Skip to main content
  1. Home >
  2. Support >
  3. Products >
  4. Software >
  5. Security >
  6. Fujitsu Patch & TA Information>
  7. This page provides Security Information.

Cross site scripting (XSS) and denial of service (DoS) vulnerabilities in Interstage HTTP Server. December 25th, 2008


Notes on using this web page

1. Background and Detected problem(s)

The following security vulnerabilities have been detected in the Interstage HTTP Server, which is provided by Interstage Application Server, Interstage Apworks, Interstage Studio, Interstage Business Application Server, and Interstage Job Workload Server.

  1. Cross site scripting (XSS) in the server status monitoring functionality
    This problem is applicable to CVE-2006-5752.
  2. Denial of service (DoS) in cache functionality
    This problem is applicable to CVE-2007-1863.
  3. Denial of service (DoS) in sending the specified process signals
    This problem is applicable to CVE-2007-3304.
  4. Denial of service (DoS) in proxy functionality
    This problem is applicable to CVE-2007-3847.
  5. Denial of service (DoS) in receiving particular requests
    This problem may occur in the following types of products:
    space
    1. Windows products in which the following urgent corrections have been applied.
      - TP08940
      - TP38940
    2. The following Windows(IPF) product is applicable:
      - Interstage Application Server Enterprise Edition 8.0.0 for Windows
  6. Denial of service (DoS) in the operation using SSL
    This problem may occur in the following types of products:
    space
    • Solaris products in which the following urgent corrections have been applied.
      - T023AS-03

Fujitsu provides security patches shown in 3.
Please apply them as soon as possible.

2. Method to temporarily avoid the problem

None.

3. Corresponding system and Patch information

Corresponding system: GP7000F, PRIMEPOWER, PRIMERGY, GP5000, CELSIUS, AT-compatible machine, PRIMEQUEST, SPARC Enterprise

Note) The effect of each vulnerability differs for each product. Please refer to the symbol in brackets following the product name and the following categories.

[a]: The effect of CVE-2006-5752
[b]: The effect of CVE-2007-1863
[c]: The effect of CVE-2007-3304
[d]: The effect of CVE-2007-3847
[e]: The effect of DoS problems in receiving particular requests
[f]: The effect of DoS problems in the operation using SSL

