclosure(37026)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37026"
          },
          {
            "name": "41318",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/41318"
          },
          {
            "name": "25988",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25988"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200705e.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-10-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application Server 7.0 through 9.0.0 and Interstage Apworks/Studio 7.0 through 9.0.0 allows remote attackers to obtain sensitive information (web root path) via unspecified vectors that trigger an error message, probably related to enabling the useCanonCaches Java Virtual Machine (JVM) option."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "27136",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27136"
        },
        {
          "name": "interstage-servlet-path-disclosure(37026)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37026"
        },
        {
          "name": "41318",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/41318"
        },
        {
          "name": "25988",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25988"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200705e.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5366",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application Server 7.0 through 9.0.0 and Interstage Apworks/Studio 7.0 through 9.0.0 allows remote attackers to obtain sensitive information (web root path) via unspecified vectors that trigger an error message, probably related to enabling the useCanonCaches Java Virtual Machine (JVM) option."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "27136",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/27136"
            },
            {
              "name": "interstage-servlet-path-disclosure(37026)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37026"
            },
            {
              "name": "41318",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/41318"
            },
            {
              "name": "25988",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/25988"
            },
            {
              "name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200705e.html",
              "refsource": "CONFIRM",
              "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200705e.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-5366",
    "datePublished": "2007-10-11T10:00:00",
    "dateReserved": "2007-10-10T00:00:00",
    "dateUpdated": "2024-08-07T15:31:57.935Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fujitsu:interstage_application_server:7.0:*:enterprise:*:*:*:*:*\", \"matchCriteriaId\": \"99AC7276-3FF3-42D0-AA5A-E807C916E1AD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fujitsu:interstage_application_server:7.0:*:plus:*:*:*:*:*\", \"matchCriteriaId\": \"CEEEE36C-E14C-4D0F-B382-0903D104E578\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fujitsu:interstage_application_server:7.0:*:plus_developer:*:*:*:*:*\", \"matchCriteriaId\": \"C23324B8-E010-4E21-ADEF-58FC0A0D2BFB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fujitsu:interstage_application_server:7.0.1:*:enterprise:*:*:*:*:*\", \"matchCriteriaId\": \"390FBC71-1CF2-4D05-9931-9F4E7ED9C096\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fujitsu:interstage_application_server:7.0.1:*:plus:*:*:*:*:*\", \"matchCriteriaId\": \"BDD9380C-8224-44C5-9688-F3134A6A0C04\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fujitsu:interstage_application_server:8.0.0:*:enterprise:*:*:*:*:*\", \"matchCriteriaId\": \"E7F2EDBD-8799-4EAF-9925-3C07FAEEBE77\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fujitsu:interstage_application_server:8.0.0:*:standard_j:*:*:*:*:*\", \"matchCriteriaId\": \"AA6ED703-53F9-4536-8E1D-46C30E547B06\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fujitsu:interstage_application_server:8.0.1:*:enterprise:*:*:*:*:*\", \"matchCriteriaId\": \"68B3EF82-0491-41D1-AB3F-FED1012F3BDF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fujitsu:interstage_application_server:8.0.1:*:standard_j:*:*:*:*:*\", \"matchCriteriaId\": \"DA20FDEB-40D5-4F73-B365-AD025C7348DD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fujitsu:interstage_application_server:8.0.2:*:enterprise:*:*:*:*:*\", \"matchCriteriaId\": \"BCD4B39A-E25A-4F9F-8D8F-D0990DFC9DF8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fujitsu:interstage_application_server:8.0.2:*:standard_j:*:*:*:*:*\", \"matchCriteriaId\": \"28BB7A8E-8AC3-4FC3-8668-067124DF4091\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fujitsu:interstage_application_server:8.0.3:*:enterprise:*:*:*:*:*\", \"matchCriteriaId\": \"413AB29F-2B9D-409B-A24B-2660347317EB