← Back

CVE-2007-5366

nvd nist
Published: Oct 11, 2007Modified: Apr 23, 2026

JSON object

Loading...
5.0
Vector
AV:N/AC:L/Au:N/C:P/I:N/A:N
Exploitability: 10.0 / Impact: 2.9
Source: NVD

Description

The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application Server 7.0 through 9.0.0 and Interstage Apworks/Studio 7.0 through 9.0.0 allows remote attackers to obtain sensitive information (web root path) via unspecified vectors that trigger an error message, probably related to enabling the useCanonCaches Java Virtual Machine (JVM) option.

Affected (24)

Fujitsu
3 products
Interstage Application Server
Interstage Apworks
Interstage Studio
Configuration A
24 vulnerable
Vulnerable SoftwareAffected Versions
Fujitsu
Interstage Application Server
Version 7.0.1
Interstage Application Server
Version 7.0.1
Interstage Application Server
Version 7.0
Interstage Application Server
Version 7.0
Interstage Application Server
Version 7.0
Interstage Application Server
Version 8.0.0
Interstage Application Server
Version 8.0.0
Interstage Application Server
Version 8.0.1
Interstage Application Server
Version 8.0.1
Interstage Application Server
Version 8.0.2
Interstage Application Server
Version 8.0.2
Interstage Application Server
Version 8.0.3
Interstage Application Server
Version 8.0.3
Interstage Application Server
Version 9.0
Interstage Application Server
Version 9.0
Interstage Application Server
Version 9.0a
Interstage Application Server
Version 9.0a
Fujitsu
Interstage Apworks
Version 7.0
Interstage Apworks
Version 8.0
Interstage Apworks
Version 8.0
Fujitsu
Interstage Studio
Version 8.01
Interstage Studio
Version 8.01
Interstage Studio
Version 9.0
Interstage Studio
Version 9.0

Related CWEs

CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (10)

Source: cve@mitre.org
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.