Interstage Application Server
Products Target OS Package name Patch ID.
Interstage Application Server Enterprise Edition V5.0 for Windows [a,d,e] Windows F3FMihs TP09823*
Interstage Application Server Standard Edition V5.0 for Windows [a,d,e] Windows F3FMihs TP09823*
Interstage Application Server Web-J Edition V5.0 for Windows [a,d,e] Windows F3FMihs TP09823*
Interstage Application Server Plus V5.0.1 for Windows [a,d] Windows F3FMihs *
Interstage Application Server Plus Developer V5.0.1 for Windows [a,d] Windows F3FMihs *
Interstage Application Server Enterprise Edition V6.0 for Windows [a,d] Windows F3FMihs *
Interstage Application Server Plus V6.0 for Windows [a,d] Windows F3FMihs *
Interstage Application Server Plus Developer V6.0 for Windows [a,d] Windows F3FMihs *
Interstage Application Server Enterprise Edition V7.0 for Windows [a,d,e] Windows F3FMihs TP39823*
Interstage Application Server Plus V7.0 for Windows [a,d,e] Windows F3FMihs TP39823*
Interstage Application Server Plus Developer V7.0 for Windows [a,d,e] Windows F3FMihs TP39823*
Interstage Application Server Enterprise Edition V7.0.1 for Windows [a,d,e] Windows F3FMihs TP39823*
Interstage Application Server Plus V7.0.1 for Windows [a,d,e] Windows F3FMihs TP39823*
Interstage Application Server Enterprise Edition 8.0.0 for Windows [a,d] Windows F3FMihs *
Interstage Application Server Standard-J Edition 8.0.0 for Windows [a,d] Windows F3FMihs *
Interstage Application Server Enterprise Edition 8.0.1 for Windows [a,d] Windows F3FMihs *
Interstage Application Server Standard-J Edition 8.0.1 for Windows [a,d] Windows F3FMihs *
Interstage Application Server Enterprise Edition 8.0.2 for Windows [a,d] Windows F3FMihs *
Interstage Application Server Standard-J Edition 8.0.2 for Windows [a,d] Windows F3FMihs *
Interstage Application Server Enterprise Edition V9.0.0 for Windows [a,b,d] Windows F3FMihs *
Interstage Application Server Standard-J Edition V9.0.0 for Windows [a,b,d] Windows F3FMihs *
Interstage Application Server Enterprise Edition V9.0.0A for Windows [a,b,d] Windows F3FMihs *
Interstage Application Server Standard-J Edition V9.0.0A for Windows [a,b,d] Windows F3FMihs *
Interstage Application Server Enterprise Edition 5.0 [a,c,d] Solaris FJSVihs 912327-11*
Interstage Application Server Standard Edition 5.0 [a,c,d] Solaris FJSVihs 912327-11*
Interstage Application Server Web-J Edition 5.0 [a,c,d] Solaris FJSVihs 912327-11*
Interstage Application Server Enterprise Edition 5.0.1 [a,c,d] Solaris FJSVihs *
Interstage Application Server Enterprise Edition 6.0 [a,c,d] Solaris FJSVihs T0103S-07*
Interstage Application Server Enterprise Edition 7.0 [a,c,d] Solaris FJSVihs T013RS-06*
Interstage Application Server Plus 7.0 [a,c,d] Solaris FJSVihs T013RS-06*
Interstage Application Server Enterprise Edition 7.0.1 [a,c,d,f] Solaris FJSVihs T023AS-05*
Interstage Application Server Plus 7.0.1 [a,c,d,f] Solaris FJSVihs T023AS-05*
Interstage Application Server Enterprise Edition 8.0.0 [a,c,d] Solaris FJSVihs *
Interstage Application Server Standard-J Edition 8.0.0 [a,c,d] Solaris FJSVihs *
Interstage Application Server Enterprise Edition 8.0.2 [a,c,d] Solaris FJSVihs *
Interstage Application Server Standard-J Edition 8.0.2 [a,c,d] Solaris FJSVihs *
Interstage Application Server Enterprise Edition V9.0.0 [a,b,c] Solaris FJSVihs *
Interstage Application Server Standard-J Edition V9.0.0 [a,b,c] Solaris FJSVihs *
Interstage Application Server Enterprise Edition V5.0 [a,c,d] Turbolinux 7 Server FJSVihs T00019-10*
Interstage Application Server Standard Edition V5.0 [a,c,d] Turbolinux 7 Server FJSVihs T00019-10*
Interstage Application Server Web-J Edition V5.0 [a,c,d] Turbolinux 7 Server FJSVihs T00019-10*
Interstage Application Server Enterprise Edition V6.0 [a,c,d] RHEL-AS3(x86)/ ES3(x86) FJSVihs *
Interstage Application Server Enterprise Edition V7.0 [a,c,d] RHEL-AS3(x86)/ ES3(x86) FJSVihs T00603-05*
Interstage Application Server Plus V7.0 [a,c,d] RHEL-AS3(x86)/ ES3(x86) FJSVihs T00603-05*
Interstage Application Server Enterprise Edition V7.0.1 [a,c,d] RHEL-AS3(x86)/ ES3(x86)/ AS4(x86) FJSVihs T00603-05*
Interstage Application Server Plus V7.0.1 [a,c,d] RHEL-AS3(x86)/ ES3(x86)/ AS4(x86) FJSVihs T00603-05*
