GTM-MQNC2Z4
Skip to main content
  1. Home >
  2. Support >
  3. Products >
  4. Software >
  5. Security >
  6. Fujitsu Patch & TA Information >
  7. This page provides Security Information.

Cross site scripting (XSS) and denial of service (DoS) vulnerabilities in Interstage HTTP Server. December 25th, 2008


Notes on using this web page

1. Background and Detected problem(s)

The following security vulnerabilities have been detected in the Interstage HTTP Server, which is provided by Interstage Application Server, Interstage Apworks, Interstage Studio, Interstage Business Application Server, and Interstage Job Workload Server.

  1. Cross site scripting (XSS) in the server status monitoring functionality
    This problem is applicable to CVE-2006-5752.
  2. Denial of service (DoS) in cache functionality
    This problem is applicable to CVE-2007-1863.
  3. Denial of service (DoS) in sending the specified process signals
    This problem is applicable to CVE-2007-3304.
  4. Denial of service (DoS) in proxy functionality
    This problem is applicable to CVE-2007-3847.
  5. Denial of service (DoS) in receiving particular requests
    This problem may occur in the following types of products:
    space
    1. Windows products in which the following urgent corrections have been applied.
      - TP08940
      - TP38940
    2. The following Windows(IPF) product is applicable:
      - Interstage Application Server Enterprise Edition 8.0.0 for Windows
  6. Denial of service (DoS) in the operation using SSL
    This problem may occur in the following types of products:
    space
    • Solaris products in which the following urgent corrections have been applied.
      - T023AS-03

Fujitsu provides security patches shown in 3.
Please apply them as soon as possible.

2. Method to temporarily avoid the problem

None.

3. Corresponding system and Patch information

Corresponding system: GP7000F, PRIMEPOWER, PRIMERGY, GP5000, CELSIUS, AT-compatible machine, PRIMEQUEST, SPARC Enterprise

Note) The effect of each vulnerability differs for each product. Please refer to the symbol in brackets following the product name and the following categories.

[a]: The effect of CVE-2006-5752
[b]: The effect of CVE-2007-1863
[c]: The effect of CVE-2007-3304
[d]: The effect of CVE-2007-3847
[e]: The effect of DoS problems in receiving particular requests
[f]: The effect of DoS problems in the operation using SSL

