Cross Site Scripting (XSS) problem in Interstage HTTP Server(CVE-2007-5000). December 17th, 2008
1. Description
A cross-site scripting vulnerability has been confirmed in the Interstage HTTP Server image map function. This problem falls under CVE-2007-5000.
Fujitsu provides security patches shown in 3. Please apply them as soon as possible.
2. Impact
If this cross-site scripting is used, any script may be executed on the user's Web browser.
3. Affected systems and corresponding action
3-1. Affected systems:
GP7000F, PRIMEPOWER, PRIMERGY, GP5000, CELSIUS, AT-compatible machine, PRIMEQUEST, SPARC Enterprise
3-2. Affected products and required patch
Note: The values set in "Workaround" below depend on the product. The symbol in square brackets in 'Products' corresponds to the contents set for iii of "Workaround".
Products | Target OS | Package name | Patch ID. |
---|---|---|---|
Interstage Application Server Enterprise Edition V5.0 for Windows [a] | Windows | F3FMihs | TP09823* |
Interstage Application Server Standard Edition V5.0 for Windows [a] | Windows | F3FMihs | TP09823* |
Interstage Application Server Web-J Edition V5.0 for Windows [a] | Windows | F3FMihs | TP09823* |
Interstage Application Server Plus V5.0.1 for Windows [a] | Windows | F3FMihs | * |
Interstage Application Server Plus Developer V5.0.1 for Windows [a] | Windows | F3FMihs | * |
Interstage Application Server Enterprise Edition V6.0 for Windows [a] | Windows | F3FMihs | * |
Interstage Application Server Plus V6.0 for Windows [a] | Windows | F3FMihs | * |
Interstage Application Server Plus Developer V6.0 for Windows [a] | Windows | F3FMihs | * |
Interstage Application Server Enterprise Edition V7.0 for Windows [a] | Windows | F3FMihs | TP39823* |
Interstage Application Server Plus V7.0 for Windows [a] | Windows | F3FMihs | TP39823* |
Interstage Application Server Plus Developer V7.0 for Windows [a] | Windows | F3FMihs | TP39823* |
Interstage Application Server Enterprise Edition V7.0.1 for Windows [a] | Windows | F3FMihs | TP39823* |
Interstage Application Server Plus V7.0.1 for Windows [a] | Windows | F3FMihs | TP39823* |
Interstage Application Server Enterprise Edition 8.0.0 for Windows [a] | Windows | F3FMihs | * |
Interstage Application Server Standard-J Edition 8.0.0 for Windows [a] | Windows | F3FMihs | * |
Interstage Application Server Enterprise Edition 8.0.1 for Windows [a] | Windows | F3FMihs | * |
Interstage Application Server Standard-J Edition 8.0.1 for Windows [a] | Windows | F3FMihs | * |
Interstage Application Server Enterprise Edition 8.0.2 for Windows [a] | Windows | F3FMihs | * |
Interstage Application Server Standard-J Edition 8.0.2 for Windows [a] | Windows | F3FMihs | * |
Interstage Application Server Enterprise Edition V9.0.0 for Windows [b] | Windows | F3FMihs | * |
Interstage Application Server Standard-J Edition V9.0.0 for Windows [b] | Windows | F3FMihs | * |
Interstage Application Server Enterprise Edition V9.0.0A for Windows [b] | Windows | F3FMihs | * |
Interstage Application Server Standard-J Edition V9.0.0A for Windows [b] | Windows | F3FMihs | * |
Interstage Application Server Enterprise Edition 5.0 [c] | Solaris | FJSVihs | 912327-11* |
Interstage Application Server Standard Edition 5.0 [c] | Solaris | FJSVihs | 912327-11* |
Interstage Application Server Web-J Edition 5.0 [c] | Solaris | FJSVihs | 912327-11* |
Interstage Application Server Enterprise Edition 5.0.1 [c] | Solaris | FJSVihs | * |
Interstage Application Server Enterprise Edition 6.0 [c] | Solaris | FJSVihs | T0103S-07* |
Interstage Application Server Enterprise Edition 7.0 [c] | Solaris | FJSVihs | T013RS-06* |
Interstage Application Server Plus 7.0 [c] | Solaris | FJSVihs | T013RS-06* |
Interstage Application Server Enterprise Edition 7.0.1 [c] | Solaris | FJSVihs | T023AS-05* |
Interstage Application Server Plus 7.0.1 [c] | Solaris | FJSVihs | T023AS-05* |
