Skip to main content

Fujitsu

Global

  1. Home >
  2. Support & Downloads >
  3. Software >
  4. Security >
  5. Fujitsu Patch & TA Information >
  6. This page provides Security Information.

Interstage Application Server: Vulnerability may allow access from a non-permitted IP address (CVE-2008-3271). October 15th, 2008


Notes on using this web page

1. Description

When the access control based on IP address is set, the request from a non-permitted IP address may be accepted.

2. Impact

Though a specific impact depends on a system function, there is a possibility of information disclosure because the request from an unauthorized client may be acceptted.

For the severity of this vulnerability, see JVN information in "4. Related information".

3. Affected systems and corresponding action

3-1. Affected systems:

GP7000F, PRIMEPOWER, PRIMERGY, GP5000, CELSIUS, AT compatible machine, PRIMEQUEST

3-2. Affected products and required patch

Interstage Application Server
Products Target OS Package name Patch ID.
Interstage Application Server Enterprise Edition 6.0 Solaris 8, 9 FJSVjs4 *
Interstage Application Server Enterprise Edition 7.0 Solaris 8, 9 FJSVjs4 *
Interstage Application Server Enterprise Edition 7.0.1 Solaris 8, 9, 10 FJSVjs4 *
Interstage Application Server Enterprise Edition V8.0.0 Solaris 9, 10 FJSVjs4 *
Interstage Application Server Enterprise Edition V8.0.2 Solaris 9, 10 FJSVjs4 *
Interstage Application Server Standard Edition 7.0 Solaris 8, 9 FJSVjs4 *
Interstage Application Server Standard-J Edition V8.0.0 Solaris 9, 10 FJSVjs4 *
Interstage Application Server Standard-J Edition V8.0.2 Solaris 9, 10 FJSVjs4 *
Interstage Application Server Plus 7.0 Solaris 8, 9 FJSVjs4 *
Interstage Application Server Plus 7.0.1 Solaris 8, 9, 10 FJSVjs4 *
Interstage Application Server Enterprise Edition V6.0 for Windows Windows Server 2003/ Windows 2000 Server/ Windows NT Server 4.0 F3FMjs4 *
Interstage Application Server Enterprise Edition V7.0 for Windows Windows Server 2003/ Windows 2000 Server F3FMjs4 *
Interstage Application Server Enterprise Edition V7.0.1 for Windows Windows Server 2003/ Windows 2000 Server F3FMjs4 *
Interstage Application Server Enterprise Edition V8.0.0 for Windows Windows Server 2003/ Windows 2000 Server F3FMjs4 *
Interstage Application Server Enterprise Edition V8.0.1 for Windows Windows Server 2003/ Windows 2000 Server F3FMjs4 *
Interstage Application Server Enterprise Edition V8.0.2 for Windows Windows Server 2003/ Windows 2000 Server F3FMjs4 *
Interstage Application Server Standard Edition V7.0 for Windows Windows Server 2003/ Windows 2000 Server F3FMjs4 *
Interstage Application Server Standard-J Edition V8.0.0 for Windows Windows Server 2003/ Windows 2000 Server F3FMjs4 *
Interstage Application Server Standard-J Edition V8.0.1 for Windows Windows Server 2003/ Windows 2000 Server F3FMjs4 *
Interstage Application Server Standard-J Edition V8.0.2 for Windows Windows Server 2003/ Windows 2000 Server F3FMjs4 *
Interstage Application Server Plus V6.0 for Windows Windows Server 2003/ Windows 2000 Server/ Windows NT Server 4.0 F3FMjs4 *
Interstage Application Server Plus V7.0 for Windows Windows Server 2003/ Windows 2000 Server F3FMjs4 *
Interstage Application Server Plus V7.0.1 for Windows Windows Server 2003/ Windows 2000 Server F3FMjs4 *
Interstage Application Server Plus Developer V6.0 for Windows Windows Server 2003/ Windows 2000 Server/ Windows NT Server 4.0/ Windows XP F3FMjs4 *
