BID:25988

Interstage Application Server Web Root Path Disclosure Vulnerability

Info

Interstage Application Server Web Root Path Disclosure Vulnerability

Bugtraq ID:	25988
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2007-5366
Remote:	Yes
Local:	No
Published:	Oct 09 2007 12:00AM
Updated:	May 07 2015 05:35PM
Credit:	The vendor disclosed this issue.
Vulnerable:	Fujitsu INTERSTAGE Studio Standard-J Edition 9.0 Fujitsu INTERSTAGE Studio Standard-J Edition 8.0.1 Fujitsu INTERSTAGE Studio Enterprise Edition 9.0 Fujitsu INTERSTAGE Studio Enterprise Edition 8.0.1 Fujitsu INTERSTAGE Apworks Standard-J Edition 8.0 Fujitsu INTERSTAGE Apworks Modelers-J Edition 7.0 Fujitsu INTERSTAGE Apworks Enterprise Edition 8.0 Fujitsu INTERSTAGE Application Server Standard-J Edition 9.0 A Fujitsu INTERSTAGE Application Server Standard-J Edition 9.0 Fujitsu INTERSTAGE Application Server Standard-J Edition 8.0.3 Fujitsu INTERSTAGE Application Server Standard-J Edition 8.0.2 Fujitsu INTERSTAGE Application Server Standard-J Edition 8.0.1 Fujitsu INTERSTAGE Application Server Standard-J Edition 8.0 Fujitsu INTERSTAGE Application Server Plus Developer 7.0 Fujitsu Interstage Application Server Plus 7.0.1 Fujitsu Interstage Application Server Plus 7.0 Fujitsu INTERSTAGE Application Server Enterprise Edition 9.0 A Fujitsu INTERSTAGE Application Server Enterprise Edition 9.0 Fujitsu INTERSTAGE Application Server Enterprise Edition 8.0.3 Fujitsu INTERSTAGE Application Server Enterprise Edition 8.0.2 Fujitsu INTERSTAGE Application Server Enterprise Edition 8.0.1 Fujitsu INTERSTAGE Application Server Enterprise Edition 8.0 Fujitsu INTERSTAGE Application Server Enterprise Edition 7.0.1 Fujitsu INTERSTAGE Application Server Enterprise Edition 7.0

Not Vulnerable:

Discussion

Interstage Application Server Web Root Path Disclosure Vulnerability

Interstage Application Server is prone to a path-disclosure vulnerability.

Exploiting this issue can allow an attacker to access sensitive data that may be used to launch further attacks against a vulnerable computer.

Exploit / POC

Interstage Application Server Web Root Path Disclosure Vulnerability

Attackers can use a browser to exploit this issue.

Solution / Fix

Interstage Application Server Web Root Path Disclosure Vulnerability

Solution:
The vendor has released an advisory with instructions on how to eliminate this issue. Please see the references for information on applying fixes.

References

Interstage Application Server Web Root Path Disclosure Vulnerability

References:

The Interstage Suite Product Page (Fujitsu)
Web Root Path Disclosure Vulnerability in Interstage Application Server. October (Fujitsu)