Interstage HTTP Server: サーバステータス監視機能におけるセキュリティ脆弱性問題(CVE-2007-6388) (2008年12月17日)
1.脆弱性の説明
Interstage HTTP Serverのサーバステータス監視機能において、クライアントの意図 しないサイトに接続される問題が確認されました。本脆弱性問題は、CVE-2007-6388に 該当します。
富士通は、3.に示すセキュリティパッチを提供していますので、早急に適用する様に お願いします。
Interstage製品については以下のページを参照してください。
https://www.fujitsu.com/jp/products/software/middleware/business-middleware/interstage/
2. 脆弱性のもたらす脅威
被害者に、悪意のある予期しないサイトを訪問するよう仕向けることで、攻撃者は フィッシングを行ったり、この被害者をクロスサイトスクリプティング(XSS)のある サイトに導いて被害者のブラウザ上で任意のスクリプトの実行が可能です。
3. 該当システム・対策情報
3-1.該当システム
GP7000F, PRIMEPOWER, GP-S, PRIMERGY, GP5000, CELSIUS, FMVシリーズ, AT互換機, PRIMEQUEST, SPARC Enterprise
3-2.該当製品・対策Patch
注意)後述する回避方法は、製品ごとに設定内容が異なるものがあります。製品名末尾の括弧内記載記号は、回避方法の設定内容に対応しています。
・Interstage Application Server
・Interstage Web Server
・Interstage Application Framework Suite
・Interstage Apworks
・Interstage Studio
・Interstage Business Application Server
・Interstage Job Workload Server
・Systemwalker Resource Coordinator
製品名 | 対象OS | パッケージ名 | Patch ID |
---|---|---|---|
Interstage Application Server Enterprise Edition V5.0L10 [a] | Windows | F3FMihs | TP09823 |
Interstage Application Server Standard Edition V5.0L10 [a] | Windows | F3FMihs | TP09823 |
Interstage Application Server Web-J Edition V5.0L10 [a] | Windows | F3FMihs | TP09823 |
Interstage Application Server Enterprise Edition V5.0L10A [a] | Windows | F3FMihs | TP09823 |
Interstage Application Server Standard Edition V5.0L10A [a] | Windows | F3FMihs | TP09823 |
Interstage Application Server Web-J Edition V5.0L10A [a] | Windows | F3FMihs | TP09823 |
Interstage Application Server Enterprise Edition V5.0L10B [a] | Windows | F3FMihs | TP09823 |
Interstage Application Server Standard Edition V5.0L10B [a] | Windows | F3FMihs | TP09823 |
Interstage Application Server Web-J Edition V5.0L10B [a] | Windows | F3FMihs | TP09823 |
Interstage Application Server Enterprise Edition V5.0L20 [a] | Windows | F3FMihs | TP19823 |
Interstage Application Server Standard Edition V5.0L20 [a] | Windows | F3FMihs | TP19823 |
Interstage Application Server Web-J Edition V5.0L20 [a] | Windows | F3FMihs | TP19823 |
Interstage Application Server Plus V5.0L20 [a] | Windows | F3FMihs | TP19823 |
Interstage Application Server Plus Developer V5.0L20 [a] | Windows | F3FMihs | TP19823 |
Interstage Application Server Enterprise Edition V5.0L20A [a] | Windows | F3FMihs | TP19823 |
Interstage Application Server Standard Edition V5.0L20A [a] | Windows | F3FMihs | TP19823 |
Interstage Application Server Web-J Edition V5.0L20A [a] | Windows | F3FMihs | TP19823 |
Interstage Application Server Plus V5.0L20A [a] | Windows | F3FMihs | TP19823 |
Interstage Application Server Enterprise Edition V6.0L10 [a] | Windows | F3FMihs | TP29823 |
Interstage Application Server Standard Edition V6.0L10 [a] | Windows | F3FMihs | TP29823 |
Interstage Application Server Web-J Edition V6.0L10 [a] | Windows | F3FMihs | TP29823 |
Interstage Application Server Plus V6.0L10 [a] | Windows | F3FMihs | TP29823 |
Interstage Application Server Plus Developer V6.0L10 [a] | Windows | F3FMihs | TP29823 |
