CVE-2007-1504

Опубликовано: 19 мар. 2007

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in the Servlet Service in Fujitsu Interstage Application Server (IJServer) 8.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving web.xml and HTTP 404 and 500 status codes.

Ссылки

http://jvn.jp/jp/JVN%2383832818/index.html
Third Party Advisory
VDB Entry
http://osvdb.org/34276
Broken Link
http://secunia.com/advisories/24508
Vendor Advisory
http://software.fujitsu.com/jp/security/vulnerabilities/jvn-83832818.html
Vendor Advisory
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200701e.html
Vendor Advisory
http://www.securityfocus.com/bid/23020
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2007/0996
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/33099
VDB Entry
http://jvn.jp/jp/JVN%2383832818/index.html
Third Party Advisory
VDB Entry
http://osvdb.org/34276
Broken Link
http://secunia.com/advisories/24508
Vendor Advisory
http://software.fujitsu.com/jp/security/vulnerabilities/jvn-83832818.html
Vendor Advisory
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200701e.html
Vendor Advisory
http://www.securityfocus.com/bid/23020
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2007/0996
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/33099
VDB Entry

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:fujitsu:interstage_application_server:3.0:*:*:*:enterprise:*:*:*

cpe:2.3:a:fujitsu:interstage_application_server:3.0:*:*:*:standard:*:*:*

cpe:2.3:a:fujitsu:interstage_application_server:4.0:*:*:*:enterprise:*:*:*

cpe:2.3:a:fujitsu:interstage_application_server:4.0:*:*:*:standard:*:*:*

cpe:2.3:a:fujitsu:interstage_application_server:4.0:*:*:*:web_j:*:*:*

cpe:2.3:a:fujitsu:interstage_application_server:5.0:*:*:*:enterprise:*:*:*

cpe:2.3:a:fujitsu:interstage_application_server:5.0:*:*:*:standard:*:*:*

cpe:2.3:a:fujitsu:interstage_application_server:5.0:*:*:*:web_j:*:*:*

cpe:2.3:a:fujitsu:interstage_application_server:5.0.1:*:*:*:enterprise:*:*:*

cpe:2.3:a:fujitsu:interstage_application_server:6.0:*:*:*:enterprise:*:*:*

cpe:2.3:a:fujitsu:interstage_application_server:7.0:*:*:*:enterprise:*:*:*

cpe:2.3:a:fujitsu:interstage_application_server:7.0:*:*:*:plus:*:*:*

cpe:2.3:a:fujitsu:interstage_application_server:7.0:*:*:*:standard:*:*:*

cpe:2.3:a:fujitsu:interstage_application_server:7.0.1:*:*:*:enterprise:*:*:*

cpe:2.3:a:fujitsu:interstage_application_server:7.0.1:*:*:*:plus:*:*:*

cpe:2.3:a:fujitsu:interstage_application_server:8.0.0:*:*:*:enterprise:*:*:*

cpe:2.3:a:fujitsu:interstage_application_server:8.0.0:*:*:*:standard_j:*:*:*

cpe:2.3:a:fujitsu:interstage_application_server:8.0.2:*:*:*:enterprise:*:*:*

cpe:2.3:a:fujitsu:interstage_application_server:8.0.2:*:*:*:standard_j:*:*:*

cpe:2.3:a:fujitsu:interstage_apworks:6.0:*:*:ja:*:*:*:*

EPSS

Процентиль: 74%

0.00828

Низкий

4.3 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-cm8v-4hg4-h2rc

github

почти 4 года назад