Japan Vulnerability NotesJVN:74659077JVN#74659077: TERASOLUNA Server Framework for Java(WEB) access restriction bypass vulnerability in the file extention filter
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
3.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
0.003 Low
EPSS
Percentile
65.3%
The TERASOLUNA Server Framework for Java(WEB) provided by NTT Data Corporation is a software framework for creating web applications. The TERASOLUNA Server Framework for Java(WEB) has a function to restrict access to contents with specified file extentions from browser requests. This function may be bypassed when a specially crafted path is received.
Impact
Effects vary depending on the web application. For example, a remote attacker may obtain information on the server where the product resides.
Solution
Apply the update module
The developer has released an update module (PI-SJW-261-1) for TERASOLUNA Server Framework for Java(WEB) versions 2.0.0.1 through 2.0.6.1.
Apply the update module according to the information provided by the developer.
Products Affected
- TERASOLUNA Server Framework for Java(WEB) versions 2.0.0.1 through 2.0.6.1
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
3.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
0.003 Low
EPSS
Percentile
65.3%