Interstage Application Server Web-J Edition V6.0L10A [a] | Windows | F3FMihs | TP29823 |
Interstage Application Server Plus V6.0L10A [a] | Windows | F3FMihs | TP29823 |
Interstage Application Server Enterprise Edition V6.0L10B [a] | Windows | F3FMihs | TP29823 |
Interstage Application Server Standard Edition V6.0L10B [a] | Windows | F3FMihs | TP29823 |
Interstage Application Server Web-J Edition V6.0L10B [a] | Windows | F3FMihs | TP29823 |
Interstage Application Server Plus V6.0L10B [a] | Windows | F3FMihs | TP29823 |
Interstage Application Server Enterprise Edition V6.0L10C [a] | Windows | F3FMihs | TP49823 |
Interstage Application Server Standard Edition V6.0L10C [a] | Windows | F3FMihs | TP49823 |
Interstage Application Server Web-J Edition V6.0L10C [a] | Windows | F3FMihs | TP49823 |
Interstage Application Server Plus V6.0L10C [a] | Windows | F3FMihs | TP49823 |
Interstage Application Server Enterprise Edition V7.0L10 [a] | Windows | F3FMihs | TP39823 |
Interstage Application Server Standard Edition V7.0L10 [a] | Windows | F3FMihs | TP39823 |
Interstage Application Server Web-J Edition V7.0L10 [a] | Windows | F3FMihs | TP39823 |
Interstage Application Server Plus V7.0L10 [a] | Windows | F3FMihs | TP39823 |
Interstage Application Server Plus Developer V7.0L10 [a] | Windows | F3FMihs | TP39823 |
Interstage Application Server Web-J Edition V7.0L10A [a] | Windows | F3FMihs | TP39823 |
Interstage Application Server Enterprise Edition V7.0L11 [a] | Windows | F3FMihs | TP39823 |
Interstage Application Server Standard Edition V7.0L11 [a] | Windows | F3FMihs | TP39823 |
Interstage Application Server Web-J Edition V7.0L11 [a] | Windows | F3FMihs | TP39823 |
Interstage Application Server Plus V7.0L11 [a] | Windows | F3FMihs | TP39823 |
Interstage Application Server Enterprise Edition 8.0.0 [a] | Windows | F3FMihs | T000106WP-04 |
Interstage Application Server Standard-J Edition 8.0.0 [a] | Windows | F3FMihs | T000106WP-04 |
Interstage Application Server Web-J Edition 8.0.0 [a] | Windows | F3FMihs | T000106WP-04 |
Interstage Application Server Enterprise Edition 8.0.1 [a] | Windows | F3FMihs | T000106WP-04 |
Interstage Application Server Standard-J Edition 8.0.1 [a] | Windows | F3FMihs | T000106WP-04 |
Interstage Application Server Web-J Edition 8.0.1 [a] | Windows | F3FMihs | T000106WP-04 |
Interstage Application Server Enterprise Edition 8.0.3 [a] | Windows | F3FMihs | T000106WP-04 |
Interstage Application Server Standard-J Edition 8.0.3 [a] | Windows | F3FMihs | T000106WP-04 |
Interstage Application Server Web-J Edition 8.0.3 [a] | Windows | F3FMihs | T000106WP-04 |
Interstage Application Server Enterprise Edition V9.0.0 [b] | Windows | F3FMihs | T001001WP-02 |
Interstage Application Server Standard-J Edition V9.0.0 [b] | Windows | F3FMihs | T001001WP-02 |
Interstage Application Server Enterprise Edition 5.0 [c] | Solaris | FJSVihs | 912327-11 |
Interstage Application Server Standard Edition 5.0 [c] | Solaris | FJSVihs | 912327-11 |
Interstage Application Server Web-J Edition 5.0 [c] | Solaris | FJSVihs | 912327-11 |
