CVE-2008-1040

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2008-1040
Buffer overflow in the Single Sign-On function in Fujitsu Interstage Application Server 8.0.0 through 8.0.3 and 9.0.0, Interstage Studio 8.0.1 and 9.0.0, and Interstage Apworks 8.0.0 allows remote attackers to execute arbitrary code via a long URI.

10.0 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200804e.html
http://www.securityfocus.com/bid/27966
http://secunia.com/advisories/29088 Vendor Advisory
http://www.vupen.com/english/advisories/2008/0662
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:fujitsu:interstage_application_server_enterprise:8.0.0:*:rehl_as4_x86:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_application_server_enterprise:8.0.2:*:solaris:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_application_server_enterprise:8.0.2:*:windows:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_application_server_enterprise:v9.0.0:*:rhel5_intel64:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_application_server_enterprise:v9.0.0:*:rhel5_ipf:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_application_server_standard_j:8.0.0:*:rhel_as4_em64t:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_application_server_standard_j:8.0.0:*:rhel_as4_x86:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_application_server_standard_j:8.0.3:*:rhel_as4_em64t:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_application_server_standard_j:8.0.3:*:rhel_as4_x86:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_application_server_standard_j:v9.0.0.0:*:rhel5_x86:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_application_server_standard_j:v9.0.0.0:*:solaris:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_application_server_standard_j:8.0.0:*:solaris:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_application_server_standard_j:v9.0.0.0:*:windows:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_application_server_enterprise:v9.0.0:*:windows:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_application_server_enterprise:v9.0.0a:*:rhel_as4_ipf:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_application_server_standard_j:8.0.2:*:rhel_as4_em64t:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_application_server_enterprise:8.0.3:*:rhel_as4_x86:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_studio_standard_j:8.0.1:*:windows:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_application_server_enterprise:8.0.3:*:windows:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_application_server_enterprise:v9.0.0:*:rhel_as4_em64t:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_application_server_enterprise:v9.0.0:*:rhel5_x86:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_application_server_standard_j:v9.0.0a:*:windows:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_application_server_standard_j:8.0.0:*:windows:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_application_server_enterprise:8.0.3:*:solaris:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_application_server_enterprise:8.0.0:*:rhel_as4_em64t:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_application_server_enterprise:v9.0.0:*:solaris:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_application_server_standard_j:8.0.3:*:windows:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_application_server_standard_j:8.0.3:*:solaris:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_application_server_enterprise:8.0.0:*:solaris:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_studio_standard_j:v9.0.0:*:windows:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_application_server_enterprise:8.0.1:*:windows:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_application_server_enterprise:8.0.3:*:rhel_as4_em64t:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_application_server_enterprise:8.0.0:*:windows:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_application_server_standard_j:8.0.2:*:rhel_as4_x86:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_application_server_standard_j:v9.0.0.0:*:rhel_as4_x86:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_application_server_enterprise:8.0.2:*:rhel_as4_x86:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_studio_enterprise:8.0.1:*:windows:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_application_server_standard_j:v9.0.0.0:*:rhel_as4_em64t:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_apworks_standard_j:8.0.0:*:windows:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_application_server_enterprise:v9.0.0a:*:rhel5_ipf:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_application_server_standard_j:v9.0.0.0:*:rhel_as4_ipf:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_application_server_standard_j:v9.0.0.0:*:rhel5_intel64:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_studio_enterprise:v9.0.0:*:windows:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_application_server_enterprise:v9.0.0:*:rhel_as4_x86:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_application_server_standard_j:v9.0.0.0:*:rhel5_ipf:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_application_server_enterprise:v9.0.0:*:rhel_as4_ipf:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_apworks_enterprise:8.0.0:*:windows:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_application_server_standard_j:8.0.2:*:solaris:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_application_server_standard_j:8.0.2:*:windows:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_application_server_enterprise:v9.0.0a:*:windows:*:*:*:*:*
cpe:2.3:a:fujitsu:interstage_application_server_enterprise:8.0.2:*:rhel_as4_em64t:*:*:*:*:*
Information

Published : 2008-02-27 11:44

Updated : 2011-03-07 19:05

NVD link : CVE-2008-1040

Mitre link : CVE-2008-1040

JSON object : View

CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Advertisement

dedicated server usa
Products Affected

fujitsu

  • interstage_studio_enterprise
  • interstage_application_server_standard_j
  • interstage_apworks_enterprise
  • interstage_application_server_enterprise
  • interstage_studio_standard_j
  • interstage_apworks_standard_j