Interstage Application Server
ProductsTarget OSPackage namePatch ID.
Interstage Application Server Enterprise Edition V5.0 for Windows [a,d,e]WindowsF3FMihsTP09823*
Interstage Application Server Standard Edition V5.0 for Windows [a,d,e]WindowsF3FMihsTP09823*
Interstage Application Server Web-J Edition V5.0 for Windows [a,d,e]WindowsF3FMihsTP09823*
Interstage Application Server Plus V5.0.1 for Windows [a,d]WindowsF3FMihs*
Interstage Application Server Plus Developer V5.0.1 for Windows [a,d]WindowsF3FMihs*
Interstage Application Server Enterprise Edition V6.0 for Windows [a,d]WindowsF3FMihs*
Interstage Application Server Plus V6.0 for Windows [a,d]WindowsF3FMihs*
Interstage Application Server Plus Developer V6.0 for Windows [a,d]WindowsF3FMihs*
Interstage Application Server Enterprise Edition V7.0 for Windows [a,d,e]WindowsF3FMihsTP39823*
Interstage Application Server Plus V7.0 for Windows [a,d,e]WindowsF3FMihsTP39823*
Interstage Application Server Plus Developer V7.0 for Windows [a,d,e]WindowsF3FMihsTP39823*
Interstage Application Server Enterprise Edition V7.0.1 for Windows [a,d,e]WindowsF3FMihsTP39823*
Interstage Application Server Plus V7.0.1 for Windows [a,d,e]WindowsF3FMihsTP39823*
Interstage Application Server Enterprise Edition 8.0.0 for Windows [a,d]WindowsF3FMihs*
Interstage Application Server Standard-J Edition 8.0.0 for Windows [a,d]WindowsF3FMihs*
Interstage Application Server Enterprise Edition 8.0.1 for Windows [a,d]WindowsF3FMihs*
Interstage Application Server Standard-J Edition 8.0.1 for Windows [a,d]WindowsF3FMihs*
Interstage Application Server Enterprise Edition 8.0.2 for Windows [a,d]WindowsF3FMihs*
Interstage Application Server Standard-J Edition 8.0.2 for Windows [a,d]WindowsF3FMihs*
Interstage Application Server Enterprise Edition V9.0.0 for Windows [a,b,d]WindowsF3FMihs*
Interstage Application Server Standard-J Edition V9.0.0 for Windows [a,b,d]WindowsF3FMihs*
Interstage Application Server Enterprise Edition V9.0.0A for Windows [a,b,d]WindowsF3FMihs*
Interstage Application Server Standard-J Edition V9.0.0A for Windows [a,b,d]WindowsF3FMihs*
Interstage Application Server Enterprise Edition 5.0 [a,c,d]SolarisFJSVihs912327-11*
Interstage Application Server Standard Edition 5.0 [a,c,d]SolarisFJSVihs912327-11*
Interstage Application Server Web-J Edition 5.0 [a,c,d]SolarisFJSVihs912327-11*
Interstage Application Server Enterprise Edition 5.0.1 [a,c,d]SolarisFJSVihs*
Interstage Application Server Enterprise Edition 6.0 [a,c,d]SolarisFJSVihsT0103S-07*
Interstage Application Server Enterprise Edition 7.0 [a,c,d]SolarisFJSVihsT013RS-06*
Interstage Application Server Plus 7.0 [a,c,d]SolarisFJSVihsT013RS-06*
Interstage Application Server Enterprise Edition 7.0.1 [a,c,d,f]SolarisFJSVihsT023AS-05*
Interstage Application Server Plus 7.0.1 [a,c,d,f]SolarisFJSVihsT023AS-05*
Interstage Application Server Enterprise Edition 8.0.0 [a,c,d]SolarisFJSVihs*
Interstage Application Server Standard-J Edition 8.0.0 [a,c,d]SolarisFJSVihs*
Interstage Application Server Enterprise Edition 8.0.2 [a,c,d]SolarisFJSVihs*
Interstage Application Server Standard-J Edition 8.0.2 [a,c,d]SolarisFJSVihs*
Interstage Application Server Enterprise Edition V9.0.0 [a,b,c]SolarisFJSVihs*
Interstage Application Server Standard-J Edition V9.0.0 [a,b,c]SolarisFJSVihs*
Interstage Application Server Enterprise Edition V5.0 [a,c,d]Turbolinux 7 ServerFJSVihsT00019-10*
Interstage Application Server Standard Edition V5.0 [a,c,d]Turbolinux 7 ServerFJSVihsT00019-10*
Interstage Application Server Web-J Edition V5.0 [a,c,d]Turbolinux 7 ServerFJSVihsT00019-10*
Interstage Application Server Enterprise Edition V6.0 [a,c,d]RHEL-AS3(x86)/ ES3(x86)FJSVihs*