Interstage Application Server Enterprise Edition 5.0.1 [c] | Solaris | FJSVihs | 912499-09 |
Interstage Application Server Standard Edition 5.0.1 [c] | Solaris | FJSVihs | 912499-09 |
Interstage Application Server Web-J Edition 5.0.1 [c] | Solaris | FJSVihs | 912499-09 |
Interstage Application Server Enterprise Edition 5.1 [c] | Solaris | FJSVihs | 913075-11 |
Interstage Application Server Standard Edition 5.1 [c] | Solaris | FJSVihs | 913075-11 |
Interstage Application Server Web-J Edition 5.1 [c] | Solaris | FJSVihs | 913075-11 |
Interstage Application Server Plus 5.1 [c] | Solaris | FJSVihs | 913075-11 |
Interstage Application Server Enterprise Edition 5.1.1 [c] | Solaris | FJSVihs | 913075-11 |
Interstage Application Server Standard Edition 5.1.1 [c] | Solaris | FJSVihs | 913075-11 |
Interstage Application Server Web-J Edition 5.1.1 [c] | Solaris | FJSVihs | 913075-11 |
Interstage Application Server Plus 5.1.1 [c] | Solaris | FJSVihs | 913075-11 |
Interstage Application Server Enterprise Edition 6.0 [c] | Solaris | FJSVihs | T0103S-07 |
Interstage Application Server Standard Edition 6.0 [c] | Solaris | FJSVihs | T0103S-07 |
Interstage Application Server Web-J Edition 6.0 [c] | Solaris | FJSVihs | T0103S-07 |
Interstage Application Server Plus 6.0 [c] | Solaris | FJSVihs | T0103S-07 |
Interstage Application Server Enterprise Edition 6.0.1 [c] | Solaris | FJSVihs | T0138S-06 |
Interstage Application Server Standard Edition 6.0.1 [c] | Solaris | FJSVihs | T0138S-06 |
Interstage Application Server Web-J Edition 6.0.1 [c] | Solaris | FJSVihs | T0138S-06 |
Interstage Application Server Plus 6.0.1 [c] | Solaris | FJSVihs | T0138S-06 |
Interstage Application Server Enterprise Edition 6.0.2 [c] | Solaris | FJSVihs | T016RS-05 |
Interstage Application Server Standard Edition 6.0.2 [c] | Solaris | FJSVihs | T016RS-05 |
Interstage Application Server Web-J Edition 6.0.2 [c] | Solaris | FJSVihs | T016RS-05 |
Interstage Application Server Plus 6.0.2 [c] | Solaris | FJSVihs | T016RS-05 |
Interstage Application Server Enterprise Edition 7.0 [c] | Solaris | FJSVihs | T013RS-06 |
Interstage Application Server Standard Edition 7.0 [c] | Solaris | FJSVihs | T013RS-06 |
Interstage Application Server Web-J Edition 7.0 [c] | Solaris | FJSVihs | T013RS-06 |
Interstage Application Server Plus 7.0 [c] | Solaris | FJSVihs | T013RS-06 |
Interstage Application Server Enterprise Edition 7.0.1 [c] | Solaris | FJSVihs | T023AS-05 |
Interstage Application Server Standard Edition 7.0.1 [c] | Solaris | FJSVihs | T023AS-05 |
Interstage Application Server Web-J Edition 7.0.1 [c] | Solaris | FJSVihs | T023AS-05 |
Interstage Application Server Plus 7.0.1 [c] | Solaris | FJSVihs | T023AS-05 |
Interstage Application Server Enterprise Edition 8.0.0 [c] | Solaris | FJSVihs | T000180SP-04 |
Interstage Application Server Standard-J Edition 8.0.0 [c] | Solaris | FJSVihs | T000180SP-04 |
Interstage Application Server Web-J Edition 8.0.0 [c] | Solaris | FJSVihs | T000180SP-04 |
Interstage Application Server Enterprise Edition 8.0.3 [c] | Solaris | FJSVihs | T000180SP-04 |
