Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5366

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2007-5366
Last Modified 15 Nov 2008 02:00:45
Published 11 Oct 2007 06:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-5366

Summary

The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application Server 7.0 through 9.0.0 and Interstage Apworks/Studio 7.0 through 9.0.0 allows remote attackers to obtain sensitive information (web root path) via unspecified vectors that trigger an error message, probably related to enabling the useCanonCaches Java Virtual Machine (JVM) option.

Vulnerable Systems

Application

  • Fujitsu Interstage Application Server 7.0

  • Fujitsu Interstage Application Server 7.0.1

  • Fujitsu Interstage Application Server 8.0.0

  • Fujitsu Interstage Application Server 8.0.1

  • Fujitsu Interstage Application Server 8.0.2

  • Fujitsu Interstage Application Server 8.0.3

  • Fujitsu Interstage Application Server 9.0

  • Fujitsu Interstage Application Server 9.0a

  • Fujitsu Interstage Apworks 7.0

  • Fujitsu Interstage Apworks 8.0

  • Fujitsu Interstage Studio 8.01

  • Fujitsu Interstage Studio 9.0


References

BID - 25988

CONFIRM - http://www.fujitsu.com/global/support/software/security/products-f/interstage-200705e.html

SECUNIA - 27136

OSVDB - 41318

XF - interstage-servlet-path-disclosure(37026)


Last Updated: 27 May 2016 10:46:09