Skip to main content

Fujitsu

Global

  1. Home >
  2. Support & Downloads >
  3. Software >
  4. Security >
  5. Fujitsu Patch & TA Information >
  6. This page provides Security Information.

Web Root Path Disclosure Vulnerability in Interstage Application Server. October 9th, 2007


Notes on using this web page

1. Background and Detected problem(s)

Web root path disclosure vulnerability has been discovered in the Tomcat 4.1-based Servlet Service.

There is a possibility being returned the error page which contains the root path of the Web application (physical path about the document root) to the remote attackers.

2. Method to avoid the problem

Add following JavaVM option(Note1) by setting the IJServer work unit.

  -Dsun.io.useCanonCaches=false

  Note1)Set in the following input forms.

  • Interstage Management Console  ->
  • Interstage Application Server  ->
  • System  ->
  • WorkUnit  ->
  • [WorkUnit(IJServer) Name]  ->
  • Settings  ->
  • WorkUnit Settings  ->
  • Java VM Options

Fujitsu has confirmed this vulnerability as a problem of the Tomcat 4.1-based Servlet Service. However, because it was a problem concerning the JavaVM option, this problem is scheduled to be corrected in a future version of the Interstage Application Server.

3. Corresponding system and Patch information

Corresponding system :PRIMERGY, GP5000, CELSIUS, FMV series, AT compatible machine, PRIMEQUEST

Interstage Application Server
Products Target OS Package name
Interstage Application Server Enterprise Edition V7.0 for Windows Windows Server 2003/ Windows 2000 FJSVj2ee
Interstage Application Server Enterprise Edition V7.0.1 for Windows Windows Server 2003/ Windows 2000 FJSVj2ee
Interstage Application Server Enterprise Edition 8.0.0 for Windows Windows Server 2003/ Windows 2000 FJSVj2ee
Interstage Application Server Enterprise Edition 8.0.1 for Windows Windows Server 2003/ Windows 2000 FJSVj2ee
Interstage Application Server Enterprise Edition 8.0.2 for Windows Windows Server 2003/ Windows 2000 FJSVj2ee
Interstage Application Server Enterprise Edition 8.0.3 for Windows Windows Server 2003/ Windows 2000 FJSVj2ee
Interstage Application Server Enterprise Edition V9.0.0 for Windows Windows Server 2003/ Windows 2000 FJSVj2ee
Interstage Application Server Enterprise Edition V9.0.0A for Windows Windows Server 2003/ Windows 2000 FJSVj2ee
Interstage Application Server Standard Edition V7.0 for Windows Windows Server 2003/ Windows 2000 FJSVj2ee
Interstage Application Server Standard-J Edition 8.0.0 for Windows Windows Server 2003/ Windows 2000 FJSVj2ee
Interstage Application Server Standard-J Edition 8.0.1 for Windows Windows Server 2003/ Windows 2000 FJSVj2ee
Interstage Application Server Standard-J Edition 8.0.2 for Windows Windows Server 2003/ Windows 2000 FJSVj2ee
Interstage Application Server Standard-J Edition 8.0.3 for Windows Windows Server 2003/ Windows 2000 FJSVj2ee
Interstage Application Server Standard-J Edition V9.0.0 for Windows Windows Server 2003/ Windows 2000 FJSVj2ee
Interstage Application Server Standard-J Edition V9.0.0A for Windows Windows Server 2003/ Windows 2000 FJSVj2ee
Interstage Application Server Plus V7.0 for Windows Windows Server 2003/ Windows 2000 FJSVj2ee
Interstage Application Server Plus V7.0.1 for Windows Windows Server 2003/ Windows 2000 FJSVj2ee
Interstage Application Server Plus Developer V7.0 for Windows Windows Server 2003/ Windows 2000/ Windows XP FJSVj2ee
Interstage Application Server Enterprise Edition 8.0.0 for Windows Windows Server 2003(IPF) FJSVj2ee
Interstage Application Server Enterprise Edition 8.0.3 for Windows Windows Server 2003(IPF) FJSVj2ee
Interstage Apworks/Studio
Products Target OS Package name
Interstage Apworks Enterprise Edition 8.0.0 for Windows Windows Server 2003/ Windows 2000/ Windows XP FJSVj2ee
Interstage Apworks Standard-J Edition 8.0.0 for Windows Windows Server 2003/ Windows 2000/ Windows XP FJSVj2ee
Interstage Apworks Modelers-J Edition V7.0 for Windows Windows Server 2003/ Windows 2000/ Windows XP FJSVj2ee
Interstage Studio Enterprise Edition 8.0.1 for Windows Windows Server 2003/ Windows 2000/ Windows XP FJSVj2ee
Interstage Studio Enterprise Edition V9.0.0 for Windows Windows Server 2003/ Windows 2000/ Windows XP/ Windows Vista FJSVj2ee
Interstage Studio Standard-J Edition 8.0.1 for Windows Windows Server 2003/ Windows 2000/ Windows XP FJSVj2ee
Interstage Studio Standard-J Edition V9.0.0 for Windows Windows Server 2003/ Windows 2000/ Windows XP/ Windows Vista FJSVj2ee

Note2)For the Patches, please see "2. Method to avoid the problem".

4. Revision history

  • October 9th, 2007 : Initial release