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fujitsu:interstage_application_server:8.0.3:*:standard_j:*:*:*:*:*\", \"matchCriteriaId\": \"90E8DFDD-8909-4317-B87A-768013BECB7A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fujitsu:interstage_application_server:9.0:*:enterprise:*:*:*:*:*\", \"matchCriteriaId\": \"63C58135-5452-47A0-BB14-BC5A3B14B043\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fujitsu:interstage_application_server:9.0:*:standard_j:*:*:*:*:*\", \"matchCriteriaId\": \"CE82AE4E-4E65-437B-B367-A6905400D372\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fujitsu:interstage_application_server:9.0a:*:enterprise:*:*:*:*:*\", \"matchCriteriaId\": \"B435EA8E-21BE-491B-81E6-7A02DBE9A5DF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fujitsu:interstage_application_server:9.0a:*:standard_j:*:*:*:*:*\", \"matchCriteriaId\": \"93B3414A-9521-43C4-87EC-151FF3567203\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fujitsu:interstage_apworks:7.0:*:modelers_j:*:*:*:*:*\", \"matchCriteriaId\": \"5CD7B921-18CA-47B7-B020-9B3371485007\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fujitsu:interstage_apworks:8.0:*:enterprise:*:*:*:*:*\", \"matchCriteriaId\": \"D9D08EBC-EAB5-4D2F-9B62-BA96D9B25EB6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fujitsu:interstage_apworks:8.0:*:standard_j:*:*:*:*:*\", \"matchCriteriaId\": \"E44622B8-0EFE-4A80-BB0D-0D2646D067AD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fujitsu:interstage_studio:8.01:*:enterprise:*:*:*:*:*\", \"matchCriteriaId\": \"6D12EF8C-FEAB-4666-8F7E-49CAD77933B9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fujitsu:interstage_studio:8.01:*:standard_j:*:*:*:*:*\", \"matchCriteriaId\": \"3605D6E6-2C4D-4837-9587-C12645022582\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fujitsu:interstage_studio:9.0:*:enterprise:*:*:*:*:*\", \"matchCriteriaId\": \"DB3CDB47-DF42-4988-A7A3-1908FC36017D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:fujitsu:interstage_studio:9.0:*:standard_j:*:*:*:*:*\", \"matchCriteriaId\": \"763121B4-8990-4876-B0DC-D7F75A1300A1\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application Server 7.0 through 9.0.0 and Interstage Apworks/Studio 7.0 through 9.0.0 allows remote attackers to obtain sensitive information (web root path) via unspecified vectors that trigger an error message, probably related to enabling the useCanonCaches Java Virtual Machine (JVM) option.\"}, {\"lang\": \"es\", \"value\": \"El Tomcat 4.1-based Servlet Service en Fujitsu Interstage Application Server 7.0 hasta la 9.0.0 y Interstage Apworks/Studio 7.0 hasta la 9.0.0 permite a atacantes remotos obtener informaci\\u00f3n sensible (ruta del ra\\u00edz web) a trav\\u00e9s de vectores no especificados que disparan un mensaje de error, probablemente relacionado con el permiso de la opci\\u00f3n useCanonCaches Java Virtual Machine (JVM).\"}]",
      "id": "CVE-2007-5366",
      "lastModified": "2024-11-21T00:37:44.050",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2007-10-11T10:17:00.000",
      "references": "[{\"url\": \"http://osvdb.org/41318\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/27136\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.fujitsu.com/global/support/software/security/products-f/interstage-200705e.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/25988\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/37026\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://osvdb.org/41318\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/27136\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.fujitsu.com/global/support/software/security/products-f/interstage-200705e.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/25988\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/37026\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-5366\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-10-11T10:17:00.000\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application Server 7.0 through 9.0.0 and Interstage Apworks/Studio 7.0 through 9.0.0 allows remote attackers to obtain sensitive information (web root path) via unspecified vectors that trigger an error message, probably related to enabling the useCanonCaches Java Virtual Machine (JVM) option.\"},{\"lang\":\"es\",\"value\":\"El Tomcat 4.1-based Servlet Service en Fujitsu Interstage Application Server 7.0 hasta la 9.0.0 y Interstage Apworks/Studio 7.0 hasta la 9.0.0 permite a atacantes remotos obtener informaci\u00f3n sensible (ruta del ra\u00edz web) a trav\u00e9s de vectores no especificados que disparan un mensaje de error, probablemente relacionado con el permiso de la opci\u00f3n useCanonCaches Java Virtual Machine (JVM).