Interstage Application Server Standard-J Edition 8.0.3 [c] | Solaris | FJSVihs | T000180SP-04 |
Interstage Application Server Web-J Edition 8.0.3 [c] | Solaris | FJSVihs | T000180SP-04 |
Interstage Application Server Enterprise Edition V9.0.0 [d] | Solaris | FJSVihs | T001004SP-04 |
Interstage Application Server Standard-J Edition V9.0.0 [d] | Solaris | FJSVihs | T001004SP-04 |
Interstage Application Server Enterprise Edition V5.0L10 [c] | Turbolinux 7 Server | FJSVihs | T00019-10 |
Interstage Application Server Standard Edition V5.0L10 [c] | Turbolinux 7 Server | FJSVihs | T00019-10 |
Interstage Application Server Web-J Edition V5.0L10 [c] | Turbolinux 7 Server | FJSVihs | T00019-10 |
Interstage Application Server Enterprise Edition V5.0L11 [c] | Turbolinux 7 Server/ RHEL-AS2.1(x86)/ ES2.1(x86) | FJSVihs | T00034-09 |
Interstage Application Server Standard Edition V5.0L11 [c] | Turbolinux 7 Server/ RHEL-AS2.1(x86)/ ES2.1(x86) | FJSVihs | T00034-09 |
Interstage Application Server Web-J Edition V5.0L11 [c] | Turbolinux 7 Server/ RHEL-AS2.1(x86)/ ES2.1(x86) | FJSVihs | T00034-09 |
Interstage Application Server Enterprise Edition V5.0L20 [c] | Turbolinux 7 Server/ RHEL-AS2.1(x86)/ ES2.1(x86) | FJSVihs | T00091-08 |
Interstage Application Server Standard Edition V5.0L20 [c] | Turbolinux 7 Server/ RHEL-AS2.1(x86)/ ES2.1(x86) | FJSVihs | T00091-08 |
Interstage Application Server Web-J Edition V5.0L20 [c] | Turbolinux 7 Server/ Turbolinux 8 Server/ RHEL-AS2.1(x86)/ ES2.1(x86) | FJSVihs | T00091-08 |
Interstage Application Server Plus V5.0L20 [c] | Turbolinux 7 Server/ RHEL-AS2.1(x86)/ ES2.1(x86) | FJSVihs | T00091-08 |
Interstage Application Server Enterprise Edition V6.0L10 [c] | RHEL-AS3(x86)/ ES3(x86) | FJSVihs | T00258-07 |
Interstage Application Server Standard Edition V6.0L10 [c] | RHEL-AS3(x86)/ ES3(x86) | FJSVihs | T00258-07 |
Interstage Application Server Web-J Edition V6.0L10 [c] | RHEL-AS2.1(x86)/ ES2.1(x86) | FJSVihs | T00258-07 |
Interstage Application Server Plus V6.0L10 [c] | RHEL-AS2.1(x86)/ ES2.1(x86) | FJSVihs | T00258-07 |
Interstage Application Server Web-J Edition V6.0L11 [c] | RHEL-AS2.1(x86)/ ES2.1(x86)/ AS3(x86)/ ES3(x86) | FJSVihs | T00258-07 |
Interstage Application Server Plus V6.0L11 [c] | RHEL-AS2.1(x86)/ ES2.1(x86)/ AS3(x86)/ ES3(x86) | FJSVihs | T00258-07 |
Interstage Application Server Enterprise Edition V7.0L10 [c] | RHEL-AS3(x86)/ ES3(x86) | FJSVihs | T00603-05 |
Interstage Application Server Standard Edition V7.0L10 [c] | RHEL-AS3(x86)/ ES3(x86) | FJSVihs | T00603-05 |
Interstage Application Server Web-J Edition V7.0L10 [c] | RHEL-AS3(x86)/ ES3(x86) | FJSVihs | T00603-05 |
Interstage Application Server Plus V7.0L10 [c] | RHEL-AS3(x86)/ ES3(x86) | FJSVihs | T00603-05 |
Interstage Application Server Enterprise Edition V7.0L11 [c] | RHEL-AS3(x86)/ ES3(x86)/ AS4(x86) | FJSVihs | T00603-05 |
Interstage Application Server Standard Edition V7.0L11 [c] | RHEL-AS3(x86)/ ES3(x86)/ AS4(x86) | FJSVihs | T00603-05 |
Interstage Application Server Web-J Edition V7.0L11 [c] | RHEL-AS3(x86)/ ES3(x86)/ AS4(x86) | FJSVihs | T00603-05 |
