var-200802-0286
Vulnerability from variot
Buffer overflow in the Single Sign-On function in Fujitsu Interstage Application Server 8.0.0 through 8.0.3 and 9.0.0, Interstage Studio 8.0.1 and 9.0.0, and Interstage Apworks 8.0.0 allows remote attackers to execute arbitrary code via a long URI. Fujitsu Interstage Application Server is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the affected application. Failed attacks will likely cause denial-of-service conditions. This issue affects the following applications: Interstage Application Server Enterprise Edition 8.0.0, 8.0.1, 8.0.2, 8.0.3, 9.0.0, and 9.0.0A Interstage Application Server Standard-J Edition 8.0.0, 8.0.1, 8.0.2, 8.0.3, 9.0.0, and 9.0.0A Interstage Apworks Enterprise Edition 8.0.0 Interstage Apworks Standard-J Edition 8.0.0 Interstage Studio Enterprise Edition 8.0.1 and 9.0.0 Interstage Studio Standard-J Edition 8.0.1 and 9.0.0.
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.
Download and test it today: https://psi.secunia.com/
Read more about this new version: https://psi.secunia.com/?page=changelog
TITLE: Interstage Application Server Single Sign-On Buffer Overflow
SECUNIA ADVISORY ID: SA29088
VERIFY ADVISORY: http://secunia.com/advisories/29088/
CRITICAL: Highly critical
IMPACT: DoS, System access
WHERE:
From remote
SOFTWARE: Interstage Application Server 8.x http://secunia.com/product/13685/ Interstage Application Server 9.x http://secunia.com/product/15986/
DESCRIPTION: A vulnerability has been reported in Interstage Application Server, which can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.
The vulnerability is caused due to a boundary error within the Single Sign-on function. This can be exploited to cause a buffer overflow by sending a specially crafted request to the server.
Successful exploitation allows execution of arbitrary code.
Please see the vendor advisory for a list of affected products.
SOLUTION: Please see the vendor advisory for a workaround.
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: http://www.fujitsu.com/global/support/software/security/products-f/interstage-200804e.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200802-0286", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "interstage application server enterprise", "scope": "eq", "trust": 1.6, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "interstage application server enterprise", "scope": "eq", "trust": 1.6, "vendor": "fujitsu", "version": "8.0.0" }, { "model": "interstage application server enterprise", "scope": "eq", "trust": 1.6, "vendor": "fujitsu", "version": "v9.0.0a" }, { "model": "interstage application server enterprise", "scope": "eq", "trust": 1.6, "vendor": "fujitsu", "version": "v9.0.0" }, { "model": "interstage application server enterprise", "scope": "eq", "trust": 1.6, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage apworks standard j", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "8.0.0" }, { "model": "interstage application server standard j", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "8.0.0" }, { "model": "interstage studio standard j", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage studio standard j", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "v9.0.0" }, { "model": "interstage application server standard j", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "v9.0.0a" }, { "model": "interstage application server enterprise", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "8.0.3" }, { "model": "interstage application server standard j", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "8.0.3" }, { "model": "interstage application server standard j", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "v9.0.0.0" }, { "model": "interstage apworks enterprise", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "8.0.0" }, { "model": "interstage studio enterprise", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage studio enterprise", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "v9.0.0" }, { "model": "interstage application server standard j", "scope": "eq", "trust": 1.0, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "interstage application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage apworks", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage business application server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage job workload server", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage studio", "scope": null, "trust": 0.8, "vendor": "fujitsu", "version": null }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage studio standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage studio enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage apworks standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "interstage apworks enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "interstage application server standard-j edition a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.3" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage application server standard-j edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" }, { "model": "interstage application server enterprise edition a", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "9.0" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.3" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.2" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0.1" }, { "model": "interstage application server enterprise edition", "scope": "eq", "trust": 0.3, "vendor": "fujitsu", "version": "8.0" } ], "sources": [ { "db": "BID", "id": "27966" }, { "db": "JVNDB", "id": "JVNDB-2008-001575" }, { "db": "NVD", "id": "CVE-2008-1040" }, { "db": "CNNVD", "id": "CNNVD-200802-474" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server_enterprise:8.0.0:*:rehl_as4_x86:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server_enterprise:8.0.2:*:solaris:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server_enterprise:8.0.2:*:windows:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server_enterprise:v9.0.0:*:rhel5_intel64:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server_enterprise:v9.0.0:*:rhel5_ipf:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server_standard_j:8.0.0:*:rhel_as4_em64t:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server_standard_j:8.0.0:*:rhel_as4_x86:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server_standard_j:8.0.3:*:rhel_as4_em64t:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server_standard_j:8.0.3:*:rhel_as4_x86:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server_standard_j:v9.0.0.0:*:rhel5_x86:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server_standard_j:v9.0.0.0:*:solaris:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_studio_standard_j:8.0.1:*:windows:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_studio_standard_j:v9.0.0:*:windows:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server_enterprise:8.0.0:*:rhel_as4_em64t:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server_enterprise:8.0.0:*:solaris:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server_enterprise:8.0.3:*:rhel_as4_em64t:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server_enterprise:8.0.3:*:rhel_as4_x86:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server_enterprise:v9.0.0:*:rhel5_x86:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server_enterprise:v9.0.0:*:solaris:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server_standard_j:8.0.0:*:solaris:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server_standard_j:8.0.0:*:windows:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server_standard_j:8.0.3:*:solaris:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server_standard_j:8.0.3:*:windows:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server_standard_j:v9.0.0.0:*:windows:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server_standard_j:v9.0.0a:*:windows:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server_enterprise:8.0.0:*:windows:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server_enterprise:8.0.1:*:windows:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server_enterprise:8.0.3:*:solaris:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server_enterprise:8.0.3:*:windows:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server_enterprise:v9.0.0:*:rhel_as4_em64t:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server_enterprise:v9.0.0:*:windows:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server_enterprise:v9.0.0a:*:rhel_as4_ipf:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server_standard_j:8.0.2:*:rhel_as4_em64t:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server_standard_j:8.0.2:*:rhel_as4_x86:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server_standard_j:v9.0.0.0:*:rhel_as4_em64t:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server_standard_j:v9.0.0.0:*:rhel_as4_ipf:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server_standard_j:v9.0.0.0:*:rhel_as4_x86:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_apworks_enterprise:8.0.0:*:windows:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_apworks_standard_j:8.0.0:*:windows:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server_enterprise:8.0.2:*:rhel_as4_em64t:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server_enterprise:8.0.2:*:rhel_as4_x86:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server_enterprise:v9.0.0:*:rhel_as4_ipf:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server_enterprise:v9.0.0:*:rhel_as4_x86:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server_enterprise:v9.0.0a:*:rhel5_ipf:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server_enterprise:v9.0.0a:*:windows:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server_standard_j:8.0.2:*:solaris:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server_standard_j:8.0.2:*:windows:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server_standard_j:v9.0.0.0:*:rhel5_intel64:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_application_server_standard_j:v9.0.0.0:*:rhel5_ipf:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_studio_enterprise:8.0.1:*:windows:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:fujitsu:interstage_studio_enterprise:v9.0.0:*:windows:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2008-1040" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The vendor disclosed this issue.", "sources": [ { "db": "BID", "id": "27966" }, { "db": "CNNVD", "id": "CNNVD-200802-474" } ], "trust": 0.9 }, "cve": "CVE-2008-1040", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 10.0, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2008-1040", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2008-1040", "trust": 1.8, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-200802-474", "trust": 0.6, "value": "CRITICAL" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2008-001575" }, { "db": "NVD", "id": "CVE-2008-1040" }, { "db": "CNNVD", "id": "CNNVD-200802-474" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer overflow in the Single Sign-On function in Fujitsu Interstage Application Server 8.0.0 through 8.0.3 and 9.0.0, Interstage Studio 8.0.1 and 9.0.0, and Interstage Apworks 8.0.0 allows remote attackers to execute arbitrary code via a long URI. Fujitsu Interstage Application Server is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. \nAttackers may leverage this issue to execute arbitrary code in the context of the affected application. Failed attacks will likely cause denial-of-service conditions. \nThis issue affects the following applications:\nInterstage Application Server Enterprise Edition 8.0.0, 8.0.1, 8.0.2, 8.0.3, 9.0.0, and 9.0.0A\nInterstage