\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fujitsu:interstage_application_server:7.0:*:enterprise:*:*:*:*:*\",\"matchCriteriaId\":\"99AC7276-3FF3-42D0-AA5A-E807C916E1AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fujitsu:interstage_application_server:7.0:*:plus:*:*:*:*:*\",\"matchCriteriaId\":\"CEEEE36C-E14C-4D0F-B382-0903D104E578\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fujitsu:interstage_application_server:7.0:*:plus_developer:*:*:*:*:*\",\"matchCriteriaId\":\"C23324B8-E010-4E21-ADEF-58FC0A0D2BFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fujitsu:interstage_application_server:7.0.1:*:enterprise:*:*:*:*:*\",\"matchCriteriaId\":\"390FBC71-1CF2-4D05-9931-9F4E7ED9C096\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fujitsu:interstage_application_server:7.0.1:*:plus:*:*:*:*:*\",\"matchCriteriaId\":\"BDD9380C-8224-44C5-9688-F3134A6A0C04\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fujitsu:interstage_application_server:8.0.0:*:enterprise:*:*:*:*:*\",\"matchCriteriaId\":\"E7F2EDBD-8799-4EAF-9925-3C07FAEEBE77\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fujitsu:interstage_application_server:8.0.0:*:standard_j:*:*:*:*:*\",\"matchCriteriaId\":\"AA6ED703-53F9-4536-8E1D-46C30E547B06\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fujitsu:interstage_application_server:8.0.1:*:enterprise:*:*:*:*:*\",\"matchCriteriaId\":\"68B3EF82-0491-41D1-AB3F-FED1012F3BDF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fujitsu:interstage_application_server:8.0.1:*:standard_j:*:*:*:*:*\",\"matchCriteriaId\":\"DA20FDEB-40D5-4F73-B365-AD025C7348DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fujitsu:interstage_application_server:8.0.2:*:enterprise:*:*:*:*:*\",\"matchCriteriaId\":\"BCD4B39A-E25A-4F9F-8D8F-D0990DFC9DF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fujitsu:interstage_application_server:8.0.2:*:standard_j:*:*:*:*:*\",\"matchCriteriaId\":\"28BB7A8E-8AC3-4FC3-8668-067124DF4091\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fujitsu:interstage_application_server:8.0.3:*:enterprise:*:*:*:*:*\",\"matchCriteriaId\":\"413AB29F-2B9D-409B-A24B-2660347317EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fujitsu:interstage_application_server:8.0.3:*:standard_j:*:*:*:*:*\",\"matchCriteriaId\":\"90E8DFDD-8909-4317-B87A-768013BECB7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fujitsu:interstage_application_server:9.0:*:enterprise:*:*:*:*:*\",\"matchCriteriaId\":\"63C58135-5452-47A0-BB14-BC5A3B14B043\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fujitsu:interstage_application_server:9.0:*:standard_j:*:*:*:*:*\",\"matchCriteriaId\":\"CE82AE4E-4E65-437B-B367-A6905400D372\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fujitsu:interstage_application_server:9.0a:*:enterprise:*:*:*:*:*\",\"matchCriteriaId\":\"B435EA8E-21BE-491B-81E6-7A02DBE9A5DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fujitsu:interstage_application_server:9.0a:*:standard_j:*:*:*:*:*\",\"matchCriteriaId\":\"93B3414A-9521-43C4-87EC-151FF3567203\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fujitsu:interstage_apworks:7.0:*:modelers_j:*:*:*:*:*\",\"matchCriteriaId\":\"5CD7B921-18CA-47B7-B020-9B3371485007\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fujitsu:interstage_apworks:8.0:*:enterprise:*:*:*:*:*\",\"matchCriteriaId\":\"D9D08EBC-EAB5-4D2F-9B62-BA96D9B25EB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fujitsu:interstage_apworks:8.0:*:standard_j:*:*:*:*:*\",\"matchCriteriaId\":\"E44622B8-0EFE-4A80-BB0D-0D2646D067AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fujitsu:interstage_studio:8.01:*:enterprise:*:*:*:*:*\",\"matchCriteriaId\":\"6D12EF8C-FEAB-4666-8F7E-49CAD77933B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fujitsu:interstage_studio:8.01:*:standard_j:*:*:*:*:*\",\"matchCriteriaId\":\"3605D6E6-2C4D-4837-9587-C12645022582\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fujitsu:interstage_studio:9.0:*:enterprise:*:*:*:*:*\",\"matchCriteriaId\":\"DB3CDB47-DF42-4988-A7A3-1908FC36017D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:fujitsu:interstage_studio:9.0:*:standard_j:*:*:*:*:*\",\"matchCriteriaId\":\"763121B4-8990-4876-B0DC-D7F75A1300A1\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/41318\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/27136\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.fujitsu.com/global/support/software/security/products-f/interstage-200705e.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/25988\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/37026\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/41318\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/27136\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.fujitsu.com/global/support/software/security/products-f/interstage-200705e.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/25988\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/37026\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