Interstage Application Server Plus V7.0L11 [c] | RHEL-AS3(x86)/ ES3(x86)/ AS4(x86) | FJSVihs | T00603-05 |
Interstage Application Server Enterprise Edition 8.0.0 [c] | RHEL-AS4(x86)/ AS4(EM64T) | FJSVihs | T000181LP-03 |
Interstage Application Server Standard-J Edition 8.0.0 [c] | RHEL-AS4(x86)/ AS4(EM64T) | FJSVihs | T000181LP-03 |
Interstage Application Server Web-J Edition 8.0.0 [c] | RHEL-AS4(x86)/ AS4(EM64T) | FJSVihs | T000181LP-03 |
Interstage Application Server Enterprise Edition 8.0.3 [c] | RHEL-AS4(x86)/ AS4(EM64T) | FJSVihs | T000181LP-03 |
Interstage Application Server Standard-J Edition 8.0.3 [c] | RHEL-AS4(x86)/ AS4(EM64T) | FJSVihs | T000181LP-03 |
Interstage Application Server Web-J Edition 8.0.3 [c] | RHEL-AS4(x86)/ AS4(EM64T) | FJSVihs | T000181LP-03 |
Interstage Application Server Enterprise Edition V9.0.0 [d] | RHEL-AS4(x86)/ AS4(EM64T) | FJSVihs | T001003LP-02 |
Interstage Application Server Enterprise Edition V9.0.0 [d] | RHEL5(x86)/ RHEL5(Intel64) | FJSVihs | T001044LP-02 |
Interstage Application Server Standard-J Edition V9.0.0 [d] | RHEL-AS4(x86)/ AS4(EM64T) | FJSVihs | T001003LP-02 |
Interstage Application Server Standard-J Edition V9.0.0 [d] | RHEL5(x86)/ RHEL5(Intel64) | FJSVihs | T001044LP-02 |
Interstage Application Server Enterprise Edition V9.0.1 [d] | RHEL-AS4(x86)/ AS4(EM64T) | FJSVihs | T001003LP-02 |
Interstage Application Server Enterprise Edition V9.0.1 [d] | RHEL5(x86)/ RHEL5(Intel64) | FJSVihs | T001044LP-02 |
Interstage Application Server Standard-J Edition V9.0.1 [d] | RHEL-AS4(x86)/ AS4(EM64T) | FJSVihs | T001003LP-02 |
Interstage Application Server Standard-J Edition V9.0.1 [d] | RHEL5(x86)/ RHEL5(Intel64) | FJSVihs | T001044LP-02 |
Interstage Application Server Enterprise Edition V7.0L10 [c] | RHEL-AS4(IPF) | FJSVihs | T000178QP-03 |
Interstage Application Server Enterprise Edition 8.0.0 [c] | RHEL-AS4(IPF) | FJSVihs | T000179QP-03 |
Interstage Application Server Enterprise Edition 8.0.1 [c] | RHEL-AS4(IPF) | FJSVihs | T000179QP-03 |
Interstage Application Server Enterprise Edition 8.0.3 [c] | RHEL-AS4(IPF) | FJSVihs | T000179QP-03 |
Interstage Application Server Enterprise Edition V9.0.0 [d] | RHEL-AS4(IPF) | FJSVihs | T001002QP-02 |
Interstage Application Server Enterprise Edition V9.0.0 [d] | RHEL5(IPF) | FJSVihs | T001043QP-02 |
Interstage Application Server Standard-J Edition V9.0.0 [d] | RHEL-AS4(IPF) | FJSVihs | T001002QP-02 |
Interstage Application Server Standard-J Edition V9.0.0 [d] | RHEL5(IPF) | FJSVihs | T001043QP-02 |
Interstage Application Server Enterprise Edition 8.0.0 [a] | Windows(IPF) | F3FMihs | T001000IP-02 |
Interstage Application Server Enterprise Edition 8.0.3 [a] | Windows(IPF) | F3FMihs | T001000IP-02 |
Interstage Application Server Enterprise Edition V9.0.0 [b] | Windows(IPF) | F3FMihs | T001005IP-02 |
Interstage Application Server Standard-J Edition V9.0.0 [b] | Windows(IPF) | F3FMihs | T001005IP-02 |
製品名 | 対象OS | パッケージ名 | Patch ID |
---|---|---|---|
Interstage Web Server V9.0.0 [b] | Windows | F3FMihs | T001001WP-02 |
