Cross Site Scripting (XSS) problem in Interstage HTTP Server(CVE-2007-5000). December 17th, 2008


Notes on using this web page

1. Description

A cross-site scripting vulnerability has been confirmed in the Interstage HTTP Server image map function. This problem falls under CVE-2007-5000.

Fujitsu provides security patches shown in 3. Please apply them as soon as possible.

2. Impact

If this cross-site scripting is used, any script may be executed on the user's Web browser.

3. Affected systems and corresponding action

3-1. Affected systems:

GP7000F, PRIMEPOWER, PRIMERGY, GP5000, CELSIUS, AT-compatible machine, PRIMEQUEST, SPARC Enterprise

3-2. Affected products and required patch

Note: The values set in "Workaround" below depend on the product. The symbol in square brackets in 'Products' corresponds to the contents set for iii of "Workaround".

Interstage Application Server
ProductsTarget OSPackage namePatch ID.
Interstage Application Server Enterprise Edition V5.0 for Windows [a]WindowsF3FMihsTP09823*
Interstage Application Server Standard Edition V5.0 for Windows [a]WindowsF3FMihsTP09823*
Interstage Application Server Web-J Edition V5.0 for Windows [a]WindowsF3FMihsTP09823*
Interstage Application Server Plus V5.0.1 for Windows [a]WindowsF3FMihs*
Interstage Application Server Plus Developer V5.0.1 for Windows [a]WindowsF3FMihs*
Interstage Application Server Enterprise Edition V6.0 for Windows [a]WindowsF3FMihs*
Interstage Application Server Plus V6.0 for Windows [a]WindowsF3FMihs*
Interstage Application Server Plus Developer V6.0 for Windows [a]WindowsF3FMihs*
Interstage Application Server Enterprise Edition V7.0 for Windows [a]WindowsF3FMihsTP39823*
Interstage Application Server Plus V7.0 for Windows [a]WindowsF3FMihsTP39823*
Interstage Application Server Plus Developer V7.0 for Windows [a]WindowsF3FMihsTP39823*
Interstage Application Server Enterprise Edition V7.0.1 for Windows [a]WindowsF3FMihsTP39823*
Interstage Application Server Plus V7.0.1 for Windows [a]WindowsF3FMihsTP39823*
Interstage Application Server Enterprise Edition 8.0.0 for Windows [a]WindowsF3FMihs*
Interstage Application Server Standard-J Edition 8.0.0 for Windows [a]WindowsF3FMihs*
Interstage Application Server Enterprise Edition 8.0.1 for Windows [a]WindowsF3FMihs*
Interstage Application Server Standard-J Edition 8.0.1 for Windows [a]WindowsF3FMihs*
Interstage Application Server Enterprise Edition 8.0.2 for Windows [a]WindowsF3FMihs*
Interstage Application Server Standard-J Edition 8.0.2 for Windows [a]WindowsF3FMihs*
Interstage Application Server Enterprise Edition V9.0.0 for Windows [b]WindowsF3FMihs*
Interstage Application Server Standard-J Edition V9.0.0 for Windows [b]WindowsF3FMihs*
Interstage Application Server Enterprise Edition V9.0.0A for Windows [b]WindowsF3FMihs*
Interstage Application Server Standard-J Edition V9.0.0A for Windows [b]WindowsF3FMihs*
Interstage Application Server Enterprise Edition 5.0 [c]SolarisFJSVihs912327-11*
Interstage Application Server Standard Edition 5.0 [c]SolarisFJSVihs912327-11*
Interstage Application Server Web-J Edition 5.0 [c]SolarisFJSVihs912327-11*
Interstage Application Server Enterprise Edition 5.0.1 [c]SolarisFJSVihs*
Interstage Application Server Enterprise Edition 6.0 [c]SolarisFJSVihsT0103S-07*
Interstage Application Server Enterprise Edition 7.0 [c]SolarisFJSVihsT013RS-06*
Interstage Application Server Plus 7.0 [c]SolarisFJSVihsT013RS-06*
Interstage Application Server Enterprise Edition 7.0.1 [c]SolarisFJSVihsT023AS-05*
Interstage Application Server Plus 7.0.1 [c]SolarisFJSVihsT023AS-05*
Interstage Application Server Enterprise Edition 8.0.0 [c]SolarisFJSVihs*
