cvelistv5 - cve-2007-5366

URL	Tags
cve@mitre.org	http://osvdb.org/41318
cve@mitre.org	http://secunia.com/advisories/27136	Vendor Advisory
cve@mitre.org	http://www.fujitsu.com/global/support/software/security/products-f/interstage-200705e.html
cve@mitre.org	http://www.securityfocus.com/bid/25988
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/37026

▼	Vendor	Product
	n/a	n/a

gsd-2007-5366

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application Server 7.0 through 9.0.0 and Interstage Apworks/Studio 7.0 through 9.0.0 allows remote attackers to obtain sensitive information (web root path) via unspecified vectors that trigger an error message, probably related to enabling the useCanonCaches Java Virtual Machine (JVM) option.

Aliases

CVE-2007-5366

Aliases

CVE-2007-5366

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-5366",
    "description": "The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application Server 7.0 through 9.0.0 and Interstage Apworks/Studio 7.0 through 9.0.0 allows remote attackers to obtain sensitive information (web root path) via unspecified vectors that trigger an error message, probably related to enabling the useCanonCaches Java Virtual Machine (JVM) option.",
    "id": "GSD-2007-5366"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-5366"
      ],
      "details": "The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application Server 7.0 through 9.0.0 and Interstage Apworks/Studio 7.0 through 9.0.0 allows remote attackers to obtain sensitive information (web root path) via unspecified vectors that trigger an error message, probably related to enabling the useCanonCaches Java Virtual Machine (JVM) option.",
      "id": "GSD-2007-5366",
      "modified": "2023-12-13T01:21:41.041628Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-5366",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application Server 7.0 through 9.0.0 and Interstage Apworks/Studio 7.0 through 9.0.0 allows remote attackers to obtain sensitive information (web root path) via unspecified vectors that trigger an error message, probably related to enabling the useCanonCaches Java Virtual Machine (JVM) option."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "27136",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/27136"
          },
          {
            "name": "interstage-servlet-path-disclosure(37026)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37026"
          },
          {
            "name": "41318",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/41318"
          },
          {
            "name": "25988",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/25988"
          },
          {
            "name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200705e.html",
            "refsource": "CONFIRM",
            "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200705e.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:7.0:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:7.0:*:plus:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:8.0.2:*:standard_j:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:8.0.3:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_apworks:8.0:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_apworks:8.0:*:standard_j:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_studio:8.01:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:7.0:*:plus_developer:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:8.0.0:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:8.0.3:*:standard_j:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:9.0:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_studio:8.01:*:standard_j:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_studio:9.0:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:8.0.0:*:standard_j:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:8.0.1:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:9.0:*:standard_j:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:9.0a:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_studio:9.0:*:standard_j:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:7.0.1:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:7.0.1:*:plus:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:8.0.1:*:standard_j:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:8.0.2:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:9.0a:*:standard_j:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_apworks:7.0:*:modelers_j:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-5366"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application Server 7.0 through 9.0.0 and Interstage Apworks/Studio 7.0 through 9.0.0 allows remote attackers to obtain sensitive information (web root path) via unspecified vectors that trigger an error message, probably related to enabling the useCanonCaches Java Virtual Machine (JVM) option."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-22"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200705e.html",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200705e.html"
            },
            {
              "name": "25988",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/25988"
            },
            {
              "name": "27136",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/27136"
            },
            {
              "name": "41318",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/41318"
            },
            {
              "name": "interstage-servlet-path-disclosure(37026)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37026"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-07-29T01:33Z",
      "publishedDate": "2007-10-11T10:17Z"
    }
  }
}

var-200710-0145

Vulnerability from variot

The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application Server 7.0 through 9.0.0 and Interstage Apworks/Studio 7.0 through 9.0.0 allows remote attackers to obtain sensitive information (web root path) via unspecified vectors that trigger an error message, probably related to enabling the useCanonCaches Java Virtual Machine (JVM) option. Interstage Application Server is prone to a path-disclosure vulnerability. Exploiting this issue can allow an attacker to access sensitive data that may be used to launch further attacks against a vulnerable computer.

Try a new way to discover vulnerabilities that ALREADY EXIST in your IT infrastructure.

The Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT vulnerabilities in more than 4,700 different Windows applications.

Request your account, the Secunia Network Software Inspector (NSI): http://secunia.com/network_software_inspector/

TITLE: Interstage Application Server Full Path Disclosure Weakness

SECUNIA ADVISORY ID: SA27136

VERIFY ADVISORY: http://secunia.com/advisories/27136/

CRITICAL: Not critical

IMPACT: Exposure of system information

WHERE:

From remote

SOFTWARE: Interstage Application Server 7.x http://secunia.com/product/13692/ Interstage Application Server 8.x http://secunia.com/product/13685/ Interstage Application Server 9.x http://secunia.com/product/15986/ Interstage Apworks 7.x http://secunia.com/product/13689/ Interstage Apworks 8.x http://secunia.com/product/15987/ Interstage Studio 8.x http://secunia.com/product/13690/ Interstage Studio 9.x http://secunia.com/product/15610/

DESCRIPTION: A weakness has been reported in Interstage Application Server, which can be exploited by malicious people to disclose system information.

