Vulnerability Description
WBPublish (aka WBPublish.exe) in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allows remote attackers to execute arbitrary commands via shell metacharacters in input that is sent through HTTP and improperly used during temporary session data cleanup, possibly related to (1) directory names, (2) template names, and (3) session IDs.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fujitsu-Siemens | Webtransactions | 7.0 |
Related Weaknesses (CWE)
References
- http://bs2www.fujitsu-siemens.de/update/securitypatch.htm#englishPatch
- http://secunia.com/advisories/33168PatchVendor Advisory
- http://securityreason.com/securityalert/4856
- http://www.sec-consult.com/files/20081219-0_fujitsu-siemens_webta_cmdexec.txt
- http://www.securityfocus.com/archive/1/499417/100/0/threaded
- http://www.securityfocus.com/bid/32927
- http://www.securitytracker.com/id?1021475
- http://www.vupen.com/english/advisories/2008/3462
- https://exchange.xforce.ibmcloud.com/vulnerabilities/47495
- http://bs2www.fujitsu-siemens.de/update/securitypatch.htm#englishPatch
- http://secunia.com/advisories/33168PatchVendor Advisory
- http://securityreason.com/securityalert/4856
- http://www.sec-consult.com/files/20081219-0_fujitsu-siemens_webta_cmdexec.txt
- http://www.securityfocus.com/archive/1/499417/100/0/threaded
- http://www.securityfocus.com/bid/32927
FAQ
What is CVE-2008-5810?
CVE-2008-5810 is a vulnerability with a CVSS score of 10.0 (HIGH). WBPublish (aka WBPublish.exe) in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allows remote attackers to execute arbitrary commands via shell metacharacters in input that is s...
How severe is CVE-2008-5810?
CVE-2008-5810 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-5810?
Check the references section above for vendor advisories and patch information. Affected products include: Fujitsu-Siemens Webtransactions.