Skip to main contentSkip to menu

FUJITSU

  1. Home >
  2. Support & Downloads >
  3. Software >
  4. Security >
  5. Fujitsu Patch & TA Information >
  6. This page provides Security Information.
Main contents start here

Cross-site scripting (XSS) vulnerabilities in Interstage Application Server(CVE-2005-2090). March 3rd, 2009

Notes on using this web page

1. Background and Detected problem(s)

Cross-site scripting (XSS) vulnerabilities have been discovered in the Servlet Service based on Tomca4.1 or Tomcat5.5.

This information is derived from the vulnerability on the following web site:
CVE-2005-2090: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2090

2. Method to temporarily avoid the problem

Check if both i and ii listed below are satisfied. If they are not satisfied, your system is not affected by these vulnerabilities.

  1. The Web server and WorkUnit do not run on same machine.

    You can find this information in the following location in the Interstage Management Console.

      - System
        - Update System Settings
          - Detailed Settings
            - Servlet Service Settings
              - Web server and WorkUnit operating on same machine
  2. The IP address of the Web server to receive requests from the Servlet container is one of the following:
    1. Not set.
    2. Any IP Addresses other than the Web Servers to receive requests.

      You can find this information in the following location in the Interstage Management Console:

        - System
          - WorkUnit
            - IJServer name
              - Settings
                - Web Server Connector Settings
                  - IP address of the Web server to receive requests
    If both i and ii are satisfied, entry only the Web server's IP addresses in the following location in the Interstage Management Console:

      - System
        - WorkUnit
          - JServer name
            - Settings
              - eb Server Connector Settings
                - IP address of the Web server to receive requests

3. Corresponding system and Patch information

Corresponding system :GP7000F, PRIMEPOWER, PRIMERGY, GP5000, CELSIUS, FMV series, AT compatible machine, PRIMEQUEST