Interstage Web Server V9.0.0 [d] | Solaris | FJSVihs | T001004SP-04 |
Interstage Web Server V9.0.0 [d] | RHEL-AS4(x86)/ AS4(EM64T) | FJSVihs | T001003LP-02 |
Interstage Web Server V9.0.0 [d] | RHEL5(x86)/ RHEL5(Intel64) | FJSVihs | T001044LP-02 |
Interstage Web Server V9.0.1 [d] | RHEL-AS4(x86)/ AS4(EM64T) | FJSVihs | T001003LP-02 |
Interstage Web Server V9.0.1 [d] | RHEL5(x86)/ RHEL5(Intel64) | FJSVihs | T001044LP-02 |
製品名 | 対象OS | パッケージ名 | Patch ID |
---|---|---|---|
Interstage Application Framework Suite Enterprise Edition V6.0L10 [a] | Windows | F3FMihs | TP29823 |
Interstage Application Framework Suite Standard Edition V6.0L10 [a] | Windows | F3FMihs | TP29823 |
Interstage Application Framework Suite Web Edition V6.0L10 [a] | Windows | F3FMihs | TP29823 |
Interstage Application Framework Suite Web Edition V6.0L10A [a] | Windows | F3FMihs | TP29823 |
Interstage Application Framework Suite Enterprise Edition V6.0L10B [a] | Windows | F3FMihs | TP29823 |
Interstage Application Framework Suite Standard Edition V6.0L10B [a] | Windows | F3FMihs | TP29823 |
Interstage Application Framework Suite Web Edition V6.0L10B [a] | Windows | F3FMihs | TP29823 |
Interstage Application Framework Suite Enterprise Edition V6.0L10C [a] | Windows | F3FMihs | TP49823 |
Interstage Application Framework Suite Standard Edition V6.0L10C [a] | Windows | F3FMihs | TP49823 |
Interstage Application Framework Suite Web Edition V6.0L10C [a] | Windows | F3FMihs | TP49823 |
Interstage Application Framework Suite Standard Edition V7.0L10 [a] | Windows | F3FMihs | TP39823 |
Interstage Application Framework Suite Web Edition V7.0L10 [a] | Windows | F3FMihs | TP39823 |
Interstage Application Framework Suite Standard Edition V7.0L11 [a] | Windows | F3FMihs | TP39823 |
Interstage Application Framework Suite Web Edition V7.0L11 [a] | Windows | F3FMihs | TP39823 |
Interstage Application Framework Suite Enterprise Edition 6.0 [c] | Solaris | FJSVihs | T0103S-07 |
Interstage Application Framework Suite Standard Edition 6.0 [c] | Solaris | FJSVihs | T0103S-07 |
Interstage Application Framework Suite Web Edition 6.0 [c] | Solaris | FJSVihs | T0103S-07 |
Interstage Application Framework Suite Enterprise Edition 6.0.1 [c] | Solaris | FJSVihs | T0138S-06 |
Interstage Application Framework Suite Standard Edition 6.0.1 [c] | Solaris | FJSVihs | T0138S-06 |
Interstage Application Framework Suite Web Edition 6.0.1 [c] | Solaris | FJSVihs | T0138S-06 |
Interstage Application Framework Suite Enterprise Edition 6.0.2 [c] | Solaris | FJSVihs | T016RS-05 |
Interstage Application Framework Suite Standard Edition 6.0.2 [c] | Solaris | FJSVihs | T016RS-05 |
Interstage Application Framework Suite Web Edition 6.0.2 [c] | Solaris | FJSVihs | T016RS-05 |
Interstage Application Framework Suite Standard Edition 7.0 [c] | Solaris | FJSVihs | T013RS-06 |
Interstage Application Framework Suite Web Edition 7.0 [c] | Solaris | FJSVihs | T013RS-06 |
Interstage Application Framework Suite Enterprise Edition 7.0.1 [c] | Solaris | FJSVihs | T013RS-06 |
Interstage Application Framework Suite Standard Edition 7.0.2 [c] | Solaris | FJSVihs | T023AS-05 |
Interstage Application Framework Suite Web Edition 7.0.2 [c] | Solaris | FJSVihs | T023AS-05 |
Interstage Application Framework Suite Enterprise Edition V6.0L10 [c] | RHEL-AS3(x86)/ ES3(x86) | FJSVihs | T00258-07 |
Interstage Application Framework Suite Standard Edition V6.0L10 [c] | RHEL-AS3(x86)/ ES3(x86) | FJSVihs | T00258-07 |
Interstage Application Framework Suite Web Edition V6.0L10 [c] | RHEL-AS2.1(x86)/ ES2.1(x86) | FJSVihs | T00258-07 |
Interstage Application Framework Suite Web Edition V6.0L11 [c] | RHEL-AS2.1(x86)/ ES2.1(x86)/ AS3(x86)/ ES3(x86) | FJSVihs | T00258-07 |
Interstage Application Framework Suite Standard Edition V7.0L10 [c] | RHEL-AS3(x86)/ ES3(x86) | FJSVihs | T00603-05 |
Interstage Application Framework Suite Web Edition V7.0L10 [c] | RHEL-AS3(x86)/ ES3(x86) | FJSVihs | T00603-05 |
Interstage Application Framework Suite Standard Edition V7.0L11 [c] | RHEL-AS3(x86)/ ES3(x86)/ AS4(x86) | FJSVihs | T00603-05 |
Interstage Application Framework Suite Web Edition V7.0L11 [c] | RHEL-AS3(x86)/ ES3(x86)/ AS4(x86) | FJSVihs | T00603-05 |
製品名 | 対象OS | パッケージ名 | Patch ID |
---|---|---|---|
Interstage Apworks Enterprise Edition V6.0L10 [a] | Windows | F3FMihs | TP29823 |
Interstage Apworks Standard Edition V6.0L10 [a] | Windows | F3FMihs | TP29823 |
Interstage Apworks Modelers-J Edition V6.0L10 [a] | Windows | F3FMihs | TP29823 |
Interstage Apworks Enterprise Edition V6.0L10A [a] | Windows | F3FMihs | TP29823 |
Interstage Apworks Standard Edition V6.0L10A [a] | Windows | F3FMihs | TP29823 |
Interstage Apworks Modelers-J Edition V6.0L10A [a] | Windows | F3FMihs | TP29823 |
Interstage Apworks Enterprise Edition V6.0L10B [a] | Windows | F3FMihs | TP29823 |
Interstage Apworks Enterprise Edition V7.0L10 [a] | Windows | F3FMihs | TP39823 |
Interstage Apworks Standard Edition V7.0L10 [a] | Windows | F3FMihs | TP39823 |
Interstage Apworks Modelers-J Edition V7.0L10 [a] | Windows | F3FMihs | TP39823 |
Interstage Apworks Enterprise Edition 8.0.0 [a] | Windows | F3FMihs | T000106WP-04 |
Interstage Apworks Standard-J Edition 8.0.1 [a] | Windows | F3FMihs | T000106WP-04 |
Interstage Apworks Enterprise Edition 8.1.0 [a] | Windows | F3FMihs | T000106WP-04 |
製品名 | 対象OS | パッケージ名 | Patch ID |
---|---|---|---|
Interstage Studio Enterprise Edition V9.0.0 [b] | Windows | F3FMihs | T001001WP-02 |
Interstage Studio Standard-J Edition V9.0.0 [b] | Windows | F3FMihs | T001001WP-02 |
Interstage Studio with UML Modeling Tool V9.0.0 [b] | Windows | F3FMihs | T001001WP-02 |
Interstage Studio Enterprise Edition V9.0.0A [b] | Windows | F3FMihs | T001001WP-02 |
Interstage Studio Standard-J Edition V9.0.0A [b] | Windows | F3FMihs | T001001WP-02 |
Interstage Studio Enterprise Edition V9.0.1 [b] | Windows | F3FMihs | T001001WP-02 |
Interstage Studio Standard-J Edition V9.0.1 [b] | Windows | F3FMihs | T001001WP-02 |
製品名 | 対象OS | パッケージ名 | Patch ID |
---|---|---|---|
Interstage Business Application Server Standard Edition 8.0.0 [a] | Windows | F3FMihs | T000106WP-04 |