VAR-200710-0145

Vulnerability from variot - Updated: 2023-12-18 12:32

The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application Server 7.0 through 9.0.0 and Interstage Apworks/Studio 7.0 through 9.0.0 allows remote attackers to obtain sensitive information (web root path) via unspecified vectors that trigger an error message, probably related to enabling the useCanonCaches Java Virtual Machine (JVM) option. Interstage Application Server is prone to a path-disclosure vulnerability. Exploiting this issue can allow an attacker to access sensitive data that may be used to launch further attacks against a vulnerable computer.

Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure.

The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,700 different Windows applications.

Request your account, the Secunia Network Software Inspector (NSI): http://secunia.com/network_software_inspector/

TITLE: Interstage Application Server Full Path Disclosure Weakness

SECUNIA ADVISORY ID: SA27136

VERIFY ADVISORY: http://secunia.com/advisories/27136/

CRITICAL: Not critical

IMPACT: Exposure of system information

WHERE:

From remote

SOFTWARE: Interstage Application Server 7.x http://secunia.com/product/13692/ Interstage Application Server 8.x http://secunia.com/product/13685/ Interstage Application Server 9.x http://secunia.com/product/15986/ Interstage Apworks 7.x http://secunia.com/product/13689/ Interstage Apworks 8.x http://secunia.com/product/15987/ Interstage Studio 8.x http://secunia.com/product/13690/ Interstage Studio 9.x http://secunia.com/product/15610/

DESCRIPTION: A weakness has been reported in Interstage Application Server, which can be exploited by malicious people to disclose system information.

The weakness is caused due to the full web server path being disclosed in error messages when performing certain unspecified actions on the web server.

Please see the vendor advisory for a list of affected products.

SOLUTION: The vendor will reportedly address this issue in future versions.

PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.

ORIGINAL ADVISORY: http://www.fujitsu.com/global/support/software/security/products-f/interstage-200705e.html

