Lucene search

[email protected]CVE-2008-1040

HistoryFeb 27, 2008 - 7:44 p.m.

CVE-2008-1040

2008-02-2719:44:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-1040

fujitsu

interstage

app server

buffer overflow

remote code execution

nvd

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

High

0.036 Low

EPSS

Percentile

91.7%

JSON

Buffer overflow in the Single Sign-On function in Fujitsu Interstage Application Server 8.0.0 through 8.0.3 and 9.0.0, Interstage Studio 8.0.1 and 9.0.0, and Interstage Apworks 8.0.0 allows remote attackers to execute arbitrary code via a long URI.

Affected configurations

NVD

Node

fujitsuinterstage_application_server_enterpriseMatch8.0.0rehl_as4_x86

fujitsuinterstage_application_server_enterpriseMatch8.0.0rhel_as4_em64t

fujitsuinterstage_application_server_enterpriseMatch8.0.0solaris

fujitsuinterstage_application_server_enterpriseMatch8.0.0windows

fujitsuinterstage_application_server_enterpriseMatch8.0.1windows

fujitsuinterstage_application_server_enterpriseMatch8.0.2rhel_as4_em64t

fujitsuinterstage_application_server_enterpriseMatch8.0.2rhel_as4_x86

fujitsuinterstage_application_server_enterpriseMatch8.0.2solaris

fujitsuinterstage_application_server_enterpriseMatch8.0.2windows

fujitsuinterstage_application_server_enterpriseMatch8.0.3rhel_as4_em64t

fujitsuinterstage_application_server_enterpriseMatch8.0.3rhel_as4_x86

fujitsuinterstage_application_server_enterpriseMatch8.0.3solaris

fujitsuinterstage_application_server_enterpriseMatch8.0.3windows

fujitsuinterstage_application_server_enterpriseMatchv9.0.0rhel_as4_em64t

fujitsuinterstage_application_server_enterpriseMatchv9.0.0rhel_as4_ipf

fujitsuinterstage_application_server_enterpriseMatchv9.0.0rhel_as4_x86

fujitsuinterstage_application_server_enterpriseMatchv9.0.0rhel5_intel64

fujitsuinterstage_application_server_enterpriseMatchv9.0.0rhel5_ipf

fujitsuinterstage_application_server_enterpriseMatchv9.0.0rhel5_x86

fujitsuinterstage_application_server_enterpriseMatchv9.0.0solaris

fujitsuinterstage_application_server_enterpriseMatchv9.0.0windows

fujitsuinterstage_application_server_enterpriseMatchv9.0.0arhel_as4_ipf

fujitsuinterstage_application_server_enterpriseMatchv9.0.0arhel5_ipf

fujitsuinterstage_application_server_enterpriseMatchv9.0.0awindows

fujitsuinterstage_application_server_standard_jMatch8.0.0rhel_as4_em64t

fujitsuinterstage_application_server_standard_jMatch8.0.0rhel_as4_x86

fujitsuinterstage_application_server_standard_jMatch8.0.0solaris

fujitsuinterstage_application_server_standard_jMatch8.0.0windows

fujitsuinterstage_application_server_standard_jMatch8.0.2rhel_as4_em64t

fujitsuinterstage_application_server_standard_jMatch8.0.2rhel_as4_x86

fujitsuinterstage_application_server_standard_jMatch8.0.2solaris

fujitsuinterstage_application_server_standard_jMatch8.0.2windows

fujitsuinterstage_application_server_standard_jMatch8.0.3rhel_as4_em64t

fujitsuinterstage_application_server_standard_jMatch8.0.3rhel_as4_x86

fujitsuinterstage_application_server_standard_jMatch8.0.3solaris

fujitsuinterstage_application_server_standard_jMatch8.0.3windows

fujitsuinterstage_application_server_standard_jMatchv9.0.0.0rhel_as4_em64t

fujitsuinterstage_application_server_standard_jMatchv9.0.0.0rhel_as4_ipf

fujitsuinterstage_application_server_standard_jMatchv9.0.0.0rhel_as4_x86

fujitsuinterstage_application_server_standard_jMatchv9.0.0.0rhel5_intel64

fujitsuinterstage_application_server_standard_jMatchv9.0.0.0rhel5_ipf

fujitsuinterstage_application_server_standard_jMatchv9.0.0.0rhel5_x86

fujitsuinterstage_application_server_standard_jMatchv9.0.0.0solaris

fujitsuinterstage_application_server_standard_jMatchv9.0.0.0windows

fujitsuinterstage_application_server_standard_jMatchv9.0.0awindows

fujitsuinterstage_apworks_enterpriseMatch8.0.0windows

fujitsuinterstage_apworks_standard_jMatch8.0.0windows

fujitsuinterstage_studio_enterpriseMatch8.0.1windows

fujitsuinterstage_studio_enterpriseMatchv9.0.0windows

fujitsuinterstage_studio_standard_jMatch8.0.1windows

fujitsuinterstage_studio_standard_jMatchv9.0.0windows

CPENameOperatorVersion
fujitsu:interstage_application_server_enterprisefujitsu interstage application server enterpriseeq8.0.0
fujitsu:interstage_application_server_enterprisefujitsu interstage application server enterpriseeq8.0.1
fujitsu:interstage_application_server_enterprisefujitsu interstage application server enterpriseeq8.0.2
fujitsu:interstage_application_server_enterprisefujitsu interstage application server enterpriseeq8.0.3
fujitsu:interstage_application_server_enterprisefujitsu interstage application server enterpriseeqv9.0.0
fujitsu:interstage_application_server_enterprisefujitsu interstage application server enterpriseeqv9.0.0a
fujitsu:interstage_application_server_standard_jfujitsu interstage application server standard jeq8.0.0
fujitsu:interstage_application_server_standard_jfujitsu interstage application server standard jeq8.0.2
fujitsu:interstage_application_server_standard_jfujitsu interstage application server standard jeq8.0.3
fujitsu:interstage_application_server_standard_jfujitsu interstage application server standard jeqv9.0.0.0

CPE	Name	Operator	Version
fujitsu:interstage_application_server_enterprise	fujitsu interstage application server enterprise	eq	8.0.0
fujitsu:interstage_application_server_enterprise	fujitsu interstage application server enterprise	eq	8.0.1
fujitsu:interstage_application_server_enterprise	fujitsu interstage application server enterprise	eq	8.0.2
fujitsu:interstage_application_server_enterprise	fujitsu interstage application server enterprise	eq	8.0.3
fujitsu:interstage_application_server_enterprise	fujitsu interstage application server enterprise	eq	v9.0.0
fujitsu:interstage_application_server_enterprise	fujitsu interstage application server enterprise	eq	v9.0.0a
fujitsu:interstage_application_server_standard_j	fujitsu interstage application server standard j	eq	8.0.0
fujitsu:interstage_application_server_standard_j	fujitsu interstage application server standard j	eq	8.0.2
fujitsu:interstage_application_server_standard_j	fujitsu interstage application server standard j	eq	8.0.3
fujitsu:interstage_application_server_standard_j	fujitsu interstage application server standard j	eq	v9.0.0.0

Rows per page:

1-10 of 171

References

secunia.com/advisories/29088

www.fujitsu.com/global/support/software/security/products-f/interstage-200804e.html

www.securityfocus.com/bid/27966

www.vupen.com/english/advisories/2008/0662

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

High

0.036 Low

EPSS

Percentile

91.7%

JSON

Related for CVE-2008-1040

cvelist1 prion1 nvd1