Cross-site scripting (XSS) vulnerabilities in Interstage Application Server. November 16th, 2010
1. Background and Detected problem(s)
Cross-site scripting (XSS) vulnerabilities have been discovered in the Servlet Service and in the Servlet Service for Interstage Management Console(*).
(*)Note: Depending on the product version that you are using, Servlet Service for Interstage Management Console may be referred to as Servlet Service for Interstage Operation Management.
2. Method to temporarily avoid the problem
2.1 Temporary Solution for Tomcat 3.1-based Servlet service(*)
Set error pages for both HTTP status codes 404 and 500 in the Web application environment definition file (deployment descriptor: web.xml) of Servlet Service. (Make settings only. You do not have to store the resources specified with the Location tag.)
If you change any settings, you must restart the Servlet Service. Restart by the usual method.
(*)Note: In this case, "Servlet service" refers to V3 series-V5 series Servlet service or old versions of Servlet service included in V6 series-V7 series.
2.1.1 Changing Settings of Tomcat 3.1-based Servlet service
The Web application environment definition file (deployment descriptor: web.xml) of the Tomcat 3.1-based Servlet Service is stored in the following location:
- Windows
< Interstage installation folder >\F3FMjs2\conf\web.xml
- Solaris/Linux
/opt/FJSVjs2/conf/web.xml
Make the error page setting after the final line of the mime-mapping setting.
< example > Web application environment definition file (deployment descriptor: web.xml) of Tomcat 3.1-based Servlet Service.
< web-app >
:
:
< mime-mapping >
< extension >
mpv2
< /extension >
< mime-type >
video/mpeg2
< /mime-type >
< /mime-mapping >
< error-page >
< error-code >
404
< /error-code >
< location >
/error/http/404.html(specify an optional page.)
< /location >
< /error-page >
< error-page >
< error-code >
500
< /error-code >
< location >
/error/http/500.html(specify an optional page.)
< /location >
< /error-page >
< /web-app >
2.2 Temporary Solution for Tomcat 4.1-based Servlet service(*)
Set error pages for both HTTP status codes 404 and 500 in the default Web application environment definition file (deployment descriptor: web.xml) of each IJServer. (Make settings only. You do not have to store the resources specified with the Location tag.) If you change any settings, you must restart each IJServer. Restart by the usual method.
(*)Note: In this case, "Servlet service" refers to Servlet service of V6 series-V8 series.
2.2.1 Changing Settings of Tomcat 4.1-based Servlet service
The default Web application environment definition file (deployment descriptor: web.xml) of the IJServer is stored in the following location:
- Windows
< J2EE common directory >\ijserver\[IJServer-name]\web.xml
- Solaris/Linux
/opt/FJSVj2ee/var/deployment/ijserver/[IJServer-name]/web.xml
Make the error page setting after the final line of the welcome-file-list setting.
< example >The default Web application environment definition file (deployment descriptor: web.xml) of the IJServer.
< web-app >
:
:
< welcome-file-list >
< welcome-file >index.html< /welcome-file >
< welcome-file >index.htm< /welcome-file >
< welcome-file >index.jsp< /welcome-file >
< /welcome-file-list >
< error-page >
< error-code >
404
< /error-code >
< location >
/error/http/404.html(specify an optional page.)
< /location >
< /error-page >
< error-page >
< error-code >
500
< /error-code >
< location >
/error/http/500.html(specify an optional page.)
< /location >
< /error-page >
< /web-app >
2.3 Temporary Solution for Servlet Service for Interstage Management Console
Set error pages for both HTTP status codes 404 and 500 in the Web application environment definition file (deployment descriptor: web.xml) of Servlet Service for Interstage Management Console. (Make settings only. You do not have to store the resources specified with the Location tag.) If you change any settings, you must restart the Servlet Service for Interstage Management Console. For details on restarting, refer to Interstage Application Server Operator's Guide.