Interstage Application Server Enterprise Edition 8.0.0 [c] | Solaris | FJSVihs | * |
Interstage Application Server Standard-J Edition 8.0.0 [c] | Solaris | FJSVihs | * |
Interstage Application Server Enterprise Edition 8.0.2 [c] | Solaris | FJSVihs | * |
Interstage Application Server Standard-J Edition 8.0.2 [c] | Solaris | FJSVihs | * |
Interstage Application Server Enterprise Edition V9.0.0 [d] | Solaris | FJSVihs | * |
Interstage Application Server Standard-J Edition V9.0.0 [d] | Solaris | FJSVihs | * |
Interstage Application Server Enterprise Edition V5.0 [c] | Turbolinux 7 Server | FJSVihs | T00019-10* |
Interstage Application Server Standard Edition V5.0 [c] | Turbolinux 7 Server | FJSVihs | T00019-10* |
Interstage Application Server Web-J Edition V5.0 [c] | Turbolinux 7 Server | FJSVihs | T00019-10* |
Interstage Application Server Enterprise Edition V6.0 [c] | RHEL-AS3(x86)/ ES3(x86) | FJSVihs | * |
Interstage Application Server Enterprise Edition V7.0 [c] | RHEL-AS3(x86)/ ES3(x86) | FJSVihs | T00603-05* |
Interstage Application Server Plus V7.0 [c] | RHEL-AS3(x86)/ ES3(x86) | FJSVihs | T00603-05* |
Interstage Application Server Enterprise Edition V7.0.1 [c] | RHEL-AS3(x86)/ ES3(x86)/ AS4(x86) | FJSVihs | T00603-05* |
Interstage Application Server Plus V7.0.1 [c] | RHEL-AS3(x86)/ ES3(x86)/ AS4(x86) | FJSVihs | T00603-05* |
Interstage Application Server Enterprise Edition 8.0.0 [c] | RHEL-AS4(x86)/ AS4(EM64T) | FJSVihs | * |
Interstage Application Server Standard-J Edition 8.0.0 [c] | RHEL-AS4(x86)/ AS4(EM64T) | FJSVihs | * |
Interstage Application Server Enterprise Edition 8.0.2 [c] | RHEL-AS4(x86)/ AS4(EM64T) | FJSVihs | * |
Interstage Application Server Standard-J Edition 8.0.2 [c] | RHEL-AS4(x86)/ AS4(EM64T) | FJSVihs | * |
Interstage Application Server Enterprise Edition V9.0.0 [d] | RHEL-AS4(x86)/ AS4(EM64T) | FJSVihs | * |
Interstage Application Server Enterprise Edition V9.0.0 [d] | RHEL5(x86)/ RHEL5(Intel64) | FJSVihs | * |
Interstage Application Server Standard-J Edition V9.0.0 [d] | RHEL-AS4(x86)/ AS4(EM64T) | FJSVihs | * |
Interstage Application Server Standard-J Edition V9.0.0 [d] | RHEL5(x86)/ RHEL5(Intel64) | FJSVihs | * |
Interstage Application Server Enterprise Edition V7.0 [c] | RHEL-AS4(IPF) | FJSVihs | * |
Interstage Application Server Enterprise Edition 8.0.0 [c] | RHEL-AS4(IPF) | FJSVihs | * |
Interstage Application Server Enterprise Edition 8.0.1 [c] | RHEL-AS4(IPF) | FJSVihs | * |
Interstage Application Server Enterprise Edition 8.0.2 [c] | RHEL-AS4(IPF) | FJSVihs | * |
Interstage Application Server Enterprise Edition V9.0.0 [d] | RHEL-AS4(IPF) | FJSVihs | * |
Interstage Application Server Enterprise Edition V9.0.0 [d] | RHEL5(IPF) | FJSVihs | * |
Interstage Application Server Standard-J Edition V9.0.0 [d] | RHEL-AS4(IPF) | FJSVihs | * |
Interstage Application Server Standard-J Edition V9.0.0 [d] | RHEL5(IPF) | FJSVihs | * |
Interstage Application Server Enterprise Edition 8.0.0 for Windows [a] | Windows(IPF) | F3FMihs | * |
Interstage Application Server Enterprise Edition V9.0.0 for Windows [b] | Windows(IPF) | F3FMihs | * |
Products | Target OS | Package name | Patch ID. |
---|---|---|---|
Interstage Studio Enterprise Edition 8.0.1 for Windows [a] | Windows | F3FMihs | * |
Interstage Studio Standard-J Edition 8.0.1 for Windows [a] | Windows | F3FMihs | * |
Interstage Studio Enterprise Edition V9.0.0 for Windows [b] | Windows | F3FMihs | * |
Interstage Studio Standard-J Edition V9.0.0 for Windows [b] | Windows | F3FMihs | * |
Products | Target OS | Package name | Patch ID. |
---|---|---|---|
Interstage Business Application Server Enterprise Edition 8.0.0 [c] | RHEL-AS4(IPF) | FJSVihs | * |
Products | Target OS | Package name | Patch ID. |
---|---|---|---|
Interstage Job Workload Server 8.1.0 [c] | RHEL-AS4(IPF) | FJSVihs | * |
* For the Patches without ID nor link, please contact a Fujitsu system engineer or your partner(s).