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200710-0145",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "interstage apworks",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fujitsu",
        "version": "8.0"
      },
      {
        "model": "interstage studio",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage application server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage application server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fujitsu",
        "version": "9.0a"
      },
      {
        "model": "interstage apworks",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fujitsu",
        "version": "7.0"
      },
      {
        "model": "interstage studio",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fujitsu",
        "version": "8.01"
      },
      {
        "model": "interstage application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "8.0.0"
      },
      {
        "model": "interstage application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "7.0"
      },
      {
        "model": "interstage application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "8.0.3"
      },
      {
        "model": "interstage application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "7.0.1"
      },
      {
        "model": "interstage application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "8.0.1"
      },
      {
        "model": "interstage application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "8.0.2"
      },
      {
        "model": "interstage application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "7.0 to  9.0.0"
      },
      {
        "model": "interstage apworks",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "7.0 to  9.0.0"
      },
      {
        "model": "interstage studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "7.0 to  9.0.0"
      },
      {
        "model": "interstage studio standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage studio standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0.1"
      },
      {
        "model": "interstage studio enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage studio enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0.1"
      },
      {
        "model": "interstage apworks standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0"
      },
      {
        "model": "interstage apworks modelers-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "7.0"
      },
      {
        "model": "interstage apworks enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0"
      },
      {
        "model": "interstage application server standard-j edition a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage application server standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage application server standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0.3"
      },
      {
        "model": "interstage application server standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0.2"
      },
      {
        "model": "interstage application server standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0.1"
      },
      {
        "model": "interstage application server standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0"
      },
      {
        "model": "interstage application server plus developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "7.0"
      },
      {
        "model": "interstage application server plus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "7.0.1"
      },
      {
        "model": "interstage application server plus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "7.0"
      },
      {
        "model": "interstage application server enterprise edition a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0.3"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0.2"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0.1"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "7.0.1"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "7.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "25988"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002758"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5366"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-199"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:7.0:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:7.0:*:plus:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:8.0.2:*:standard_j:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:8.0.3:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_apworks:8.0:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_apworks:8.0:*:standard_j:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_studio:8.01:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:7.0:*:plus_developer:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:8.0.0:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:8.0.3:*:standard_j:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:9.0:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_studio:8.01:*:standard_j:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_studio:9.0:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:8.0.0:*:standard_j:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:8.0.1:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:9.0:*:standard_j:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:9.0a:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_studio:9.0:*:standard_j:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:7.0.1:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:7.0.1:*:plus:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:8.0.1:*:standard_j:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:8.0.2:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:9.0a:*:standard_j:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_apworks:7.0:*:modelers_j:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-5366"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor disclosed this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "25988"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-199"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2007-5366",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2007-5366",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2007-5366",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200710-199",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002758"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5366"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-199"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application Server 7.0 through 9.0.0 and Interstage Apworks/Studio 7.0 through 9.0.0 allows remote attackers to obtain sensitive information (web root path) via unspecified vectors that trigger an error message, probably related to enabling the useCanonCaches Java Virtual Machine (JVM) option. Interstage Application Server is prone to a path-disclosure vulnerability. \nExploiting this issue can allow an attacker to access sensitive data that may be used to launch further attacks against a vulnerable computer. \n\n----------------------------------------------------------------------\n\nTry a new way to discover vulnerabilities that ALREADY EXIST in your\nIT infrastructure. \n\nThe Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT\nvulnerabilities in more than 4,700 different Windows applications. \n\nRequest your account, the Secunia Network Software Inspector (NSI):\nhttp://secunia.com/network_software_inspector/\n\n----------------------------------------------------------------------\n\nTITLE:\nInterstage Application Server Full Path Disclosure Weakness\n\nSECUNIA ADVISORY ID:\nSA27136\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/27136/\n\nCRITICAL:\nNot critical\n\nIMPACT:\nExposure of system information\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nInterstage Application Server 7.x\nhttp://secunia.com/product/13692/\nInterstage Application Server 8.x\nhttp://secunia.com/product/13685/\nInterstage Application Server 9.x\nhttp://secunia.com/product/15986/\nInterstage Apworks 7.x\nhttp://secunia.com/product/13689/\nInterstage Apworks 8.x\nhttp://secunia.com/product/15987/\nInterstage Studio 8.x\nhttp://secunia.com/product/13690/\nInterstage Studio 9.x\nhttp://secunia.com/product/15610/\n\nDESCRIPTION:\nA weakness has been reported in Interstage Application Server, which\ncan be exploited by malicious people to disclose system information. \n\nThe weakness is caused due to the full web server path being\ndisclosed in error messages when performing certain unspecified\nactions on the web server. \n\nPlease see the vendor advisory for a list of affected products. \n\nSOLUTION:\nThe vendor will reportedly address this issue in future versions. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.fujitsu.com/global/support/software/security/products-f/interstage-200705e.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-5366"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002758"
      },
      {
        "db": "BID",
        "id": "25988"
      },
      {
        "db": "PACKETSTORM",
        "id": "59982"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-5366",
        "trust": 2.7
      },
      {
        "db": "BID",
        "id": "25988",
        "trust": 1.9
      },
      {
        "db": "SECUNIA",
        "id": "27136",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "41318",
        "trust": 1.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002758",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "37026",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-199",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "59982",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "25988"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002758"
      },
      {
        "db": "PACKETSTORM",
        "id": "59982"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5366"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-199"
      }
    ]
  },
  "id": "VAR-200710-0145",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.15801565
  },
  "last_update_date": "2023-12-18T12:32:13.745000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Web Root Path Disclosure Vulnerability in Interstage Application Server. October 9th, 2007",
        "trust": 0.8,
        "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200705e.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002758"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-22",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002758"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5366"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200705e.html"
      },
      {
        "trust": 1.6,
        "url": "http://osvdb.org/41318"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/27136"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/25988"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37026"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5366"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-5366"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/37026"
      },
      {
        "trust": 0.3,
        "url": "http://www.fujitsu.com/global/services/software/interstage/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/27136/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/15986/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/13692/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/network_software_inspector/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/13689/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/15610/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/13690/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/13685/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/15987/"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "25988"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002758"
      },
      {
        "db": "PACKETSTORM",
        "id": "59982"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5366"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-199"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "25988"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002758"
      },
      {
        "db": "PACKETSTORM",
        "id": "59982"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5366"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-199"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-10-09T00:00:00",
        "db": "BID",
        "id": "25988"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-002758"
      },
      {
        "date": "2007-10-11T02:52:18",
        "db": "PACKETSTORM",
        "id": "59982"
      },
      {
        "date": "2007-10-11T10:17:00",
        "db": "NVD",
        "id": "CVE-2007-5366"
      },
      {
        "date": "2007-10-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200710-199"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-05-07T17:35:00",
        "db": "BID",
        "id": "25988"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-002758"
      },
      {
        "date": "2017-07-29T01:33:37.803000",
        "db": "NVD",
        "id": "CVE-2007-5366"
      },
      {
        "date": "2007-10-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200710-199"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-199"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Fujitsu Interstage Vulnerabilities in which important information is obtained in products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002758"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "path traversal",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-199"
      }
    ],
    "trust": 0.6
  }
}