Interstage Application Server Standard-J Edition 8.0.0 [c]SolarisFJSVihs*
Interstage Application Server Enterprise Edition 8.0.2 [c]SolarisFJSVihs*
Interstage Application Server Standard-J Edition 8.0.2 [c]SolarisFJSVihs*
Interstage Application Server Enterprise Edition V9.0.0 [d]SolarisFJSVihs*
Interstage Application Server Standard-J Edition V9.0.0 [d]SolarisFJSVihs*
Interstage Application Server Enterprise Edition V5.0 [c]Turbolinux 7 ServerFJSVihsT00019-10*
Interstage Application Server Standard Edition V5.0 [c]Turbolinux 7 ServerFJSVihsT00019-10*
Interstage Application Server Web-J Edition V5.0 [c]Turbolinux 7 ServerFJSVihsT00019-10*
Interstage Application Server Enterprise Edition V6.0 [c]RHEL-AS3(x86)/ ES3(x86)FJSVihs*
Interstage Application Server Enterprise Edition V7.0 [c]RHEL-AS3(x86)/ ES3(x86)FJSVihsT00603-05*
Interstage Application Server Plus V7.0 [c]RHEL-AS3(x86)/ ES3(x86)FJSVihsT00603-05*
Interstage Application Server Enterprise Edition V7.0.1 [c]RHEL-AS3(x86)/ ES3(x86)/ AS4(x86)FJSVihsT00603-05*
Interstage Application Server Plus V7.0.1 [c]RHEL-AS3(x86)/ ES3(x86)/ AS4(x86)FJSVihsT00603-05*
Interstage Application Server Enterprise Edition 8.0.0 [c]RHEL-AS4(x86)/ AS4(EM64T)FJSVihs*
Interstage Application Server Standard-J Edition 8.0.0 [c]RHEL-AS4(x86)/ AS4(EM64T)FJSVihs*
Interstage Application Server Enterprise Edition 8.0.2 [c]RHEL-AS4(x86)/ AS4(EM64T)FJSVihs*
Interstage Application Server Standard-J Edition 8.0.2 [c]RHEL-AS4(x86)/ AS4(EM64T)FJSVihs*
Interstage Application Server Enterprise Edition V9.0.0 [d]RHEL-AS4(x86)/ AS4(EM64T)FJSVihs*
Interstage Application Server Enterprise Edition V9.0.0 [d]RHEL5(x86)/ RHEL5(Intel64)FJSVihs*
Interstage Application Server Standard-J Edition V9.0.0 [d]RHEL-AS4(x86)/ AS4(EM64T)FJSVihs*
Interstage Application Server Standard-J Edition V9.0.0 [d]RHEL5(x86)/ RHEL5(Intel64)FJSVihs*
Interstage Application Server Enterprise Edition V7.0 [c]RHEL-AS4(IPF)FJSVihs*
Interstage Application Server Enterprise Edition 8.0.0 [c]RHEL-AS4(IPF)FJSVihs*
Interstage Application Server Enterprise Edition 8.0.1 [c]RHEL-AS4(IPF)FJSVihs*
Interstage Application Server Enterprise Edition 8.0.2 [c]RHEL-AS4(IPF)FJSVihs*
Interstage Application Server Enterprise Edition V9.0.0 [d]RHEL-AS4(IPF)FJSVihs*
Interstage Application Server Enterprise Edition V9.0.0 [d]RHEL5(IPF)FJSVihs*
Interstage Application Server Standard-J Edition V9.0.0 [d]RHEL-AS4(IPF)FJSVihs*
Interstage Application Server Standard-J Edition V9.0.0 [d]RHEL5(IPF)FJSVihs*
Interstage Application Server Enterprise Edition 8.0.0 for Windows [a]Windows(IPF)F3FMihs*
Interstage Application Server Enterprise Edition V9.0.0 for Windows [b]Windows(IPF)F3FMihs*
Interstage Apworks
ProductsTarget OSPackage namePatch ID.
Interstage Apworks Modelers-J Edition V6.0 for Windows [a]WindowsF3FMihs*
Interstage Apworks Modelers-J Edition V6.0A for Windows [a]WindowsF3FMihs*
Interstage Apworks Modelers-J Edition V7.0 for Windows [a]WindowsF3FMihsTP39823*
Interstage Studio
ProductsTarget OSPackage namePatch ID.
Interstage Studio Enterprise Edition 8.0.1 for Windows [a]WindowsF3FMihs*
Interstage Studio Standard-J Edition 8.0.1 for Windows [a]WindowsF3FMihs*
Interstage Studio Enterprise Edition V9.0.0 for Windows [b]WindowsF3FMihs*
Interstage Studio Standard-J Edition V9.0.0 for Windows [b]WindowsF3FMihs*
Interstage Business Application Server
ProductsTarget OSPackage namePatch ID.
Interstage Business Application Server Enterprise Edition 8.0.0 [c]RHEL-AS4(IPF)FJSVihs*
Interstage Job Workload Server
ProductsTarget OSPackage namePatch ID.
Interstage Job Workload Server 8.1.0 [c]RHEL-AS4(IPF)FJSVihs*


