The TERASOLUNA Server Framework for Java(WEB) provided by NTT Data Corporation is a software framework for creating web applications. The TERASOLUNA Server Framework for Java(WEB) has a function to restrict access to contents with specified file extentions from browser requests. This function may be bypassed when a specially crafted path is received.
Effects vary depending on the web application. For example, a remote attacker may obtain information on the server where the product resides.
Apply the update module
The developer has released an update module (PI-SJW-261-1) for TERASOLUNA Server Framework for Java(WEB) versions 184.108.40.206 through 220.127.116.11.
Apply the update module according to the information provided by the developer.
## Products Affected