Skip to main content

Fujitsu

Global

  1. Home >
  2. Support & Downloads >
  3. Software >
  4. Security >
  5. Fujitsu Patch & TA Information >
  6. This page provides Security Information.

Interstage Application Server: Vulnerable in request processing. May 17th, 2010


Notes on using this web page

1. Description

There is a vulnerability in Servlet service included in Interstage Application Server in which a specific request may be not processed properly.

Fujitsu provide security patches listed in 3 below.
Please apply them as soon as possible.

2. Impact

The specific impact depends on the implementation of the web application.
The following things may happen.

  • illegal request execution
  • information leak of other users

For the severity of this vulnerability, see JVN/IPA information in "4. Related information"(Japanese only).

3. Affected systems and corresponding action

3-1. Affected systems:

GP7000F, PRIMEPOWER, PRIMERGY, GP5000, CELSIUS, FMV series, AT compatible machine

3-2. Affected products and required patch

Interstage Application Server
Products Target OS Package name Patch ID.
INTERSTAGE Application Server Enterprise Edition 3.0 (with standard encryption) Solaris 2.6, 7, 8 FJSVjs2 910679-19*
INTERSTAGE Application Server Enterprise Edition 3.0 (with strong encryption) Solaris 2.6, 7, 8 FJSVjs2 910679-19*
INTERSTAGE Application Server Standard Edition 3.0 (with standard encryption) Solaris 2.6, 7, 8 FJSVjs2 910675-19*
INTERSTAGE Application Server Standard Edition 3.0 (with strong encryption) Solaris 2.6, 7, 8 FJSVjs2 910675-19*
INTERSTAGE Application Server Enterprise Edition 4.0 (with Non Encryption) Solaris 2.6, 7, 8 FJSVjs2 911367-12*
INTERSTAGE Application Server Enterprise Edition 4.0 (with Strong Encryption) Solaris 2.6, 7, 8 FJSVjs2 911367-12*
INTERSTAGE Application Server Standard Edition 4.0 (with Non Encryption) Solaris 2.6, 7, 8 FJSVjs2 911368-12*
INTERSTAGE Application Server Standard Edition 4.0 (with Strong Encryption) Solaris 2.6, 7, 8 FJSVjs2 911368-12*
INTERSTAGE Application Server Web-J Edition 4.0 (with Non Encryption) Solaris2.6, 7, 8 911562-11*
INTERSTAGE Application Server Web-J Edition 4.0 (with Strong Encryption) Solaris 2.6, 7, 8 FJSVjs2 911562-11*
Interstage Application Server Enterprise Edition 5.0 (with Strong Encryption) Solaris 7, 8, 9 FJSVjs2 912193-11*
Interstage Application Server Enterprise Edition 5.0 (with Non Encryption) Solaris 7, 8, 9 FJSVjs2 912193-11*
Interstage Application Server Standard Edition 5.0 (with Strong Encryption) Solaris 7, 8, 9 FJSVjs2 912194-11*
Interstage Application Server Standard Edition 5.0 (with Non Encryption) Solaris 7, 8, 9 FJSVjs2 912194-11*
Interstage Application Server Web-J Edition 5.0 (with Strong Encryption) Solaris 7, 8, 9 FJSVjs2 912195-11*
Interstage Application Server Web-J Edition 5.0 (with Non Encryption) Solaris 7, 8, 9 FJSVjs2 912195-11*
Interstage Application Server Enterprise Edition 5.0.1 (with Strong Encryption) Solaris 7, 8, 9 FJSVjs2 *
Interstage Application Server Enterprise Edition 6.0 Solaris 8, 9 FJSVjs2 *
Interstage Application Server Enterprise Edition 7.0 Solaris 8, 9 FJSVjs2 *
Interstage Application Server Standard Edition 7.0 Solaris 8, 9 FJSVjs2 *
Interstage Application Server Plus 7.0 Solaris 8, 9 FJSVjs2 *
Interstage Application Server Enterprise Edition 7.0.1 Solaris 8, 9, 10 FJSVjs2 *
Interstage Application Server Plus 7.0.1 Solaris 8, 9, 10 FJSVjs2 *
INTERSTAGE Application Server Enterprise Edition V3.0 (with strong encryption) for Windows Windows 2000 Server/ Windows NT Server 4.0 F3FMjs2 *
INTERSTAGE Application Server Enterprise Edition V3.0 (with standard encryption) for Windows Windows 2000 Server/ Windows NT Server 4.0 F3FMjs2 *
INTERSTAGE Application Server Standard Edition V3.0 (with strong encryption) for Windows Windows 2000 Server/ Windows NT Server 4.0 F3FMjs2 *
INTERSTAGE Application Server Standard Edition V3.0 (with standard encryption) for Windows Windows 2000 Server/ Windows NT Server 4.0 F3FMjs2 *
INTERSTAGE Application Server Enterprise Edition V4.0 (with Strong Encryption) for Windows Windows 2000 Server/ Windows NT Server 4.0 F3FMjs2 *
INTERSTAGE Application Server Enterprise Edition V4.0 (with Non Encryption) for Windows Windows 2000 Server/ Windows NT Server 4.0 F3FMjs2 *
INTERSTAGE Application Server Standard Edition V4.0 (with Strong Encryption) for Windows Windows 2000 Server/ Windows NT Server 4.0 F3FMjs2 *
INTERSTAGE Application Server Standard Edition V4.0 (with Non Encryption) for Windows Windows 2000 Server/ Windows NT Server 4.0 F3FMjs2 *
INTERSTAGE Application Server Web-J Edition V4.0 (with Strong Encryption) for Windows Windows 2000 Server/ Windows NT Server 4.0 F3FMjs2 *