2.3.1 Changing Settings of Servlet Service for Interstage Management Console
The Web application environment definition file (deployment descriptor: web.xml) of the Servlet Service for Interstage Management Console is stored in the following location:
- Windows
< Interstage installation folder >\F3FMjs2su\conf\web.xml
- Solaris/Linux
/opt/FJSVjs2su/conf/web.xml
Make the error page setting after the final line of the mime-mapping setting.
< example >Web application environment definition file (deployment descriptor: web.xml) of Servlet Service for Interstage Management Console.
< web-app >
:
:
< mime-mapping >
< extension >
mpv2
< /extension >
< mime-type >
video/mpeg2
< /mime-type >
< /mime-mapping >
< error-page >
< error-code >
404
< /error-code >
< location >
/error/http/404.html(specify an optional page.)
< /location >
< /error-page >
< error-page >
< error-code >
500
< /error-code >
< location >
/error/http/500.html(specify an optional page.)
< /location >
< /error-page >
< /web-app >
3. Corresponding system and Patch information
Corresponding system : GP7000F, PRIMEPOWER, PRIMERGY, GP5000, CELSIUS, FMV series, AT compatible machine, PRIMEQUEST
| Products | Target OS | Package name | Patch ID. |
|---|---|---|---|
| INTERSTAGE Application Server Enterprise Edition 3.0 (with standard encryption) | Solaris 2.6, 7, 8 | FJSVjs2 | * |
| INTERSTAGE Application Server Enterprise Edition 3.0 (with strong encryption) | Solaris 2.6, 7, 8 | FJSVjs2 | * |
| INTERSTAGE Application Server Standard Edition 3.0 (with standard encryption) | Solaris 2.6, 7, 8 | FJSVjs2 | * |
| INTERSTAGE Application Server Standard Edition 3.0 (with strong encryption) | Solaris 2.6, 7, 8 | FJSVjs2 | * |
| INTERSTAGE Application Server Enterprise Edition 4.0 (with Non Encryption) | Solaris 2.6, 7, 8 | FJSVjs2 | 911367-11* |
| INTERSTAGE Application Server Enterprise Edition 4.0 (with Strong Encryption) | Solaris 2.6, 7, 8 | FJSVjs2 | 911367-11* |
| INTERSTAGE Application Server Standard Edition 4.0 (with Non Encryption) | Solaris 2.6, 7, 8 | FJSVjs2 | 911368-11* |
| INTERSTAGE Application Server Standard Edition 4.0 (with Strong Encryption) | Solaris 2.6, 7, 8 | FJSVjs2 | 911368-11* |
| INTERSTAGE Application Server Web-J Edition | 4.0 (with Non Encryption) | Solaris2.6, 7, 8 | 911562-10* |
| INTERSTAGE Application Server Web-J Edition 4.0 (with Strong Encryption) | Solaris 2.6, 7, 8 | FJSVjs2 | 911562-10* |
| Interstage Application Server Enterprise Edition 5.0 (with Strong Encryption) | Solaris 7, 8, 9 | FJSVjs2 | * |
| Interstage Application Server Enterprise Edition 5.0 (with Strong Encryption) | Solaris 7, 8, 9 | FJSVjs2su | * |
| Interstage Application Server Enterprise Edition 5.0 (with Non Encryption) | Solaris 7, 8, 9 | FJSVjs2 | * |
| Interstage Application Server Enterprise Edition 5.0 (with Non Encryption) | Solaris 7, 8, 9 | FJSVjs2su | * |
| Interstage Application Server Standard Edition 5.0 (with Strong Encryption) | Solaris 7, 8, 9 | FJSVjs2 | * |
| Interstage Application Server Standard Edition 5.0 (with Strong Encryption) | Solaris 7, 8, 9 | FJSVjs2su | * |