Interstage Business Application Server Standard Edition 8.0.1 [a] | Windows | F3FMihs | T000106WP-04 |
Interstage Business Application Server Enterprise Edition 7.0 [c] | Solaris | FJSVihs | T013RS-06 |
Interstage Business Application Server Enterprise Edition 7.0.1 [c] | Solaris | FJSVihs | T013RS-06 |
Interstage Business Application Server Enterprise Edition 8.0.0 [c] | Solaris | FJSVihs | T000180SP-04 |
Interstage Business Application Server Standard Edition 8.0.0 [c] | Solaris | FJSVihs | T000180SP-04 |
Interstage Business Application Server Enterprise Edition 8.0.1 [c] | Solaris | FJSVihs | T000180SP-04 |
Interstage Business Application Server Standard Edition 8.0.0 [c] | RHEL-AS4(x86)/ AS4(EM64T) | FJSVihs | T000181LP-03 |
Interstage Business Application Server Enterprise Edition 8.0.0 [c] | RHEL-AS4(IPF) | FJSVihs | T000179QP-03 |
Interstage Business Application Server Standard Edition 8.0.0 [c] | RHEL-AS4(IPF) | FJSVihs | T000179QP-03 |
Interstage Business Application Server Enterprise Edition 8.0.1 [c] | RHEL-AS4(IPF) | FJSVihs | T000179QP-03 |
Interstage Business Application Server Standard Edition 8.0.1 [c] | RHEL-AS4(IPF) | FJSVihs | T000179QP-03 |
製品名 | 対象OS | パッケージ名 | Patch ID |
---|---|---|---|
Interstage Job Workload Server 8.1.1 [c] | Solaris | FJSVihs | T000180SP-04 |
Interstage Job Workload Server 8.0.0 [c] | RHEL-AS4(IPF) | FJSVihs | T000179QP-03 |
Interstage Job Workload Server 8.0.1 [c] | RHEL-AS4(IPF) | FJSVihs | T000179QP-03 |
Interstage Job Workload Server 8.1.0 [c] | RHEL-AS4(IPF) | FJSVihs | T000179QP-03 |
Interstage Job Workload Server 8.1.1 [c] | RHEL-AS4(IPF) | FJSVihs | T000179QP-03 |
製品名 | 対象OS | パッケージ名 | Patch ID |
---|---|---|---|
Systemwalker Resource Coordinator 12.1 [c] | Solaris | FJSVihs | T013RS-06 |
Systemwalker Resource Coordinator 12.2 [c] | Solaris | FJSVihs | T023AS-05 |
Systemwalker Resource Coordinator V12.0L20 [c] | RHEL-AS3(x86)/ ES3(x86) | FJSVihs | T00603-05 |
Systemwalker Resource Coordinator V12.0L30 [c] | RHEL-AS3(x86)/ ES3(x86) | FJSVihs | T00603-05 |
参考: 該当製品の確認方法
製品のバージョンを確認するには、製品に添付の「ソフトウェア説明書」を参照してください。
3-3. 回避方法
環境定義ファイル(httpd.conf)において、下記ディレクティブを削除するか、または 先頭にハッシュマーク(#)を追加してコメント行にすることで、サーバステータス監視 機能を無効にしてください。定義編集後はWebサーバを再起動してください。
- 製品[a]の場合
#LoadModule status_module modules/mod_status.so
#AddModule mod_status.c
#ExtendedStatus On
#<Location /server-status>
# SetHandler server-status
# ・
# ・
# ・
#</Location> - 製品[b]の場合
#LoadModule status_module "C:/Interstage/F3FMihs/modules/mod_status.so"
#ExtendedStatus On
#<Location /server-status>
# SetHandler server-status
# ・
# ・
# ・
#</Location> - 製品[c]の場合
#LoadModule status_module libexec/mod_status.so
#AddModule mod_status.c
#ExtendedStatus On
#<Location /server-status>
# SetHandler server-status
# ・
# ・
# ・
#</Location> - 製品[d]の場合
#LoadModule status_module "/opt/FJSVihs/modules/mod_status.so"
#ExtendedStatus On
#<Location /server-status>
# SetHandler server-status
# ・
# ・
# ・
#</Location>
4. 関連情報
- CVE-2007-6388
Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388
5. 改版履歴
- 2008年12月17日 新規掲載