Interstage Application Server Plus Developer V7.0 for Windows Windows Server 2003/ Windows 2000 Server/ Windows XP F3FMjs4 *
Interstage Application Server Enterprise Edition V6.0 for Linux RHEL-AS3(x86)/ ES3(x86) FJSVjs4 *
Interstage Application Server Enterprise Edition V7.0 for Linux RHEL-AS3(x86)/ ES3(x86) FJSVjs4 *
Interstage Application Server Enterprise Edition V8.0.0 for Linux RHEL-AS4(x86)/ AS4(EM64T) FJSVjs4 *
Interstage Application Server Enterprise Edition V8.0.2 for Linux RHEL-AS4(x86)/ AS4(EM64T) FJSVjs4 *
Interstage Application Server Standard Edition V7.0 for Linux RHEL-AS3(x86)/ ES3(x86) FJSVjs4 *
Interstage Application Server Standard-J Edition V8.0.0 for Linux RHEL-AS4(x86)/ AS4(EM64T) FJSVjs4 *
Interstage Application Server Standard-J Edition V8.0.2 for Linux RHEL-AS4(x86)/ AS4(EM64T) FJSVjs4 *
Interstage Application Server Plus V7.0 for Linux RHEL-AS3(x86)/ ES3(x86) FJSVjs4 *
Interstage Application Server Enterprise Edition V7.0 for Linux RHEL-AS4(IPF) FJSVjs4 *
Interstage Application Server Enterprise Edition V8.0.0 for Linux RHEL-AS4(IPF) FJSVjs4 *
Interstage Application Server Enterprise Edition V8.0.1 for Linux RHEL-AS4(IPF) FJSVjs4 *
Interstage Application Server Enterprise Edition V8.0.2 for Linux RHEL-AS4(IPF) FJSVjs4 *
Interstage Application Server Enterprise Edition V8.0.3 for Linux RHEL-AS4(IPF) FJSVjs4 *
Interstage Apworks/Studio
Products Target OS Package name Patch ID.
Interstage Apworks Modelers-J Edition V6.0 for Windows Windows Server 2003/ Windows 2000 Server/ Windows NT Server 4.0/ Windows XP F3FMjs4 *
Interstage Apworks Modelers-J Edition V6.0A for Windows Windows Server 2003/ Windows 2000 Server/ Windows NT Server 4.0/ Windows XP F3FMjs4 *
Interstage Apworks Modelers-J Edition V7.0 for Windows Windows Server 2003/ Windows 2000 Server/ Windows XP F3FMjs4 *
Interstage Studio Enterprise Edition 8.0.1 for Windows Windows Server 2003/ Windows 2000 Server F3FMjs4 *
Interstage Studio Standard-J Edition 8.0.1 for Windows Windows Server 2003/ Windows 2000 Server F3FMjs4 *
Interstage Business Application Server
Products Target OS Package name Patch ID.
Interstage Business Application Server Enterprise Edition 8.0.0 for Linux RHEL-AS4(IPF) FJSVjs4 *
Interstage Job Workload Server
Products Target OS Package name Patch ID.
Interstage Job Workload Server 8.1.0 for Linux RHEL-AS4(IPF) FJSVjs4 *


* For the Patches without ID nor link, please contact a Fujitsu system engineer or your partner(s).


Note: Determining the affected product

  • [V6 series]
    • Solaris
      To see package information on the FJSVisas package, the following command can be run:

      pkginfo -l FJSVisas
    • Windows
      See the title in the Software Release Guide.

      [Start]
        -> [Programs]
          -> [Interstage]
            -> [Application Server | Apworks]
              -> [Software Release Guide]
    • Linux
      To see package information on the FJSVisas package, the following command can be run:

      rpm -q FJSVisas
  • [V7 series or later]
    Use the isprintvl command.

    isprintvl

3-3. Workaround

None.

4. Related information

This problem corresponds to vulnerability of Apache Tomcat. (JVN#30732239/ CVE-2008-3271)

5. Revision history

  • October 15th, 2008 : 2nd edition
    Product information on the V9 series is deleted from "3-2. Affected products and required patch".
  • October 10th, 2008 : Initial release