Interstage Application Server
Products Target OS Package name Patch ID.
Interstage Application Server Enterprise Edition 6.0 Solaris 8, 9 FJSVjs4 *
Interstage Application Server Enterprise Edition 7.0 Solaris 8, 9 FJSVjs4 download dataT020LS-07(T020LS-07.tar.Z: 4.5MB)
Interstage Application Server Standard Edition 7.0 Solaris 8, 9 FJSVjs4 download dataT020LS-07(T020LS-07.tar.Z: 4.5MB)
Interstage Application Server Plus 7.0 Solaris 8, 9 FJSVjs4 download dataT020LS-07(T020LS-07.tar.Z: 4.5MB)
Interstage Application Server Enterprise Edition 7.0.1 Solaris 8, 9, 10 FJSVjs4 download dataT020LS-07(T020LS-07.tar.Z: 4.5MB)
Interstage Application Server Plus 7.0.1 Solaris 8, 9, 10 FJSVjs4 download dataT020LS-07(T020LS-07.tar.Z: 4.5MB)
Interstage Application Server Enterprise Edition V8.0.0 Solaris 9, 10 FJSVjs4 *
Interstage Application Server Standard-J Edition V8.0.0 Solaris 9, 10 FJSVjs4 *
Interstage Application Server Enterprise Edition V8.0.2 Solaris 9, 10 FJSVjs4 *
Interstage Application Server Standard-J Edition V8.0.2 Solaris 9, 10 FJSVjs4 *
Interstage Application Server Enterprise Edition V8.0.3 Solaris 9, 10 FJSVjs4 *
Interstage Application Server Standard-J Edition V8.0.3 Solaris 9, 10 FJSVjs4 *
Interstage Application Server Enterprise Edition V6.0 for Windows Windows Server 2003/ Windows 2000/ Windows NT Server 4.0 F3FMjs4 TP09743*
Interstage Application Server Plus V6.0 for Windows Windows Server 2003/ Windows 2000/ Windows NT Server 4.0 F3FMjs4 TP09743*
Interstage Application Server Plus Developer V6.0 for Windows Windows Server 2003/ Windows 2000/ Windows NT Server 4.0/ Windows XP F3FMjs4 TP09743*
Interstage Application Server Enterprise Edition V7.0 for Windows Windows Server 2003/ Windows 2000 F3FMjs4 TP09768*
Interstage Application Server Standard Edition V7.0 for Windows Windows Server 2003/ Windows 2000 F3FMjs4 TP09768*
Interstage Application Server Plus V7.0 for Windows Windows Server 2003/ Windows 2000 F3FMjs4 TP09768*
Interstage Application Server Plus Developer V7.0 for Windows Windows Server 2003/ Windows 2000/ Windows XP F3FMjs4 TP09768*
Interstage Application Server Enterprise Edition V7.0.1 for Windows Windows Server 2003/ Windows 2000 F3FMjs4 TP09768*
Interstage Application Server Plus V7.0.1 for Windows Windows Server 2003/ Windows 2000 F3FMjs4 TP09768*
Interstage Application Server Enterprise Edition V8.0.0 for Windows Windows Server 2003/ Windows 2000 F3FMjs4 *
Interstage Application Server Standard-J Edition V8.0.0 for Windows Windows Server 2003/ Windows 2000 F3FMjs4 *
Interstage Application Server Enterprise Edition V8.0.1 for Windows Windows Server 2003/ Windows 2000 F3FMjs4 *
Interstage Application Server Standard-J Edition V8.0.1 for Windows Windows Server 2003/ Windows 2000 F3FMjs4 *
Interstage Application Server Enterprise Edition V8.0.2 for Windows Windows Server 2003/ Windows 2000 F3FMjs4 *
Interstage Application Server Standard-J Edition V8.0.2 for Windows Windows Server 2003/ Windows 2000 F3FMjs4 *
Interstage Application Server Enterprise Edition V8.0.3 for Windows Windows Server 2003/ Windows 2000 F3FMjs4 *
Interstage Application Server Standard-J Edition V8.0.3 for Windows Windows Server 2003/ Windows 2000 F3FMjs4 *
Interstage Application Server Enterprise Edition V9.0.0 for Windows Windows Server 2003/ Windows 2000 F3FMjs4 *
Interstage Application Server Standard-J Edition V9.0.0 for Windows Windows Server 2003/ Windows 2000 F3FMjs4 *
Interstage Application Server Enterprise Edition V8.0.0 for Windows Windows Server 2003(IPF) F3FMjs4 *
Interstage Application Server Enterprise Edition V8.0.3 for Windows Windows Server 2003(IPF) F3FMjs4 *
Interstage Application Server Enterprise Edition V6.0 for Linux RHEL-AS3(x86)/ ES3(x86) FJSVjs4 *
Interstage Application Server Enterprise Edition V7.0 for Linux RHEL-AS3(x86)/ ES3(x86) FJSVjs4 T00836-06*
Interstage Application Server Standard Edition V7.0 for Linux RHEL-AS3(x86)/ ES3(x86) FJSVjs4 T00836-06*
Interstage Application Server Plus V7.0 for Linux RHEL-AS3(x86)/ ES3(x86) FJSVjs4 T00836-06*
Interstage Application Server Enterprise Edition V8.0.0 for Linux RHEL-AS4(x86)/ AS4(EM64T) FJSVjs4 *
Interstage Application Server Standard-J Edition V8.0.0 for Linux RHEL-AS4(x86)/ AS4(EM64T) FJSVjs4 *
Interstage Application Server Enterprise Edition V8.0.2 for Linux RHEL-AS4(x86)/ AS4(EM64T) FJSVjs4 *
Interstage Application Server Standard-J Edition V8.0.2 for Linux RHEL-AS4(x86)/ AS4(EM64T) FJSVjs4 *
Interstage Application Server Enterprise Edition V8.0.3 for Linux RHEL-AS4(x86)/ AS4(EM64T) FJSVjs4 *
Interstage Application Server Standard-J Edition V8.0.3 for Linux RHEL-AS4(x86)/ AS4(EM64T) FJSVjs4 *
Interstage Application Server Enterprise Edition V7.0 for Linux RHEL-AS4(IPF) FJSVjs4 *
Interstage Application Server Enterprise Edition V8.0.0 for Linux RHEL-AS4(IPF) FJSVjs4 *
Interstage Application Server Enterprise Edition V8.0.1 for Linux RHEL-AS4(IPF) FJSVjs4 *
Interstage Application Server Enterprise Edition V8.0.2 for Linux RHEL-AS4(IPF) FJSVjs4 *
Interstage Application Server Enterprise Edition V8.0.3 for Linux RHEL-AS4(IPF) FJSVjs4 *
Interstage Apworks/Studio
Products Target OS Package name Patch ID.
Interstage Apworks Modelers-J Edition V6.0 for Windows Windows Server 2003/ Windows 2000/ Windows NT Server 4.0/ Windows XP F3FMjs4 TP09743*
Interstage Apworks Modelers-J Edition V6.0A for Windows Windows Server 2003/ Windows 2000/ Windows NT Server 4.0/ Windows XP F3FMjs4 TP09743*
Interstage Apworks Modelers-J Edition V7.0 for Windows Windows Server 2003/ Windows 2000/ Windows XP F3FMjs4 TP09768*
Interstage Studio Enterprise Edition 8.0.1 for Windows Windows Server 2003/ Windows 2000/ Windows XP F3FMjs4 *
Interstage Studio Standard-J Edition 8.0.1 for Windows Windows Server 2003/ Windows 2000/ Windows XP F3FMjs4 *
Interstage Studio Enterprise Edition 9.0.0 for Windows Windows Server 2003/ Windows 2000/ Windows XP/ Windows Vista F3FMjs5 *
Interstage Studio Standard-J Edition 9.0.0 for Windows Windows Server 2003/ Windows 2000/ Windows XP/ Windows Vista F3FMjs5 *
Interstage Business Application Server
Products Target OS Package name Patch ID.
Interstage Business Application Server Enterprise Edition 8.0.0 for Linux RHEL-AS4(IPF) FJSVjs4 *
Interstage Job Workload Server
Products Target OS Package name Patch ID.
Interstage Job Workload Server 8.1.0 for Linux RHEL-AS4(IPF) FJSVjs4 *


* For the Patches without ID nor link, please contact a Fujitsu system engineer or your partner(s).

4. Revision history

  • March 3rd 2009: 2nd release
    • Description about Servlet Service based on Tomcat5.5 has been added to the "1. Background and Detected problem(s)" .
    • Package names for the products listed below have been corrected from F3FMjs4 to F3FMjs5 in "3. Corresponding system and Patch information".
      "Interstage Studio Enterprise Edition 9.0.0 for Windows"
      "Interstage Studio Standard-J Edition 9.0.0 for Windows"
    • Some "Patch ID."s have been added in "3. Corresponding system and Patch information".
  • September 6th, 2007 : Initial release


Top of Page

Related menu starts here

Main menu starts here
End of the page