GHSA-WJ2J-X7Q5-2QCC

Vulnerability from github – Published: 2022-05-01 18:32 – Updated: 2022-05-01 18:32

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-5366"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-10-11T10:17:00Z",
    "severity": "MODERATE"
  },
  "details": "The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application Server 7.0 through 9.0.0 and Interstage Apworks/Studio 7.0 through 9.0.0 allows remote attackers to obtain sensitive information (web root path) via unspecified vectors that trigger an error message, probably related to enabling the useCanonCaches Java Virtual Machine (JVM) option.",
  "id": "GHSA-wj2j-x7q5-2qcc",
  "modified": "2022-05-01T18:32:41Z",
  "published": "2022-05-01T18:32:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5366"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37026"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/41318"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27136"
    },
    {
      "type": "WEB",
      "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200705e.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/25988"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2007-5366

Vulnerability from fkie_nvd - Published: 2007-10-11 10:17 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://osvdb.org/41318
cve@mitre.org	http://secunia.com/advisories/27136	Vendor Advisory
cve@mitre.org	http://www.fujitsu.com/global/support/software/security/products-f/interstage-200705e.html
cve@mitre.org	http://www.securityfocus.com/bid/25988
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/37026
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/41318
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/27136	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.fujitsu.com/global/support/software/security/products-f/interstage-200705e.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/25988
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/37026