INTERSTAGE Application Server Web-J Edition V4.0 (with Non Encryption) for Windows Windows 2000 Server/ Windows NT Server 4.0 F3FMjs2 *
Interstage Application Server Enterprise Edition V5.0 (with Strong Encryption) for Windows Windows 2000 Server/ Windows NT Server 4.0 F3FMjs2 *
Interstage Application Server Enterprise Edition V5.0 (with Non Encryption) for Windows Windows 2000 Server/ Windows NT Server 4.0 F3FMjs2 *
Interstage Application Server Standard Edition V5.0 (with Non Encryption) for Windows Windows 2000 Server/ Windows NT Server 4.0 F3FMjs2 *
Interstage Application Server Standard Edition V5.0 (with Strong Encryption) for Windows Windows 2000 Server/ Windows NT Server 4.0 F3FMjs2 *
Interstage Application Server Web-J Edition V5.0 (with Strong Encryption) for Windows Windows 2000 Server/ Windows NT Server 4.0 F3FMjs2 *
Interstage Application Server Web-J Edition V5.0 (with Non Encryption) for Windows Windows 2000 Server/ Windows NT Server 4.0 F3FMjs2 *
Interstage Application Server Plus V5.0.1 for Windows Windows 2000 Server/ Windows NT Server 4.0 F3FMjs2 *
Interstage Application Server Plus Developer V5.0.1 for Windows Windows 2000 Server/ Windows NT Server 4.0/ Windows XP F3FMjs2 *
Interstage Application Server Enterprise Edition V6.0 for Windows Windows Server 2003/ Windows 2000 Server/ Windows NT Server 4.0 F3FMjs2 *
Interstage Application Server Plus V6.0 for Windows Windows Server 2003/ Windows 2000 Server/ Windows NT Server 4.0 F3FMjs2 *
Interstage Application Server Enterprise Edition V7.0 for Windows Windows Server 2003/ Windows 2000 Server F3FMjs2 *
Interstage Application Server Standard Edition V7.0 for Windows Windows Server 2003/ Windows 2000 Server F3FMjs2 *
Interstage Application Server Plus V7.0 for Windows Windows Server 2003/ Windows 2000 Server F3FMjs2 *
Interstage Application Server Enterprise Edition V7.0.1 for Windows Windows Server 2003/ Windows 2000 Server F3FMjs2 *
Interstage Application Server Plus V7.0.1 for Windows Windows Server 2003/ Windows 2000 Server F3FMjs2 *
INTERSTAGE Application Server Enterprise Edition 4.1 (with Non Encryption) for Linux Turbolinux 7/ RedHat Linux 7.2 FJSVjs2 *
INTERSTAGE Application Server Standard Edition 4.1 (with Non Encryption) for Linux Turbolinux 7/ RedHat Linux 7.2 FJSVjs2 *
INTERSTAGE Application Server Web-J Edition 4.1 (with Non Encryption) for Linux Turbolinux 6.1/ 6.5/ 7/ RedHat Linux 7.2 FJSVjs2 *
Interstage Application Server Enterprise Edition V5.0 (with Strong Encryption) for Linux Turbolinux 7 FJSVjs2 *
Interstage Application Server Enterprise Edition V5.0 (with Non Encryption) for Linux Turbolinux 7 FJSVjs2 *
Interstage Application Server Standard Edition V5.0 (with Strong Encryption) for Linux Turbolinux 7 FJSVjs2 *
Interstage Application Server Standard Edition V5.0 (with Non Encryption) for Linux Turbolinux 7 FJSVjs2 *
Interstage Application Server Web-J Edition V5.0 (with Strong Encryption) for Linux Turbolinux 7 FJSVjs2 *
Interstage Application Server Web-J Edition V5.0 (with Non Encryption) for Linux Turbolinux 7 FJSVjs2 *
Interstage Application Server Enterprise Edition V6.0 for Linux RHEL-AS3(x86)/ ES3(x86) FJSVjs2 *
Interstage Application Server Enterprise Edition V7.0 for Linux RHEL-AS3(x86)/ ES3(x86) FJSVjs2 *
Interstage Application Server Standard Edition V7.0 for Linux RHEL-AS3(x86)/ ES3(x86) FJSVjs2 *
Interstage Application Server Plus V7.0 for Linux RHEL-AS3(x86)/ ES3(x86) FJSVjs2 *

* For the patches without ID nor link, please contact a Fujitsu system engineer or your partner(s).

Note: In the following products, this vulnerability ONLY affects the system with Servlet service which has compatiblity with version 5 and earlier. This service is set by custom install. Therefore, the system with Servlet service set by default install is NOT affected by this vulnerability.

  • Interstage Application Server V6 series-V7 series


Note: Determining the affected product

  • [V3 series-V6 series]
    • Solaris
      Ensure package information on the FJSVisas package.
        pkginfo -l FJSVisas
    • Windows
      Ensure the title of Software Release Guide.
        [Start]
          -> [Program]
            -> [Interstage]
              -> [Application Server]
                -> [Software Release Guide]
    • Linux
      Ensure package information on the FJSVisas package.
        rpm -q FJSVisas
  • [V7 series or later]
    Use the isprintvl command.
      isprintvl

3-3. Workaround

Set five minutes or more interval for the distribution beginning time of each server at the loading balancer.

4. Related information

This problem corresponds to vulnerability of Interstage Application Server. (JVN#90248889)

5. Revision history

  • May 17th, 2010 : Initial release