Interstage Application Server Enterprise Edition 8.0.0 [a,c,d] RHEL-AS4(x86)/ AS4(EM64T) FJSVihs *
Interstage Application Server Standard-J Edition 8.0.0 [a,c,d] RHEL-AS4(x86)/ AS4(EM64T) FJSVihs *
Interstage Application Server Enterprise Edition 8.0.2 [a,c,d] RHEL-AS4(x86)/ AS4(EM64T) FJSVihs *
Interstage Application Server Standard-J Edition 8.0.2 [a,c,d] RHEL-AS4(x86)/ AS4(EM64T) FJSVihs *
Interstage Application Server Enterprise Edition V9.0.0 [a,b,c] RHEL-AS4(x86)/ AS4(EM64T) FJSVihs *
Interstage Application Server Enterprise Edition V9.0.0 [a,b,c] RHEL5(x86)/ RHEL5(Intel64) FJSVihs *
Interstage Application Server Standard-J Edition V9.0.0 [a,b,c] RHEL-AS4(x86)/ AS4(EM64T) FJSVihs *
Interstage Application Server Standard-J Edition V9.0.0 [a,b,c] RHEL5(x86)/ RHEL5(Intel64) FJSVihs *
Interstage Application Server Enterprise Edition V7.0 [a,c,d] RHEL-AS4(IPF) FJSVihs *
Interstage Application Server Enterprise Edition 8.0.0 [a,c,d] RHEL-AS4(IPF) FJSVihs *
Interstage Application Server Enterprise Edition 8.0.1 [a,c,d] RHEL-AS4(IPF) FJSVihs *
Interstage Application Server Enterprise Edition 8.0.2 [a,c,d] RHEL-AS4(IPF) FJSVihs *
Interstage Application Server Enterprise Edition V9.0.0 [a,b,c] RHEL-AS4(IPF) FJSVihs *
Interstage Application Server Enterprise Edition V9.0.0 [a,b,c] RHEL5(IPF) FJSVihs *
Interstage Application Server Standard-J Edition V9.0.0 [a,b,c] RHEL-AS4(IPF) FJSVihs *
Interstage Application Server Standard-J Edition V9.0.0 [a,b,c] RHEL5(IPF) FJSVihs *
Interstage Application Server Enterprise Edition 8.0.0 for Windows [a,d,e] Windows(IPF) F3FMihs *
Interstage Application Server Enterprise Edition V9.0.0 for Windows [a,b,d] Windows(IPF) F3FMihs *
Interstage Application Server Standard-J Edition V9.0.0 for Windows [a,b,d] Windows(IPF) F3FMihs *
Interstage Apworks
Products Target OS Package name Patch ID.
Interstage Apworks Modelers-J Edition V6.0 for Windows [a,d] Windows F3FMihs *
Interstage Apworks Modelers-J Edition V6.0A for Windows [a,d] Windows F3FMihs *
Interstage Apworks Modelers-J Edition V7.0 for Windows [a,d,e] Windows F3FMihs TP39823*
Interstage Apworks Enterprise Edition 8.0.0 for Windows [a,d] Windows F3FMihs *
Interstage Apworks Standard-J Edition 8.0.0 for Windows [a,d] Windows F3FMihs *
Interstage Studio
Products Target OS Package name Patch ID.
Interstage Studio Enterprise Edition 8.0.1 for Windows [a,d] Windows F3FMihs *
Interstage Studio Standard-J Edition 8.0.1 for Windows [a,d] Windows F3FMihs *
Interstage Studio Enterprise Edition V9.0.0 for Windows [a,b,d] Windows F3FMihs *
Interstage Studio Standard-J Edition V9.0.0 for Windows [a,b,d] Windows F3FMihs *
Interstage Business Application Server
Products Target OS Package name Patch ID.
Interstage Business Application Server Enterprise Edition 8.0.0 [a,c,d] RHEL-AS4(IPF) FJSVihs *
Interstage Job Workload Server
Products Target OS Package name Patch ID.
Interstage Job Workload Server 8.1.0 [a,c,d] RHEL-AS4(IPF) FJSVihs *


* For the Patches without ID nor link, please contact a Fujitsu system engineer or your partner(s).

4. Revision history

  • December 25th, 2008: 3rd edition:
    space
    • deleted "FMV series" of "Corresponding system"
    • The following products have been added to "3. Corresponding system and Patch information":
        Interstage Application Server Standard-J Edition V9.0.0 for Windows Windows(IPF)
    • Products which corresponded to [c], and [d] of "3. Corresponding system and Patch information" were changed.
    • "Patch ID" of "3. Corresponding system and Patch information" were changed.
      The table below maps the 2nd edition and the 3rd edition.
2nd edition 3rd edition
Patch ID fixed problem Patch ID fixed problem
TP09615 a, e TP09823 a, d, e
TP39615 a, e TP39823 a, d, e
912327-10 a 912327-11 a, c, d
T0103S-06 a T0103S-07 a, c, d
T013RS-05 a T013RS-06 a, c, d
T023AS-04 a, f T023AS-05 a, c, d, f
T00019-09 a T00019-10 a, c, d
T00603-04 a T00603-05 a, c, d
  • January 24th, 2008: 2nd edition:
    Products which corresponded to [b], [c], and [d] of "3. Corresponding system and Patch information" were corrected.
  • January 22nd, 2008: Initial release