Note: Determining the affected product
To check the software version, refer to the "FUJITSU SOFTWARE RELEASE GUIDE" supplied with the product.
3-3. Workaround
To avoid the problem, edit the environment definition file (httpd.conf) in one of the following ways. After the file is edited, Interstage HTTP Server must be restarted.
- If "imap-file file extension" is set in the AddHandler directive, either delete the AddHandler directive, or add a hash sign (#) at the line head to make it a comment, which will disable the image map function.
#AddHandler imap-file .map - If i does not work, specify "none" in the ImapMenu directive, which will disable the menu display from the image map function.
ImapMenu none - If i and ii do not work, set the following expressions for the character encoding of the menu display page. This will reject the specification of inappropriate characters for the map file.
- Product [a]
LoadModule rewrite_module modules/mod_rewrite.so
AddModule mod_rewrite.c
AddModule mod_imap.c
AddHandler imap-file .map
< FilesMatch .*\.map$ >
AddDefaultCharset Shift_JIS
RewriteEngine On
RewriteCond %{REQUEST_URI} .*\.map/.*
RewriteRule .* - [F]
< /FilesMatch > - Product [b]
LoadModule imap_module "C:/Interstage/F3FMihs/modules/mod_imap.so"
LoadModule rewrite_module "C:/Interstage/F3FMihs/modules/mod_rewrite.so"
AddHandler imap-file .map
< FilesMatch .*\.map$ >
AddDefaultCharset Shift_JIS
RewriteEngine On
RewriteCond %{REQUEST_URI} .*\.map/.*
RewriteRule .* - [F]
< /FilesMatch > - Product [c]
LoadModule rewrite_module libexec/mod_rewrite.so
LoadModule imap_module libexec/mod_imap.so
AddModule mod_rewrite.c
AddModule mod_imap.c
AddHandler imap-file .map
< FilesMatch .*\.map$ >
AddDefaultCharset Shift_JIS
RewriteEngine On
RewriteCond %{REQUEST_URI} .*\.map/.*
RewriteRule .* - [F]
< /FilesMatch > - Product [d]
LoadModule imap_module "/opt/FJSVihs/modules/mod_imap.so"
LoadModule rewrite_module "/opt/FJSVihs/modules/mod_rewrite.so"
AddHandler imap-file .map
< FilesMatch .*\.map$ >
AddDefaultCharset Shift_JIS
RewriteEngine On
RewriteCond %{REQUEST_URI} .*\.map/.*
RewriteRule .* - [F]
< /FilesMatch >
- Product [a]
Note:
- Modify the mod_imap.so and mod_rewrite.so paths according to the installation path.
- Specify the < FilesMatch > directive and RewriteCond directive regular expressions according to the file extension set that is actually used in the map file.
- In the AddDefaultCharset directive, specify the char set that is actually used in the map file.
4. Related information
CVE-2007-5000
Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000
5. Revision history
- December 17th, 2008 : 2nd edition
- described "Patch ID." of "3-2. Affected products and required patch"
- added the description for the "Note" of "3-2. Affected products and required patch"
- deleted "FMV series" of "3-1. Affected systems" - January 17th, 2008 : Initial release