| Interstage Application Server Standard Edition 5.0 (with Non Encryption) | Solaris 7, 8, 9 | FJSVjs2 | * |
| Interstage Application Server Standard Edition 5.0 (with Non Encryption) | Solaris 7, 8, 9 | FJSVjs2su | * |
| Interstage Application Server Web-J Edition 5.0 (with Strong Encryption) | Solaris 7, 8, 9 | FJSVjs2 | * |
| Interstage Application Server Web-J Edition 5.0 (with Strong Encryption) | Solaris 7, 8, 9 | FJSVjs2su | * |
| Interstage Application Server Web-J Edition 5.0 (with Non Encryption) | Solaris 7, 8, 9 | FJSVjs2 | * |
| Interstage Application Server Web-J Edition 5.0 (with Non Encryption) | Solaris 7, 8, 9 | FJSVjs2su | * |
| Interstage Application Server Enterprise Edition 5.0.1 (with Strong Encryption) | Solaris 7, 8, 9 | FJSVjs2 | * |
| Interstage Application Server Enterprise Edition 5.0.1 (with Strong Encryption) | Solaris 7, 8, 9 | FJSVjs2su | * |
| Interstage Application Server Enterprise Edition 6.0 | Solaris 7, 8, 9 | FJSVjs2 | * |
| Interstage Application Server Enterprise Edition 6.0 | Solaris 7, 8, 9 | FJSVjs4 | * |
| Interstage Application Server Enterprise Edition 6.0 | Solaris 7, 8, 9 | FJSVjs2su | * |
| Interstage Application Server Enterprise Edition 7.0 | Solaris 8, 9 | FJSVjs2 | * |
| Interstage Application Server Enterprise Edition 7.0 | Solaris 8, 9 | FJSVjs4 | L020LS-07* |
| Interstage Application Server Enterprise Edition 7.0 | Solaris 8, 9 | FJSVjs2su | * |
| Interstage Application Server Standard Edition 7.0 | Solaris 8, 9 | FJSVjs2 | * |
| Interstage Application Server Standard Edition 7.0 | Solaris 8, 9 | FJSVjs4 | L020LS-07* |
| Interstage Application Server Standard Edition 7.0 | Solaris 8, 9 | FJSVjs2su | * |
| Interstage Application Server Plus 7.0 | Solaris 8, 9 | FJSVjs2 | * |
| Interstage Application Server Plus 7.0 | Solaris 8, 9 | FJSVjs4 | L020LS-07* |
| Interstage Application Server Plus 7.0 | Solaris 8, 9 | FJSVjs2su | * |
| Interstage Application Server Enterprise Edition 7.0.1 | Solaris 8, 9, 10 | FJSVjs2 | * |
| Interstage Application Server Enterprise Edition 7.0.1 | Solaris 8, 9, 10 | FJSVjs4 | L020LS-07* |
| Interstage Application Server Enterprise Edition 7.0.1 | Solaris 8, 9, 10 | FJSVjs2su | * |
| Interstage Application Server Plus 7.0.1 | Solaris 8, 9, 10 | FJSVjs2 | * |
| Interstage Application Server Plus 7.0.1 | Solaris 8, 9, 10 | FJSVjs4 | L020LS-07* |
| Interstage Application Server Plus 7.0.1 | Solaris 8, 9, 10 | FJSVjs2su | * |
| Interstage Application Server Enterprise Edition V8.0.0 | Solaris 9, 10 | FJSVjs4 | * |
| Interstage Application Server Enterprise Edition V8.0.0 | Solaris 9, 10 | FJSVjs2su | * |
| Interstage Application Server Standard-J Edition V8.0.0 | Solaris 9, 10 | FJSVjs4 | * |
| Interstage Application Server Standard-J Edition V8.0.0 | Solaris 9, 10 | FJSVjs2su | * |
| Interstage Application Server Enterprise Edition V8.0.2 | Solaris 9, 10 | FJSVjs4 | * |
| Interstage Application Server Enterprise Edition V8.0.2 | Solaris 9, 10 | FJSVjs2su | * |
| Interstage Application Server Standard-J Edition V8.0.2 | Solaris 9, 10 | FJSVjs4 | * |
| Interstage Application Server Standard-J Edition V8.0.2 | Solaris 9, 10 | FJSVjs2su | * |
