CVE-2016-1183

Опубликовано: 19 июн. 2016

Источник: nvd

CVSS3: 3.7

CVSS2: 4.3

EPSS Низкий

Описание

NTT Data TERASOLUNA Server Framework for Java(WEB) 2.0.0.1 through 2.0.6.1, as used in Fujitsu Interstage Business Application Server and other products, allows remote attackers to bypass a file-extension protection mechanism, and consequently read arbitrary files, via a crafted pathname.

Ссылки

http://jvn.jp/en/jp/JVN74659077/index.html
Vendor Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000098
Vendor Advisory
http://www.fujitsu.com/jp/products/software/resources/condition/security/vulnerabilities/2016/index.html#CVE-2016-1183
Vendor Advisory
http://jvn.jp/en/jp/JVN74659077/index.html
Vendor Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2016-000098
Vendor Advisory
http://www.fujitsu.com/jp/products/software/resources/condition/security/vulnerabilities/2016/index.html#CVE-2016-1183
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:nttdata:terasoluna_server_framework_for_java_web:2.0.0.1:*:*:*:*:*:*:*

cpe:2.3:a:nttdata:terasoluna_server_framework_for_java_web:2.0.0.2:*:*:*:*:*:*:*

cpe:2.3:a:nttdata:terasoluna_server_framework_for_java_web:2.0.1.0:*:*:*:*:*:*:*

cpe:2.3:a:nttdata:terasoluna_server_framework_for_java_web:2.0.2.0:*:*:*:*:*:*:*

cpe:2.3:a:nttdata:terasoluna_server_framework_for_java_web:2.0.5.1:*:*:*:*:*:*:*

cpe:2.3:a:nttdata:terasoluna_server_framework_for_java_web:2.0.5.2:*:*:*:*:*:*:*

cpe:2.3:a:nttdata:terasoluna_server_framework_for_java_web:2.0.5.3:*:*:*:*:*:*:*

cpe:2.3:a:nttdata:terasoluna_server_framework_for_java_web:2.0.6.1:*:*:*:*:*:*:*

EPSS

Процентиль: 37%

0.00159

Низкий

3.7 Low

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-wqhc-f3rv-rqh8