CVE-2007-5366

The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application Server 7.0 through 9.0.0 and Interstage Apworks/Studio 7.0 through 9.0.0 allows remote attackers to obtain sensitive information (web root path) via unspecified vectors that trigger an error message, probably related to enabling the useCanonCaches Java Virtual Machine (JVM) option.

Published: Oct 11, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-5366
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
fujitsu / interstage_application_server	8.0.2	8.0.2.x
fujitsu / interstage_application_server	8.0.3	8.0.3.x
fujitsu / interstage_application_server	9.0a	9.0a.x
fujitsu / interstage_application_server	8.0.0	8.0.0.x
fujitsu / interstage_application_server	8.0.1	8.0.1.x
fujitsu / interstage_apworks	7.0	7.0.x
fujitsu / interstage_studio	8.01	8.01.x
fujitsu / interstage_studio	9.0	9.0.x
fujitsu / interstage_application_server	7.0	7.0.x
fujitsu / interstage_application_server	7.0.1	7.0.1.x
fujitsu / interstage_application_server	9.0	9.0.x
fujitsu / interstage_apworks	8.0	8.0.x

Vulnerability Database

CVE-2007-5366