| INTERSTAGE Application Server Enterprise Edition V3.0 (with strong encryption) for Windows | Windows 2000/ Windows NT Server 4.0 | F3FMjs2 | * |
| INTERSTAGE Application Server Enterprise Edition V3.0 (with standard encryption) for Windows | Windows 2000/ Windows NT Server 4.0 | F3FMjs2 | * |
| INTERSTAGE Application Server Standard Edition V3.0 (with strong encryption) for Windows | Windows 2000/ Windows NT Server 4.0 | F3FMjs2 | * |
| INTERSTAGE Application Server Standard Edition V3.0 (with standard encryption) for Windows | Windows 2000/ Windows NT Server 4.0 | F3FMjs2 | * |
| INTERSTAGE Application Server Enterprise Edition V4.0 (with Strong Encryption) for Windows | Windows 2000/ Windows NT Server 4.0 | F3FMjs2 | * |
| INTERSTAGE Application Server Enterprise Edition V4.0 (with Non Encryption) for Windows | Windows 2000/ Windows NT Server 4.0 | F3FMjs2 | * |
| INTERSTAGE Application Server Standard Edition V4.0 (with Strong Encryption) for Windows | Windows 2000/ Windows NT Server 4.0 | F3FMjs2 | * |
| INTERSTAGE Application Server Standard Edition V4.0 (with Non Encryption) for Windows | Windows 2000/ Windows NT Server 4.0 | F3FMjs2 | * |
| INTERSTAGE Application Server Web-J Edition V4.0 (with Strong Encryption) for Windows | Windows 2000/ Windows NT Server 4.0 | F3FMjs2 | * |
| INTERSTAGE Application Server Web-J Edition V4.0 (with Non Encryption) for Windows | Windows 2000/ Windows NT Server 4.0 | F3FMjs2 | * |
| Interstage Application Server Enterprise Edition V5.0 (with Strong Encryption) for Windows | Windows 2000/ Windows NT Server 4.0 | F3FMjs2 | * |
| Interstage Application Server Enterprise Edition V5.0 (with Strong Encryption) for Windows | Windows 2000/ Windows NT Server 4.0 | F3FMjs2su | * |
| Interstage Application Server Enterprise Edition V5.0 (with Non Encryption) for Windows | Windows 2000/ Windows NT Server 4.0 | F3FMjs2 | * |
| Interstage Application Server Enterprise Edition V5.0 (with Non Encryption) for Windows | Windows 2000/ Windows NT Server 4.0 | F3FMjs2su | * |
| Interstage Application Server Standard Edition V5.0 (with Non Encryption) for Windows | Windows 2000/ Windows NT Server 4.0 | F3FMjs2 | * |
| Interstage Application Server Standard Edition V5.0 (with Non Encryption) for Windows | Windows 2000/ Windows NT Server 4.0 | F3FMjs2su | * |
| Interstage Application Server Standard Edition V5.0 (with Strong Encryption) for Windows | Windows 2000/ Windows NT Server 4.0 | F3FMjs2 | * |
| Interstage Application Server Standard Edition V5.0 (with Strong Encryption) for Windows | Windows 2000/ Windows NT Server 4.0 | F3FMjs2su | * |
| Interstage Application Server Web-J Edition V5.0 (with Strong Encryption) for Windows | Windows 2000/ Windows NT Server 4.0 | F3FMjs2 | * |
| Interstage Application Server Web-J Edition V5.0 (with Strong Encryption) for Windows | Windows 2000/ Windows NT Server 4.0 | F3FMjs2su | * |
| Interstage Application Server Web-J Edition V5.0 (with Non Encryption) for Windows | Windows 2000/ Windows NT Server 4.0 | F3FMjs2 | * |