Impacted products

Vendor	Product	Version
fujitsu	interstage_application_server	7.0
fujitsu	interstage_application_server	7.0
fujitsu	interstage_application_server	7.0
fujitsu	interstage_application_server	7.0.1
fujitsu	interstage_application_server	7.0.1
fujitsu	interstage_application_server	8.0.0
fujitsu	interstage_application_server	8.0.0
fujitsu	interstage_application_server	8.0.1
fujitsu	interstage_application_server	8.0.1
fujitsu	interstage_application_server	8.0.2
fujitsu	interstage_application_server	8.0.2
fujitsu	interstage_application_server	8.0.3
fujitsu	interstage_application_server	8.0.3
fujitsu	interstage_application_server	9.0
fujitsu	interstage_application_server	9.0
fujitsu	interstage_application_server	9.0a
fujitsu	interstage_application_server	9.0a
fujitsu	interstage_apworks	7.0
fujitsu	interstage_apworks	8.0
fujitsu	interstage_apworks	8.0
fujitsu	interstage_studio	8.01
fujitsu	interstage_studio	8.01
fujitsu	interstage_studio	9.0
fujitsu	interstage_studio	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fujitsu:interstage_application_server:7.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "99AC7276-3FF3-42D0-AA5A-E807C916E1AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:interstage_application_server:7.0:*:plus:*:*:*:*:*",
              "matchCriteriaId": "CEEEE36C-E14C-4D0F-B382-0903D104E578",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:interstage_application_server:7.0:*:plus_developer:*:*:*:*:*",
              "matchCriteriaId": "C23324B8-E010-4E21-ADEF-58FC0A0D2BFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:interstage_application_server:7.0.1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "390FBC71-1CF2-4D05-9931-9F4E7ED9C096",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:interstage_application_server:7.0.1:*:plus:*:*:*:*:*",
              "matchCriteriaId": "BDD9380C-8224-44C5-9688-F3134A6A0C04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:interstage_application_server:8.0.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "E7F2EDBD-8799-4EAF-9925-3C07FAEEBE77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:interstage_application_server:8.0.0:*:standard_j:*:*:*:*:*",
              "matchCriteriaId": "AA6ED703-53F9-4536-8E1D-46C30E547B06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:interstage_application_server:8.0.1:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "68B3EF82-0491-41D1-AB3F-FED1012F3BDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:interstage_application_server:8.0.1:*:standard_j:*:*:*:*:*",
              "matchCriteriaId": "DA20FDEB-40D5-4F73-B365-AD025C7348DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:interstage_application_server:8.0.2:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "BCD4B39A-E25A-4F9F-8D8F-D0990DFC9DF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:interstage_application_server:8.0.2:*:standard_j:*:*:*:*:*",
              "matchCriteriaId": "28BB7A8E-8AC3-4FC3-8668-067124DF4091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:interstage_application_server:8.0.3:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "413AB29F-2B9D-409B-A24B-2660347317EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:interstage_application_server:8.0.3:*:standard_j:*:*:*:*:*",
              "matchCriteriaId": "90E8DFDD-8909-4317-B87A-768013BECB7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:interstage_application_server:9.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "63C58135-5452-47A0-BB14-BC5A3B14B043",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:interstage_application_server:9.0:*:standard_j:*:*:*:*:*",
              "matchCriteriaId": "CE82AE4E-4E65-437B-B367-A6905400D372",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:interstage_application_server:9.0a:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "B435EA8E-21BE-491B-81E6-7A02DBE9A5DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:interstage_application_server:9.0a:*:standard_j:*:*:*:*:*",
              "matchCriteriaId": "93B3414A-9521-43C4-87EC-151FF3567203",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:interstage_apworks:7.0:*:modelers_j:*:*:*:*:*",
              "matchCriteriaId": "5CD7B921-18CA-47B7-B020-9B3371485007",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:interstage_apworks:8.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "D9D08EBC-EAB5-4D2F-9B62-BA96D9B25EB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:interstage_apworks:8.0:*:standard_j:*:*:*:*:*",
              "matchCriteriaId": "E44622B8-0EFE-4A80-BB0D-0D2646D067AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:interstage_studio:8.01:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "6D12EF8C-FEAB-4666-8F7E-49CAD77933B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:interstage_studio:8.01:*:standard_j:*:*:*:*:*",
              "matchCriteriaId": "3605D6E6-2C4D-4837-9587-C12645022582",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:interstage_studio:9.0:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "DB3CDB47-DF42-4988-A7A3-1908FC36017D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fujitsu:interstage_studio:9.0:*:standard_j:*:*:*:*:*",
              "matchCriteriaId": "763121B4-8990-4876-B0DC-D7F75A1300A1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application Server 7.0 through 9.0.0 and Interstage Apworks/Studio 7.0 through 9.0.0 allows remote attackers to obtain sensitive information (web root path) via unspecified vectors that trigger an error message, probably related to enabling the useCanonCaches Java Virtual Machine (JVM) option."
    },
    {
      "lang": "es",
      "value": "El Tomcat 4.1-based Servlet Service en Fujitsu Interstage Application Server 7.0 hasta la 9.0.0 y Interstage Apworks/Studio 7.0 hasta la 9.0.0 permite a atacantes remotos obtener informaci\u00f3n sensible (ruta del ra\u00edz web) a trav\u00e9s de vectores no especificados que disparan un mensaje de error, probablemente relacionado con el permiso de la opci\u00f3n useCanonCaches Java Virtual Machine (JVM)."
    }
  ],
  "id": "CVE-2007-5366",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-10-11T10:17:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/41318"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27136"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200705e.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/25988"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37026"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/41318"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/27136"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200705e.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/25988"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37026"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2007-5366

