CVE Vulnerabilities

CVE-2016-1183

Published: Jun 19, 2016 | Modified: Jun 23, 2016
CVSS 3.x
3.7
LOW
Source:
NVD
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu

NTT Data TERASOLUNA Server Framework for Java(WEB) 2.0.0.1 through 2.0.6.1, as used in Fujitsu Interstage Business Application Server and other products, allows remote attackers to bypass a file-extension protection mechanism, and consequently read arbitrary files, via a crafted pathname.

Affected Software

Name Vendor Start Version End Version
Terasoluna_server_framework_for_java_web Nttdata 2.0.2.0 2.0.2.0
Terasoluna_server_framework_for_java_web Nttdata 2.0.1.0 2.0.1.0
Terasoluna_server_framework_for_java_web Nttdata 2.0.6.1 2.0.6.1
Terasoluna_server_framework_for_java_web Nttdata 2.0.5.1 2.0.5.1
Terasoluna_server_framework_for_java_web Nttdata 2.0.5.3 2.0.5.3
Terasoluna_server_framework_for_java_web Nttdata 2.0.0.1 2.0.0.1
Terasoluna_server_framework_for_java_web Nttdata 2.0.0.2 2.0.0.2
Terasoluna_server_framework_for_java_web Nttdata 2.0.5.2 2.0.5.2

References