| Interstage Application Server Web-J Edition V5.0 (with Non Encryption) for Windows | Windows 2000/ Windows NT Server 4.0 | F3FMjs2su | * |
| Interstage Application Server Plus V5.0.1 for Windows | Windows 2000/ Windows NT Server 4.0 | F3FMjs2 | * |
| Interstage Application Server Plus V5.0.1 for Windows | Windows 2000/ Windows NT Server 4.0 | F3FMjs2su | * |
| Interstage Application Server Plus Developer V5.0.1 for Windows | Windows 2000/ Windows NT Server 4.0/ Windows XP | F3FMjs2 | * |
| Interstage Application Server Plus Developer V5.0.1 for Windows | Windows 2000/ Windows NT Server 4.0/ Windows XP | F3FMjs2su | * |
| Interstage Application Server Enterprise Edition V6.0 for Windows | Windows Server 2003/ Windows 2000/ Windows NT Server 4.0 | F3FMjs2 | * |
| Interstage Application Server Enterprise Edition V6.0 for Windows | Windows Server 2003/ Windows 2000/ Windows NT Server 4.0 | F3FMjs4 | TP09743* |
| Interstage Application Server Enterprise Edition V6.0 for Windows | Windows Server 2003/ Windows 2000/ Windows NT Server 4.0 | F3FMjs2su | * |
| Interstage Application Server Plus V6.0 for Windows | Windows Server 2003/ Windows 2000/ Windows NT Server 4.0 | F3FMjs2 | * |
| Interstage Application Server Plus V6.0 for Windows | Windows Server 2003/ Windows 2000/ Windows NT Server 4.0 | F3FMjs4 | TP09743* |
| Interstage Application Server Plus V6.0 for Windows | Windows Server 2003/ Windows 2000/ Windows NT Server 4.0 | F3FMjs2su | * |
| Interstage Application Server Plus Developer V6.0 for Windows | Windows Server 2003/ Windows 2000/ Windows NT Server 4.0/ Windows XP | F3FMjs4 | TP09743* |
| Interstage Application Server Plus Developer V6.0 for Windows | Windows Server 2003/ Windows 2000/ Windows NT Server 4.0/ Windows XP | F3FMjs2su | * |
| Interstage Application Server Enterprise Edition V7.0 for Windows | Windows Server 2003/ Windows 2000 | F3FMjs2 | * |
| Interstage Application Server Enterprise Edition V7.0 for Windows | Windows Server 2003/ Windows 2000 | F3FMjs4 | TP09768* |
| Interstage Application Server Enterprise Edition V7.0 for Windows | Windows Server 2003/ Windows 2000 | F3FMjs2su | * |
| Interstage Application Server Standard Edition V7.0 for Windows | Windows Server 2003/ Windows 2000 | F3FMjs2 | * |
| Interstage Application Server Standard Edition V7.0 for Windows | Windows Server 2003/ Windows 2000 | F3FMjs4 | TP09768* |
| Interstage Application Server Standard Edition V7.0 for Windows | Windows Server 2003/ Windows 2000 | F3FMjs2su | * |
| Interstage Application Server Plus V7.0 for Windows | Windows Server 2003/ Windows 2000 | F3FMjs2 | * |
| Interstage Application Server Plus V7.0 for Windows | Windows Server 2003/ Windows 2000 | F3FMjs4 | TP09768* |
| Interstage Application Server Plus V7.0 for Windows | Windows Server 2003/ Windows 2000 | F3FMjs2su | * |
| Interstage Application Server Plus Developer V7.0 for Windows | Windows Server 2003/ Windows 2000/ Windows XP | F3FMjs4 | TP09768* |
| Interstage Application Server Plus Developer V7.0 for Windows | Windows Server 2003/ Windows 2000/ Windows XP | F3FMjs2su | * |
| Interstage Application Server Enterprise Edition V7.0.1 for Windows | Windows Server 2003/ Windows 2000 | F3FMjs2 | * |
