CVE-2007-5366: Path Traversal
First published: Thu Oct 11 2007(Updated: )
The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application Server 7.0 through 9.0.0 and Interstage Apworks/Studio 7.0 through 9.0.0 allows remote attackers to obtain sensitive information (web root path) via unspecified vectors that trigger an error message, probably related to enabling the useCanonCaches Java Virtual Machine (JVM) option.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Fujitsu Interstage Application Server | =8.0.2 | |
| Fujitsu Interstage Application Server | =8.0.2 | |
| Fujitsu Interstage Application Server | =8.0.3 | |
| Fujitsu Interstage Application Server | =9.0a | |
| Fujitsu Interstage Application Server | =8.0.0 | |
| Fujitsu Interstage Application Server | =8.0.1 | |
| Fujitsu Interstage apworks | =7.0 | |
| Fujitsu Interstage Studio standard j | =8.01 | |
| Fujitsu Interstage Studio standard j | =9.0 | |
| Fujitsu Interstage Application Server | =7.0 | |
| Fujitsu Interstage Application Server | =7.0.1 | |
| Fujitsu Interstage Studio standard j | =9.0 | |
| Fujitsu Interstage Application Server | =9.0 | |
| Fujitsu Interstage Application Server | =7.0 | |
| Fujitsu Interstage Application Server | =9.0a | |
| Fujitsu Interstage Application Server | =7.0 | |
| Fujitsu Interstage Application Server | =9.0 | |
| Fujitsu Interstage apworks | =8.0 | |
| Fujitsu Interstage Application Server | =8.0.3 | |
| Fujitsu Interstage apworks | =8.0 | |
| Fujitsu Interstage Studio standard j | =8.01 | |
| Fujitsu Interstage Application Server | =7.0.1 | |
| Fujitsu Interstage Application Server | =8.0.1 | |
| Fujitsu Interstage Application Server | =8.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2007-5366?
CVE-2007-5366 has a medium severity rating due to the potential exposure of sensitive web root path information.
How do I fix CVE-2007-5366?
To fix CVE-2007-5366, you should update the Fujitsu Interstage Application Server and associated products to the latest version provided by Fujitsu.
What systems are affected by CVE-2007-5366?
CVE-2007-5366 affects Fujitsu Interstage Application Server versions 7.0 to 9.0.0 and Interstage Apworks/Studio versions 7.0 to 9.0.0.
What kind of attack can exploit CVE-2007-5366?
An attacker can exploit CVE-2007-5366 to gain unauthorized access to sensitive information through error messages.
Is a workaround available for CVE-2007-5366?
There are no specific workarounds documented for CVE-2007-5366, so applying the vendor-supplied updates is recommended.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/fujitsu
- canonical/fujitsu interstage application server
- version/fujitsu interstage application server/8.0.2
- version/fujitsu interstage application server/8.0.3
- version/fujitsu interstage application server/9.0a
- version/fujitsu interstage application server/8.0.0
- version/fujitsu interstage application server/8.0.1
- canonical/fujitsu interstage apworks
- version/fujitsu interstage apworks/7.0
- canonical/fujitsu interstage studio standard j
- version/fujitsu interstage studio standard j/8.01
- version/fujitsu interstage studio standard j/9.0
- version/fujitsu interstage application server/7.0
- version/fujitsu interstage application server/7.0.1
- version/fujitsu interstage application server/9.0
- version/fujitsu interstage apworks/8.0