The weakness is caused due to the full web server path being disclosed in error messages when performing certain unspecified actions on the web server.

Please see the vendor advisory for a list of affected products.

SOLUTION: The vendor will reportedly address this issue in future versions.

PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.

ORIGINAL ADVISORY: http://www.fujitsu.com/global/support/software/security/products-f/interstage-200705e.html

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200710-0145",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "interstage apworks",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fujitsu",
        "version": "8.0"
      },
      {
        "model": "interstage studio",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage application server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage application server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fujitsu",
        "version": "9.0a"
      },
      {
        "model": "interstage apworks",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fujitsu",
        "version": "7.0"
      },
      {
        "model": "interstage studio",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "fujitsu",
        "version": "8.01"
      },
      {
        "model": "interstage application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "8.0.0"
      },
      {
        "model": "interstage application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "7.0"
      },
      {
        "model": "interstage application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "8.0.3"
      },
      {
        "model": "interstage application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "7.0.1"
      },
      {
        "model": "interstage application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "8.0.1"
      },
      {
        "model": "interstage application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "8.0.2"
      },
      {
        "model": "interstage application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "7.0 to  9.0.0"
      },
      {
        "model": "interstage apworks",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "7.0 to  9.0.0"
      },
      {
        "model": "interstage studio",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "7.0 to  9.0.0"
      },
      {
        "model": "interstage studio standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage studio standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0.1"
      },
      {
        "model": "interstage studio enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage studio enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0.1"
      },
      {
        "model": "interstage apworks standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0"
      },
      {
        "model": "interstage apworks modelers-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "7.0"
      },
      {
        "model": "interstage apworks enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0"
      },
      {
        "model": "interstage application server standard-j edition a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage application server standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage application server standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0.3"
      },
      {
        "model": "interstage application server standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0.2"
      },
      {
        "model": "interstage application server standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0.1"
      },
      {
        "model": "interstage application server standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0"
      },
      {
        "model": "interstage application server plus developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "7.0"
      },
      {
        "model": "interstage application server plus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "7.0.1"
      },
      {
        "model": "interstage application server plus",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "7.0"
      },
      {
        "model": "interstage application server enterprise edition a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0.3"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0.2"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0.1"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "8.0"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "7.0.1"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "7.0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "25988"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002758"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5366"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-199"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:7.0:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:7.0:*:plus:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:8.0.2:*:standard_j:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:8.0.3:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_apworks:8.0:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_apworks:8.0:*:standard_j:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_studio:8.01:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:7.0:*:plus_developer:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:8.0.0:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:8.0.3:*:standard_j:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:9.0:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_studio:8.01:*:standard_j:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_studio:9.0:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:8.0.0:*:standard_j:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:8.0.1:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:9.0:*:standard_j:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:9.0a:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_studio:9.0:*:standard_j:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:7.0.1:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:7.0.1:*:plus:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:8.0.1:*:standard_j:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:8.0.2:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server:9.0a:*:standard_j:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_apworks:7.0:*:modelers_j:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-5366"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor disclosed this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "25988"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-199"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2007-5366",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2007-5366",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2007-5366",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200710-199",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002758"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5366"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-199"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application Server 7.0 through 9.0.0 and Interstage Apworks/Studio 7.0 through 9.0.0 allows remote attackers to obtain sensitive information (web root path) via unspecified vectors that trigger an error message, probably related to enabling the useCanonCaches Java Virtual Machine (JVM) option. Interstage Application Server is prone to a path-disclosure vulnerability. \nExploiting this issue can allow an attacker to access sensitive data that may be used to launch further attacks against a vulnerable computer. \n\n----------------------------------------------------------------------\n\nTry a new way to discover vulnerabilities that ALREADY EXIST in your\nIT infrastructure. \n\nThe Secunia NSI enables you to INSPECT, DISCOVER, and DOCUMENT\nvulnerabilities in more than 4,700 different Windows applications. \n\nRequest your account, the Secunia Network Software Inspector (NSI):\nhttp://secunia.com/network_software_inspector/\n\n----------------------------------------------------------------------\n\nTITLE:\nInterstage Application Server Full Path Disclosure Weakness\n\nSECUNIA ADVISORY ID:\nSA27136\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/27136/\n\nCRITICAL:\nNot critical\n\nIMPACT:\nExposure of system information\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nInterstage Application Server 7.x\nhttp://secunia.com/product/13692/\nInterstage Application Server 8.x\nhttp://secunia.com/product/13685/\nInterstage Application Server 9.x\nhttp://secunia.com/product/15986/\nInterstage Apworks 7.x\nhttp://secunia.com/product/13689/\nInterstage Apworks 8.x\nhttp://secunia.com/product/15987/\nInterstage Studio 8.x\nhttp://secunia.com/product/13690/\nInterstage Studio 9.x\nhttp://secunia.com/product/15610/\n\nDESCRIPTION:\nA weakness has been reported in Interstage Application Server, which\ncan be exploited by malicious people to disclose system information. \n\nThe weakness is caused due to the full web server path being\ndisclosed in error messages when performing certain unspecified\nactions on the web server. \n\nPlease see the vendor advisory for a list of affected products. \n\nSOLUTION:\nThe vendor will reportedly address this issue in future versions. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.fujitsu.com/global/support/software/security/products-f/interstage-200705e.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-5366"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002758"
      },
      {
        "db": "BID",
        "id": "25988"
      },
      {
        "db": "PACKETSTORM",
        "id": "59982"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-5366",
        "trust": 2.7
      },
      {
        "db": "BID",
        "id": "25988",
        "trust": 1.9
      },
      {
        "db": "SECUNIA",
        "id": "27136",
        "trust": 1.7
      },
      {
        "db": "OSVDB",
        "id": "41318",
        "trust": 1.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002758",
        "trust": 0.8
      },
      {
        "db": "XF",
        "id": "37026",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-199",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "59982",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "25988"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002758"
      },
      {
        "db": "PACKETSTORM",
        "id": "59982"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5366"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-199"
      }
    ]
  },
  "id": "VAR-200710-0145",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.15801565
  },
  "last_update_date": "2023-12-18T12:32:13.745000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Web Root Path Disclosure Vulnerability in Interstage Application Server. October 9th, 2007",
        "trust": 0.8,
        "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200705e.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002758"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-22",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002758"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5366"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200705e.html"
      },
      {
        "trust": 1.6,
        "url": "http://osvdb.org/41318"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/27136"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/25988"
      },
      {
        "trust": 1.0,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37026"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-5366"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-5366"
      },
      {
        "trust": 0.6,
        "url": "http://xforce.iss.net/xforce/xfdb/37026"
      },
      {
        "trust": 0.3,
        "url": "http://www.fujitsu.com/global/services/software/interstage/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/27136/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/15986/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/13692/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/network_software_inspector/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/13689/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/15610/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/13690/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/13685/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/15987/"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "25988"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002758"
      },
      {
        "db": "PACKETSTORM",
        "id": "59982"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5366"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-199"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "25988"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002758"
      },
      {
        "db": "PACKETSTORM",
        "id": "59982"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-5366"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-199"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-10-09T00:00:00",
        "db": "BID",
        "id": "25988"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-002758"
      },
      {
        "date": "2007-10-11T02:52:18",
        "db": "PACKETSTORM",
        "id": "59982"
      },
      {
        "date": "2007-10-11T10:17:00",
        "db": "NVD",
        "id": "CVE-2007-5366"
      },
      {
        "date": "2007-10-11T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200710-199"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-05-07T17:35:00",
        "db": "BID",
        "id": "25988"
      },
      {
        "date": "2012-06-26T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-002758"
      },
      {
        "date": "2017-07-29T01:33:37.803000",
        "db": "NVD",
        "id": "CVE-2007-5366"
      },
      {
        "date": "2007-10-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200710-199"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-199"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "plural  Fujitsu Interstage Vulnerabilities in which important information is obtained in products",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-002758"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "path traversal",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200710-199"
      }
    ],
    "trust": 0.6
  }
}

