Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5810

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-5810
Last Modified 07 Mar 2011 10:15:13
Published 02 Jan 2009 01:11:09
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-5810

Summary

WBPublish (aka WBPublish.exe) in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allows remote attackers to execute arbitrary commands via shell metacharacters in input that is sent through HTTP and improperly used during temporary session data cleanup, possibly related to (1) directory names, (2) template names, and (3) session IDs.

Vulnerable Systems

Application

  • Fujitsu-siemens Webtransactions 7.0

  • Fujitsu-siemens Webtransactions 7.1


References

SECUNIA - 33168

CONFIRM - http://bs2www.fujitsu-siemens.de/update/securitypatch.htm#english

XF - webtransactions-wbpublish-command-injection(47495)

VUPEN - ADV-2008-3462

SECTRACK - 1021475

BID - 32927

BUGTRAQ - 20081219 SEC Consult SA-20081219-0 :: Fujitsu-Siemens WebTransactionsremote command injection vulnerability

MISC - http://www.sec-consult.com/files/20081219-0_fujitsu-siemens_webta_cmdexec.txt

SREASON - 4856


Last Updated: 27 May 2016 10:48:56