| Interstage Application Server Enterprise Edition V7.0.1 for Windows | Windows Server 2003/ Windows 2000 | F3FMjs4 | TP09768* |
| Interstage Application Server Enterprise Edition V7.0.1 for Windows | Windows Server 2003/ Windows 2000 | F3FMjs2su | * |
| Interstage Application Server Plus V7.0.1 for Windows | Windows Server 2003/ Windows 2000 | F3FMjs2 | * |
| Interstage Application Server Plus V7.0.1 for Windows | Windows Server 2003/ Windows 2000 | F3FMjs4 | TP09768* |
| Interstage Application Server Plus V7.0.1 for Windows | Windows Server 2003/ Windows 2000 | F3FMjs2su | * |
| Interstage Application Server Enterprise Edition V8.0.0 for Windows | Windows Server 2003/ Windows 2000 | F3FMjs4 | * |
| Interstage Application Server Enterprise Edition V8.0.0 for Windows | Windows Server 2003/ Windows 2000 | F3FMjs2su | * |
| Interstage Application Server Standard-J Edition V8.0.0 for Windows | Windows Server 2003/ Windows 2000 | F3FMjs4 | * |
| Interstage Application Server Standard-J Edition V8.0.0 for Windows | Windows Server 2003/ Windows 2000 | F3FMjs2su | * |
| Interstage Application Server Enterprise Edition V8.0.1 for Windows | Windows Server 2003/ Windows 2000 | F3FMjs4 | * |
| Interstage Application Server Enterprise Edition V8.0.1 for Windows | Windows Server 2003/ Windows 2000 | F3FMjs2su | * |
| Interstage Application Server Standard-J Edition V8.0.1 for Windows | Windows Server 2003/ Windows 2000 | F3FMjs4 | * |
| Interstage Application Server Standard-J Edition V8.0.1 for Windows | Windows Server 2003/ Windows 2000 | F3FMjs2su | * |
| Interstage Application Server Enterprise Edition V8.0.2 for Windows | Windows Server 2003/ Windows 2000 | F3FMjs4 | * |
| Interstage Application Server Enterprise Edition V8.0.2 for Windows | Windows Server 2003/ Windows 2000 | F3FMjs2su | * |
| Interstage Application Server Standard-J Edition V8.0.2 for Windows | Windows Server 2003/ Windows 2000 | F3FMjs4 | * |
| Interstage Application Server Standard-J Edition V8.0.2 for Windows | Windows Server 2003/ Windows 2000 | F3FMjs2su | * |
| INTERSTAGE Application Server Enterprise Edition 4.1 (with Non Encryption) for Linux | Turbolinux 7/ RedHat Linux 7.2 | FJSVjs2 | * |
| INTERSTAGE Application Server Standard Edition 4.1 (with Non Encryption) for Linux | Turbolinux 7/ RedHat Linux 7.2 | FJSVjs2 | * |
| INTERSTAGE Application Server Web-J Edition 4.1 (with Non Encryption) for Linux | Turbolinux 6.1/ 6.5/ 7/ RedHat Linux 7.2 | FJSVjs2 | * |
| Interstage Application Server Enterprise Edition V5.0 (with Strong Encryption) for Linux | Turbolinux 7 | FJSVjs2 | * |
| Interstage Application Server Enterprise Edition V5.0 (with Strong Encryption) for Linux | Turbolinux 7 | FJSVjs2su | * |
| Interstage Application Server Enterprise Edition V5.0 (with Non Encryption) for Linux | Turbolinux 7 | FJSVjs2 | * |
| Interstage Application Server Enterprise Edition V5.0 (with Non Encryption) for Linux | Turbolinux 7 | FJSVjs2su | * |
| Interstage Application Server Standard Edition V5.0 (with Strong Encryption) for Linux | Turbolinux 7 | FJSVjs2 | * |
