Secunia Security Advisory - Some vulnerabilities and security issues have been reported in Interstage Application Server, which can be exploited by malicious people to conduct cross-site scripting attacks or bypass certain security restrictions.
c81d7337dfecf139044145c820ec8eb50193b2f2ad0bdd22d5c4c9e2444a43b3
----------------------------------------------------------------------
BETA test the new Secunia Personal Software Inspector!
The Secunia PSI detects installed software on your computer and
categorises it as either Insecure, End-of-Life, or Up-To-Date.
Effectively enabling you to focus your attention on software
installations where more secure versions are available from the
vendors.
Download the free PSI BETA from the Secunia website:
https://psi.secunia.com/
----------------------------------------------------------------------
TITLE:
Interstage Application Server Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA26660
VERIFY ADVISORY:
http://secunia.com/advisories/26660/
CRITICAL:
Less critical
IMPACT:
Security Bypass, Cross Site Scripting
WHERE:
>From remote
SOFTWARE:
Interstage Studio 8.x
http://secunia.com/product/13690/
Interstage Job Workload Server 8.x
http://secunia.com/product/13686/
Interstage Business Application Server 8.x
http://secunia.com/product/13687/
Interstage Apworks 7.x
http://secunia.com/product/13689/
Interstage Apworks 6.x
http://secunia.com/product/13688/
Interstage Application Server 8.x
http://secunia.com/product/13685/
Interstage Application Server 7.x
http://secunia.com/product/13692/
Interstage Application Server 6.x
http://secunia.com/product/13693/
Interstage Studio 9.x
http://secunia.com/product/15610/
DESCRIPTION:
Some vulnerabilities and security issues have been reported in
Interstage Application Server, which can be exploited by malicious
people to conduct cross-site scripting attacks or bypass certain
security restrictions.
1) A vulnerability exists in the Tomcat Servlet Service when
processing multiple content-length headers. This can be exploited to
execute arbitrary HTML and script code in a user's browser session in
context of an affected site.
2) A security issue in the Tomcat Servlet Service can be exploited to
bypass access restrictions imposed on web applications.
For more information:
SA24732
3) Input passed via the "Accept-Language" header to the Tomcat
Servlet Service is not properly sanitised before being returned to
the user. This can be exploited to conduct cross-site scripting
attacks.
For more information:
SA25721
Please see the vendor advisories for a list of affected products.
SOLUTION:
The vendor is working on patches. Please contact a Fujitsu system
engineer.
Filter malicious characters and character sequences in a web proxy.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
1)
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200703e.html
2)
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200702e.html
3)
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200704e.html
OTHER REFERENCES:
SA24732:
http://secunia.com/advisories/24732/
SA25721:
http://secunia.com/advisories/25721/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed