Japan Vulnerability NotesJVN:13566542JVN#13566542: Cybozu Remote Service Manager vulnerable to denial-of-service (DoS)
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.006 Low
EPSS
Percentile
79.2%
Remote Service Manager provided by Cybozu, Inc. is a software to access internal systems such as Cybozu products via “Cybozu Remote Service”. Remote Service Manager contains a denial-of-service (DoS) vulnerability.
Note that this vulnerability was caused due to an incomplete fix of JVN#10319260.
Impact
An attacker may cause a denial-of-service (DoS) condition for a server that is running Remote Service Manager. As a result, “Cybozu Remote Service” may be disrupted.
Solution
For Remote Service Manager 3.1.2:
Change the settings
Change the settings file (server.xml), according to the instructions provided by the developer.
For Remote Service Manager 3.1.1 and earlier:
**Update the software and change the settings **Apply the update and change the settings file (server.xml), according to the instructions provided by the developer.
Products Affected
- Remote Service Manager 2.3.0 and earlier
- Remote Service Manager 3.1.2 and earlier
According to the developer, if server.xml of Tomcat is configured according to the developer’s instructions, Remote Service Manager 3.1.2 will not be affected.
Related
7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.006 Low
EPSS
Percentile
79.2%