| Interstage Application Server Standard Edition V5.0 (with Strong Encryption) for Linux | Turbolinux 7 | FJSVjs2su | * |
| Interstage Application Server Standard Edition V5.0 (with Non Encryption) for Linux | Turbolinux 7 | FJSVjs2 | * |
| Interstage Application Server Standard Edition V5.0 (with Non Encryption) for Linux | Turbolinux 7 | FJSVjs2su | * |
| Interstage Application Server Web-J Edition V5.0 (with Strong Encryption) for Linux | Turbolinux 7 | FJSVjs2 | * |
| Interstage Application Server Web-J Edition V5.0 (with Strong Encryption) for Linux | Turbolinux 7 | FJSVjs2su | * |
| Interstage Application Server Web-J Edition V5.0 (with Non Encryption) for Linux | Turbolinux 7 | FJSVjs2 | * |
| Interstage Application Server Web-J Edition V5.0 (with Non Encryption) for Linux | Turbolinux 7 | FJSVjs2su | * |
| Interstage Application Server Enterprise Edition V6.0 for Linux | RHEL-AS3(x86)/ ES3(x86) | FJSVjs2 | * |
| Interstage Application Server Enterprise Edition V6.0 for Linux | RHEL-AS3(x86)/ ES3(x86) | FJSVjs4 | * |
| Interstage Application Server Enterprise Edition V6.0 for Linux | RHEL-AS3(x86)/ ES3(x86) | FJSVjs2su | * |
| Interstage Application Server Enterprise Edition V7.0 for Linux | RHEL-AS3(x86)/ ES3(x86) | FJSVjs2 | * |
| Interstage Application Server Enterprise Edition V7.0 for Linux | RHEL-AS3(x86)/ ES3(x86) | FJSVjs4 | T00836-06* |
| Interstage Application Server Enterprise Edition V7.0 for Linux | RHEL-AS3(x86)/ ES3(x86) | FJSVjs2su | * |
| Interstage Application Server Standard Edition V7.0 for Linux | RHEL-AS3(x86)/ ES3(x86) | FJSVjs2 | * |
| Interstage Application Server Standard Edition V7.0 for Linux | RHEL-AS3(x86)/ ES3(x86) | FJSVjs4 | T00836-06* |
| Interstage Application Server Standard Edition V7.0 for Linux | RHEL-AS3(x86)/ ES3(x86) | FJSVjs2su | * |
| Interstage Application Server Plus V7.0 for Linux | RHEL-AS3(x86)/ ES3(x86) | FJSVjs2 | * |
| Interstage Application Server Plus V7.0 for Linux | RHEL-AS3(x86)/ ES3(x86) | FJSVjs4 | T00836-06* |
| Interstage Application Server Plus V7.0 for Linux | RHEL-AS3(x86)/ ES3(x86) | FJSVjs2su | * |
| Interstage Application Server Enterprise Edition V8.0.0 for Linux | RHEL-AS4(x86)/ AS4(EM64T) | FJSVjs4 | * |
| Interstage Application Server Enterprise Edition V8.0.0 for Linux | RHEL-AS4(x86)/ AS4(EM64T) | FJSVjs2su | * |
| Interstage Application Server Standard-J Edition V8.0.0 for Linux | RHEL-AS4(x86)/ AS4(EM64T) | FJSVjs4 | * |
| Interstage Application Server Standard-J Edition V8.0.0 for Linux | RHEL-AS4(x86)/ AS4(EM64T) | FJSVjs2su | * |
| Interstage Application Server Enterprise Edition V8.0.2 for Linux | RHEL-AS4(x86)/ AS4(EM64T) | FJSVjs4 | * |
| Interstage Application Server Enterprise Edition V8.0.2 for Linux | RHEL-AS4(x86)/ AS4(EM64T) | FJSVjs2su | * |
| Interstage Application Server Standard-J Edition V8.0.2 for Linux | RHEL-AS4(x86)/ AS4(EM64T) | FJSVjs4 | * |
| Interstage Application Server Standard-J Edition V8.0.2 for Linux | RHEL-AS4(x86)/ AS4(EM64T) | FJSVjs2su | * |
| Interstage Application Server Enterprise Edition V7.0 for Linux | RHEL-AS4(IPF) | FJSVjs4 | * |
