PT-2009-1297 · Fujitsu Siemens · Fujitsu-Siemens Webtransactions

Published

2009-01-02

Updated

2018-10-11

CVE-2008-5810

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Fujitsu-Siemens WebTransactions versions 7.0 through 7.1

Description The issue allows remote attackers to execute arbitrary commands via shell metacharacters in input sent through HTTP, which is improperly used during temporary session data cleanup. This could be related to directory names, template names, and session IDs.

Recommendations For versions 7.0 and 7.1, consider restricting access to the temporary session data cleanup functionality until a fix is available. As a temporary workaround, avoid using shell metacharacters in input that is sent through HTTP to minimize the risk of exploitation.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2008-5810

Affected Products

Fujitsu-Siemens Webtransactions

PT-2009-1297 · Fujitsu Siemens · Fujitsu-Siemens Webtransactions

CVE-2008-5810

Weakness Enumeration

Related Identifiers

Affected Products

References · 10