CVE-2007-5366
Summary
| CVE | CVE-2007-5366 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2007-10-11 10:17:00 UTC |
| Updated | 2026-04-23 00:35:47 UTC |
| Description | The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application Server 7.0 through 9.0.0 and Interstage Apworks/Studio 7.0 through 9.0.0 allows remote attackers to obtain sensitive information (web root path) via unspecified vectors that trigger an error message, probably related to enabling the useCanonCaches Java Virtual Machine (JVM) option. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
LowAuthentication
NoneConfidentiality
PartialIntegrity
NoneAvailability
NoneAV:N/AC:L/Au:N/C:P/I:N/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Fujitsu | Interstage Application Server | 7.0 | All | enterprise | All |
| Application | Fujitsu | Interstage Application Server | 7.0 | All | plus | All |
| Application | Fujitsu | Interstage Application Server | 7.0 | All | plus_developer | All |
| Application | Fujitsu | Interstage Application Server | 7.0.1 | All | enterprise | All |
| Application | Fujitsu | Interstage Application Server | 7.0.1 | All | plus | All |
| Application | Fujitsu | Interstage Application Server | 8.0.0 | All | enterprise | All |
| Application | Fujitsu | Interstage Application Server | 8.0.0 | All | standard_j | All |
| Application | Fujitsu | Interstage Application Server | 8.0.1 | All | enterprise | All |
| Application | Fujitsu | Interstage Application Server | 8.0.1 | All | standard_j | All |
| Application | Fujitsu | Interstage Application Server | 8.0.2 | All | enterprise | All |
| Application | Fujitsu | Interstage Application Server | 8.0.2 | All | standard_j | All |
| Application | Fujitsu | Interstage Application Server | 8.0.3 | All | enterprise | All |
| Application | Fujitsu | Interstage Application Server | 8.0.3 | All | standard_j | All |
| Application | Fujitsu | Interstage Application Server | 9.0 | All | enterprise | All |
| Application | Fujitsu | Interstage Application Server | 9.0 | All | standard_j | All |
| Application | Fujitsu | Interstage Application Server | 9.0a | All | enterprise | All |
| Application | Fujitsu | Interstage Application Server | 9.0a | All | standard_j | All |
| Application | Fujitsu | Interstage Apworks | 7.0 | All | modelers_j | All |
| Application | Fujitsu | Interstage Apworks | 8.0 | All | enterprise | All |
| Application | Fujitsu | Interstage Apworks | 8.0 | All | standard_j | All |
| Application | Fujitsu | Interstage Studio | 8.01 | All | enterprise | All |
| Application | Fujitsu | Interstage Studio | 8.01 | All | standard_j | All |
| Application | Fujitsu | Interstage Studio | 9.0 | All | enterprise | All |
| Application | Fujitsu | Interstage Studio | 9.0 | All | standard_j | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Interstage Application Server Full Path Disclosure Weakness - Advisories - Secunia | af854a3a-2127-422b-91ae-364da2661108 | secunia.com | Vendor Advisory |
| Interstage Application Server Web Root Path Disclosure Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | |
| This page provides Security Information. : FUJITSU | af854a3a-2127-422b-91ae-364da2661108 | www.fujitsu.com | |
| osvdb.org/41318 | af854a3a-2127-422b-91ae-364da2661108 | osvdb.org | |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.