| Interstage Application Server Enterprise Edition V7.0 for Linux | RHEL-AS4(IPF) | FJSVjs2su | * |
| Interstage Application Server Enterprise Edition V8.0.0 for Linux | RHEL-AS4(IPF) | FJSVjs4 | * |
| Interstage Application Server Enterprise Edition V8.0.0 for Linux | RHEL-AS4(IPF) | FJSVjs2su | * |
| Interstage Application Server Enterprise Edition V8.0.1 for Linux | RHEL-AS4(IPF) | FJSVjs4 | * |
| Interstage Application Server Enterprise Edition V8.0.1 for Linux | RHEL-AS4(IPF) | FJSVjs2su | * |
| Interstage Application Server Enterprise Edition V8.0.2 for Linux | RHEL-AS4(IPF) | FJSVjs4 | * |
| Interstage Application Server Enterprise Edition V8.0.2 for Linux | RHEL-AS4(IPF) | FJSVjs2su | * |
| Products | Target OS | Package name | Patch ID. |
|---|---|---|---|
| Interstage Apworks Modelers-J Edition V6.0 for Windows | Windows Server 2003/ Windows 2000/ Windows NT Server 4.0/ Windows XP | F3FMjs4 | TP09743* |
| Interstage Apworks Modelers-J Edition V6.0 for Windows | Windows Server 2003/ Windows 2000/ Windows NT Server 4.0/ Windows XP | F3FMjs2su | * |
| Interstage Apworks Modelers-J Edition V6.0A for Windows | Windows Server 2003/ Windows 2000/ Windows NT Server 4.0/ Windows XP | F3FMjs4 | TP09743* |
| Interstage Apworks Modelers-J Edition V6.0A for Windows | Windows Server 2003/ Windows 2000/ Windows NT Server 4.0/ Windows XP | F3FMjs2su | * |
| Interstage Apworks Modelers-J Edition V7.0 for Windows | Windows Server 2003/ Windows 2000/ Windows XP | F3FMjs4 | TP09768* |
| Interstage Apworks Modelers-J Edition V7.0 for Windows | Windows Server 2003/ Windows 2000/ Windows XP | F3FMjs2su | * |
| Interstage Studio Enterprise Edition 8.0.1 for Windows | Windows Server 2003/ Windows 2000 | F3FMjs4 | * |
| Interstage Studio Enterprise Edition 8.0.1 for Windows | Windows Server 2003/ Windows 2000 | F3FMjs2su | * |
| Interstage Studio Standard-J Edition 8.0.1 for Windows | Windows Server 2003/ Windows 2000 | F3FMjs4 | * |
| Interstage Studio Standard-J Edition 8.0.1 for Windows | Windows Server 2003/ Windows 2000 | F3FMjs2su | * |
* For the Patches without ID nor link, please contact a Fujitsu system engineer or your partner(s).
4. Acknowledgment
- We thank Daiki Fukumori of Secure Sky Technology.Inc for notifying us of this vulnerability.
5. Revision history
- November 16th, 2010:
- Added target OS listed below in "3. Corresponding system and Patch information".
"Interstage Application Server Enterprise Edition 6.0" "Solaris 7"
- Added target OS listed below in "3. Corresponding system and Patch information".
- March 3rd, 2009:
- The patch ID that is not released for the following product has been deleted from "3. Corresponding system and Patch information".
"Interstage Application Server Enterprise Edition V6.0 for Linux "T00274-06" - Some "Patch ID."s have been added in "3. Corresponding system and Patch information".
- The patch ID that is not released for the following product has been deleted from "3. Corresponding system and Patch information".
- May 31st, 2007 : Added some "Patch ID." in "3. Corresponding system and Patch information".
- March 19th, 2007 : Initial release