ghsa-wj2j-x7q5-2qcc

Vulnerability from github

Published

2022-05-01 18:32

Modified

2022-05-01 18:32

Details

The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application Server 7.0 through 9.0.0 and Interstage Apworks/Studio 7.0 through 9.0.0 allows remote attackers to obtain sensitive information (web root path) via unspecified vectors that trigger an error message, probably related to enabling the useCanonCaches Java Virtual Machine (JVM) option.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-5366"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-22"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-10-11T10:17:00Z",
    "severity": "MODERATE"
  },
  "details": "The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application Server 7.0 through 9.0.0 and Interstage Apworks/Studio 7.0 through 9.0.0 allows remote attackers to obtain sensitive information (web root path) via unspecified vectors that trigger an error message, probably related to enabling the useCanonCaches Java Virtual Machine (JVM) option.",
  "id": "GHSA-wj2j-x7q5-2qcc",
  "modified": "2022-05-01T18:32:41Z",
  "published": "2022-05-01T18:32:41Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-5366"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/37026"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/41318"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/27136"
    },
    {
      "type": "WEB",
      "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200705e.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/25988"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Action not permitted

cve-2007-5366

Vulnerability from cvelistv5

gsd-2007-5366

Vulnerability from gsd

var-200710-0145

Vulnerability from variot

ghsa-wj2j-x7q5-2qcc

Vulnerability from github

Tags