* For the Patches without ID nor link, please contact a Fujitsu system engineer or your partner(s).

Note: Determining the affected product
To check the software version, refer to the "FUJITSU SOFTWARE RELEASE GUIDE" supplied with the product.

3-3. Workaround

To avoid the problem, edit the environment definition file (httpd.conf) in one of the following ways. After the file is edited, Interstage HTTP Server must be restarted.

  1. If "imap-file file extension" is set in the AddHandler directive, either delete the AddHandler directive, or add a hash sign (#) at the line head to make it a comment, which will disable the image map function.

    #AddHandler imap-file .map
  2. If i does not work, specify "none" in the ImapMenu directive, which will disable the menu display from the image map function.

    ImapMenu none
  3. If i and ii do not work, set the following expressions for the character encoding of the menu display page. This will reject the specification of inappropriate characters for the map file.
    • Product [a]
      LoadModule rewrite_module modules/mod_rewrite.so

      AddModule mod_rewrite.c
      AddModule mod_imap.c

      AddHandler imap-file .map
      < FilesMatch .*\.map$ >
        AddDefaultCharset Shift_JIS
        RewriteEngine On
        RewriteCond %{REQUEST_URI} .*\.map/.*
        RewriteRule .* - [F]
      < /FilesMatch >
    • Product [b]
      LoadModule imap_module "C:/Interstage/F3FMihs/modules/mod_imap.so"
      LoadModule rewrite_module "C:/Interstage/F3FMihs/modules/mod_rewrite.so"

      AddHandler imap-file .map
      < FilesMatch .*\.map$ >
        AddDefaultCharset Shift_JIS
        RewriteEngine On
        RewriteCond %{REQUEST_URI} .*\.map/.*
        RewriteRule .* - [F]
      < /FilesMatch >
    • Product [c]
      LoadModule rewrite_module    libexec/mod_rewrite.so
      LoadModule imap_module       libexec/mod_imap.so

      AddModule mod_rewrite.c
      AddModule mod_imap.c

      AddHandler imap-file .map
      < FilesMatch .*\.map$ >
        AddDefaultCharset Shift_JIS
        RewriteEngine On
        RewriteCond %{REQUEST_URI} .*\.map/.*
        RewriteRule .* - [F]
      < /FilesMatch >
    • Product [d]
      LoadModule imap_module "/opt/FJSVihs/modules/mod_imap.so"
      LoadModule rewrite_module "/opt/FJSVihs/modules/mod_rewrite.so"

      AddHandler imap-file .map
      < FilesMatch .*\.map$ >
        AddDefaultCharset Shift_JIS
        RewriteEngine On
        RewriteCond %{REQUEST_URI} .*\.map/.*
        RewriteRule .* - [F]
      < /FilesMatch >

Note:

  • Modify the mod_imap.so and mod_rewrite.so paths according to the installation path.
  • Specify the < FilesMatch > directive and RewriteCond directive regular expressions according to the file extension set that is actually used in the map file.
  • In the AddDefaultCharset directive, specify the char set that is actually used in the map file.

4. Related information

CVE-2007-5000
Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000

5. Revision history

  • December 17th, 2008 : 2nd edition
    - described "Patch ID." of "3-2. Affected products and required patch"
    - added the description for the "Note" of "3-2. Affected products and required patch"
    - deleted "FMV series" of "3-1. Affected systems"
  • January 17th, 2008 : Initial release

Top of Page