Application Server Standard-J Edition 8.0.0, 8.0.1, 8.0.2, 8.0.3, 9.0.0, and 9.0.0A\nInterstage Apworks Enterprise Edition 8.0.0\nInterstage Apworks Standard-J Edition 8.0.0\nInterstage Studio Enterprise Edition 8.0.1 and 9.0.0\nInterstage Studio Standard-J Edition 8.0.1 and 9.0.0. \n\n----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\nDownload and test it today:\nhttps://psi.secunia.com/\n\nRead more about this new version:\nhttps://psi.secunia.com/?page=changelog\n\n----------------------------------------------------------------------\n\nTITLE:\nInterstage Application Server Single Sign-On Buffer Overflow\n\nSECUNIA ADVISORY ID:\nSA29088\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/29088/\n\nCRITICAL:\nHighly critical\n\nIMPACT:\nDoS, System access\n\nWHERE:\n\u003eFrom remote\n\nSOFTWARE:\nInterstage Application Server 8.x\nhttp://secunia.com/product/13685/\nInterstage Application Server 9.x\nhttp://secunia.com/product/15986/\n\nDESCRIPTION:\nA vulnerability has been reported in Interstage Application Server,\nwhich can be exploited by malicious people to cause a DoS (Denial of\nService) or to compromise a vulnerable system. \n\nThe vulnerability is caused due to a boundary error within the Single\nSign-on function. This can be exploited to cause a buffer overflow by\nsending a specially crafted request to the server. \n\nSuccessful exploitation allows execution of arbitrary code. \n\nPlease see the vendor advisory for a list of affected products. \n\nSOLUTION:\nPlease see the vendor advisory for a workaround. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.fujitsu.com/global/support/software/security/products-f/interstage-200804e.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2008-1040" }, { "db": "JVNDB", "id": "JVNDB-2008-001575" }, { "db": "BID", "id": "27966" }, { "db": "PACKETSTORM", "id": "64037" } ], "trust": 1.98 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2008-1040", "trust": 2.7 }, { "db": "BID", "id": "27966", "trust": 2.7 }, { "db": "SECUNIA", "id": "29088", "trust": 2.5 }, { "db": "JVNDB", "id": "JVNDB-2008-001575", "trust": 1.6 }, { "db": "VUPEN", "id": "ADV-2008-0662", "trust": 1.6 }, { "db": "CNNVD", "id": "CNNVD-200802-474", "trust": 0.6 }, { "db": "PACKETSTORM", "id": "64037", "trust": 0.1 } ], "sources": [ { "db": "BID", "id": "27966" }, { "db": "JVNDB", "id": "JVNDB-2008-001575" }, { "db": "PACKETSTORM", "id": "64037" }, { "db": "NVD", "id": "CVE-2008-1040" }, { "db": "CNNVD", "id": "CNNVD-200802-474" } ] }, "id": "VAR-200802-0286", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VARIoT devices database", "id": null } ], "trust": 0.16451614 }, "last_update_date": "2023-12-18T13:49:34.264000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "interstage_as_200804", "trust": 0.8, "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200804e.html" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2008-001575" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2008-001575" }, { "db": "NVD", "id": "CVE-2008-1040" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "http://secunia.com/advisories/29088" }, { "trust": 2.4, "url": "http://www.securityfocus.com/bid/27966" }, { "trust": 2.0, "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-200804e.html" }, { "trust": 1.4, "url": "http://www.frsirt.com/english/advisories/2008/0662" }, { "trust": 1.0, "url": "http://www.vupen.com/english/advisories/2008/0662" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1040" }, { "trust": 0.8, "url": "http://jvndb.jvn.jp/ja/contents/2008/jvndb-2008-001575.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-1040" }, { "trust": 0.3, "url": "http://www.fujitsu.com/global/services/software/interstage/" }, { "trust": 0.1, "url": "http://secunia.com/secunia_security_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/product/15986/" }, { "trust": 0.1, "url": "https://psi.secunia.com/?page=changelog" }, { "trust": 0.1, "url": "https://psi.secunia.com/" }, { "trust": 0.1, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.1, "url": "http://secunia.com/about_secunia_advisories/" }, { "trust": 0.1, "url": "http://secunia.com/product/13685/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/29088/" } ], "sources": [ { "db": "BID", "id": "27966" }, { "db": "JVNDB", "id": "JVNDB-2008-001575" }, { "db": "PACKETSTORM", "id": "64037" }, { "db": "NVD", "id": "CVE-2008-1040" }, { "db": "CNNVD", "id": "CNNVD-200802-474" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "BID", "id": "27966" }, { "db": "JVNDB", "id": "JVNDB-2008-001575" }, { "db": "PACKETSTORM", "id": "64037" }, { "db": "NVD", "id": "CVE-2008-1040" }, { "db": "CNNVD", "id": "CNNVD-200802-474" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2008-02-25T00:00:00", "db": "BID", "id": "27966" }, { "date": "2008-09-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2008-001575" }, { "date": "2008-02-26T19:03:01", "db": "PACKETSTORM", "id": "64037" }, { "date": "2008-02-27T19:44:00", "db": "NVD", "id": "CVE-2008-1040" }, { "date": "2008-02-27T00:00:00", "db": "CNNVD", "id": "CNNVD-200802-474" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2015-05-07T17:32:00", "db": "BID", "id": "27966" }, { "date": "2008-09-03T00:00:00", "db": "JVNDB", "id": "JVNDB-2008-001575" }, { "date": "2011-03-08T03:05:50.703000", "db": "NVD", "id": "CVE-2008-1040" }, { "date": "2008-09-05T00:00:00", "db": "CNNVD", "id": "CNNVD-200802-474" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-200802-474" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Fujitsu Interstage Application Server Single Sign-On Buffer Overflow Vulnerability", "sources": [ { "db": "BID", "id": "27966" }, { "db": "JVNDB", "id": "JVNDB-2008-001575" } ], "trust": 1.1 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer overflow", "sources": [ { "db": "CNNVD", "id": "CNNVD-200802-474" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.