Skip to main content
  1. Home >
  2. Support >
  3. Products >
  4. Software >
  5. Security >
  6. This page provides Security Information.

Jasmine: HTTP response splitting vulnerability in WebLink template execution. February 19th, 2009


Notes on using this web page

1. Description

HTTP response splitting vulnerability has been discovered in the Jasmine WebLink template execution.

Fujitsu provides security patches shown in 3.
Please apply them as soon as possible.

2. Impact

HTTP response splitting vulnerability
The HTTP response splitting vulnerability may allow a malicious attacker to cause following problems to a website managed by Jasmine WebLink.

  • The attacker falsifies HTTP cache and shows fictitious content that does not exist on the site. Personal information of the user who accesses this cache is disclosed to the attacker.
  • The atracker creates a malicious page by using this vulnerability. The malicious code is executed on the browser of the user who accesses this page and his/her personal information is disclosed to the attacker.

3. Affected systems and corresponding action

3-1. Affected systems:

PRIMERGY, GRANPOWER5000, PRIMEPOWER, GP7000F Series

3-2. Affected products and required patch

Jasmine
Products Target OS Package name Patch ID.
Jasmine2000 Enterprise Edition for Windows Windows 2000 Server/ NT Server 4.0 - LFNW070806
Jasmine2000 Enterprise Edition Solaris 7 - LFSW070808

* For the Patches, please contact a Fujitsu system engineer or your partner(s).

3-3. Workaround

None.

4. Related information

None.

5. Revision history

  • February 19th, 2009 : Initial release