JVN#74659077: TERASOLUNA Server Framework for Java(WEB) access restriction bypass vulnerability in the file extention filter

2016-06-07T00:00:00
ID JVN:74659077
Type jvn
Reporter Japan Vulnerability Notes
Modified 2016-06-08T00:00:00

Description

## Description

The TERASOLUNA Server Framework for Java(WEB) provided by NTT Data Corporation is a software framework for creating web applications. The TERASOLUNA Server Framework for Java(WEB) has a function to restrict access to contents with specified file extentions from browser requests. This function may be bypassed when a specially crafted path is received.

## Impact

Effects vary depending on the web application. For example, a remote attacker may obtain information on the server where the product resides.

## Solution

Apply the update module
The developer has released an update module (PI-SJW-261-1) for TERASOLUNA Server Framework for Java(WEB) versions 2.0.0.1 through 2.0.6.1.
Apply the update module according to the information provided by the developer.

## Products Affected

  • TERASOLUNA Server Framework for Java(WEB) versions 2.0.0.1 through 2.0.6.1