Vulnerability Details CVE-2016-1183
NTT Data TERASOLUNA Server Framework for Java(WEB) 2.0.0.1 through 2.0.6.1, as used in Fujitsu Interstage Business Application Server and other products, allows remote attackers to bypass a file-extension protection mechanism, and consequently read arbitrary files, via a crafted pathname.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 37.8%
CVSS Severity
CVSS v3 Score 3.7
CVSS v2 Score 4.3
References
- http://jvn.jp/en/jp/JVN74659077/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2016-000098
- http://www.fujitsu.com/jp/products/software/resources/condition/security/vulnerabilities/2016/index.html#CVE-2016-1183
- http://jvn.jp/en/jp/JVN74659077/index.html
- http://jvndb.jvn.jp/jvndb/JVNDB-2016-000098
- http://www.fujitsu.com/jp/products/software/resources/condition/security/vulnerabilities/2016/index.html#CVE-2016-1183
Products affected by CVE-2016-1183
-
cpe:2.3:a:nttdata:terasoluna_server_framework_for_java_web:2.0.0.1
-
cpe:2.3:a:nttdata:terasoluna_server_framework_for_java_web:2.0.0.2
-
cpe:2.3:a:nttdata:terasoluna_server_framework_for_java_web:2.0.1.0
-
cpe:2.3:a:nttdata:terasoluna_server_framework_for_java_web:2.0.2.0
-
cpe:2.3:a:nttdata:terasoluna_server_framework_for_java_web:2.0.5.1
-
cpe:2.3:a:nttdata:terasoluna_server_framework_for_java_web:2.0.5.2
-
cpe:2.3:a:nttdata:terasoluna_server_framework_for_java_web:2.0.5.3
-
cpe:2.3:a:nttdata:terasoluna_server_framework_for_java_web:2.0.6.1