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-5366

Aliases

CVE-2007-5366

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-5366",
    "description": "The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application Server 7.0 through 9.0.0 and Interstage Apworks/Studio 7.0 through 9.0.0 allows remote attackers to obtain sensitive information (web root path) via unspecified vectors that trigger an error message, probably related to enabling the useCanonCaches Java Virtual Machine (JVM) option.",
    "id": "GSD-2007-5366"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-5366"
      ],
      "details": "The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application Server 7.0 through 9.0.0 and Interstage Apworks/Studio 7.0 through 9.0.0 allows remote attackers to obtain sensitive information (web root path) via unspecified vectors that trigger an error message, probably related to enabling the useCanonCaches Java Virtual Machine (JVM) option.",
      "id": "GSD-2007-5366",
      "modified": "2023-12-13T01:21:41.041628Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-5366",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application Server 7.0 through 9.0.0 and Interstage Apworks/Studio 7.0 through 9.0.0 allows remote attackers to obtain sensitive information (web root path) via unspecified vectors that trigger an error message, probably related to enabling the useCanonCaches Java Virtual Machine (JVM) option."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "27136",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27136"
          },
          {
            "name": "interstage-servlet-path-disclosure(37026)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37026"
          },
          {
            "name": "41318",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/41318"
          },
          {
            "name": "25988",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/25988"
          },
          {
            "name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200705e.html",
            "refsource": "CONFIRM",
            "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200705e.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:7.0:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:7.0:*:plus:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:8.0.2:*:standard_j:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:8.0.3:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_apworks:8.0:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_apworks:8.0:*:standard_j:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_studio:8.01:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:7.0:*:plus_developer:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:8.0.0:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:8.0.3:*:standard_j:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:9.0:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_studio:8.01:*:standard_j:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_studio:9.0:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:8.0.0:*:standard_j:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:8.0.1:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:9.0:*:standard_j:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:9.0a:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_studio:9.0:*:standard_j:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:7.0.1:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:7.0.1:*:plus:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:8.0.1:*:standard_j:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:8.0.2:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:9.0a:*:standard_j:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_apworks:7.0:*:modelers_j:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5366"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application Server 7.0 through 9.0.0 and Interstage Apworks/Studio 7.0 through 9.0.0 allows remote attackers to obtain sensitive information (web root path) via unspecified vectors that trigger an error message, probably related to enabling the useCanonCaches Java Virtual Machine (JVM) option."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200705e.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200705e.html"
            },
            {
              "name": "25988",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/25988"
            },
            {
              "name": "27136",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/27136"
            },
            {
              "name": "41318",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/41318"
            },
            {
              "name": "interstage-servlet-path-disclosure(37026)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37026"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-07-29T01:33Z",
      "publishedDate": "2007-10-11T10:17Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-5366 (GCVE-0-2007-5366)

VAR-200710-0145

GHSA-WJ2J-X7Q5-2QCC

FKIE_CVE-2007-5366

GSD-2007-5366

Tags

Sightings

Nomenclature