CVE-2016-1183 Information

Description

NTT Data TERASOLUNA Server Framework for Java(WEB) 2.0.0.1 through 2.0.6.1 as used in Fujitsu Interstage Business Application Server and other products allows remote attackers to bypass a file-extension protection mechanism and consequently read arbitrary files via a crafted pathname.

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Reference

http://jvn.jp/en/jp/JVN74659077/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2016-000098 http://www.fujitsu.com/jp/products/software/resources/condition/security/vulnerabilities/2016/index.htmlCVE-2016-1183

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

3.7