Interstage Application Server Enterprise Edition V7.0 [a,c,d]RHEL-AS3(x86)/ ES3(x86)FJSVihsT00603-05*
Interstage Application Server Plus V7.0 [a,c,d]RHEL-AS3(x86)/ ES3(x86)FJSVihsT00603-05*
Interstage Application Server Enterprise Edition V7.0.1 [a,c,d]RHEL-AS3(x86)/ ES3(x86)/ AS4(x86)FJSVihsT00603-05*
Interstage Application Server Plus V7.0.1 [a,c,d]RHEL-AS3(x86)/ ES3(x86)/ AS4(x86)FJSVihsT00603-05*
Interstage Application Server Enterprise Edition 8.0.0 [a,c,d]RHEL-AS4(x86)/ AS4(EM64T)FJSVihs*
Interstage Application Server Standard-J Edition 8.0.0 [a,c,d]RHEL-AS4(x86)/ AS4(EM64T)FJSVihs*
Interstage Application Server Enterprise Edition 8.0.2 [a,c,d]RHEL-AS4(x86)/ AS4(EM64T)FJSVihs*
Interstage Application Server Standard-J Edition 8.0.2 [a,c,d]RHEL-AS4(x86)/ AS4(EM64T)FJSVihs*
Interstage Application Server Enterprise Edition V9.0.0 [a,b,c]RHEL-AS4(x86)/ AS4(EM64T)FJSVihs*
Interstage Application Server Enterprise Edition V9.0.0 [a,b,c]RHEL5(x86)/ RHEL5(Intel64)FJSVihs*
Interstage Application Server Standard-J Edition V9.0.0 [a,b,c]RHEL-AS4(x86)/ AS4(EM64T)FJSVihs*
Interstage Application Server Standard-J Edition V9.0.0 [a,b,c]RHEL5(x86)/ RHEL5(Intel64)FJSVihs*
Interstage Application Server Enterprise Edition V7.0 [a,c,d]RHEL-AS4(IPF)FJSVihs*
Interstage Application Server Enterprise Edition 8.0.0 [a,c,d]RHEL-AS4(IPF)FJSVihs*
Interstage Application Server Enterprise Edition 8.0.1 [a,c,d]RHEL-AS4(IPF)FJSVihs*
Interstage Application Server Enterprise Edition 8.0.2 [a,c,d]RHEL-AS4(IPF)FJSVihs*
Interstage Application Server Enterprise Edition V9.0.0 [a,b,c]RHEL-AS4(IPF)FJSVihs*
Interstage Application Server Enterprise Edition V9.0.0 [a,b,c]RHEL5(IPF)FJSVihs*
Interstage Application Server Standard-J Edition V9.0.0 [a,b,c]RHEL-AS4(IPF)FJSVihs*
Interstage Application Server Standard-J Edition V9.0.0 [a,b,c]RHEL5(IPF)FJSVihs*
Interstage Application Server Enterprise Edition 8.0.0 for Windows [a,d,e]Windows(IPF)F3FMihs*
Interstage Application Server Enterprise Edition V9.0.0 for Windows [a,b,d]Windows(IPF)F3FMihs*
Interstage Application Server Standard-J Edition V9.0.0 for Windows [a,b,d]Windows(IPF)F3FMihs*
Interstage Apworks
ProductsTarget OSPackage namePatch ID.
Interstage Apworks Modelers-J Edition V6.0 for Windows [a,d]WindowsF3FMihs*
Interstage Apworks Modelers-J Edition V6.0A for Windows [a,d]WindowsF3FMihs*
Interstage Apworks Modelers-J Edition V7.0 for Windows [a,d,e]WindowsF3FMihsTP39823*
Interstage Apworks Enterprise Edition 8.0.0 for Windows [a,d]WindowsF3FMihs*
Interstage Apworks Standard-J Edition 8.0.0 for Windows [a,d]WindowsF3FMihs*
Interstage Studio
ProductsTarget OSPackage namePatch ID.
Interstage Studio Enterprise Edition 8.0.1 for Windows [a,d]WindowsF3FMihs*
Interstage Studio Standard-J Edition 8.0.1 for Windows [a,d]WindowsF3FMihs*
Interstage Studio Enterprise Edition V9.0.0 for Windows [a,b,d]WindowsF3FMihs*
Interstage Studio Standard-J Edition V9.0.0 for Windows [a,b,d]WindowsF3FMihs*
Interstage Business Application Server
ProductsTarget OSPackage namePatch ID.
Interstage Business Application Server Enterprise Edition 8.0.0 [a,c,d]RHEL-AS4(IPF)FJSVihs*
Interstage Job Workload Server
ProductsTarget OSPackage namePatch ID.
Interstage Job Workload Server 8.1.0 [a,c,d]RHEL-AS4(IPF)FJSVihs*


* For the Patches without ID nor link, please contact a Fujitsu system engineer or your partner(s).

4. Revision history

  • December 25th, 2008: 3rd edition:
    space
    • deleted "FMV series" of "Corresponding system"
    • The following products have been added to "3. Corresponding system and Patch information":
        Interstage Application Server Standard-J Edition V9.0.0 for Windows Windows(IPF)
    • Products which corresponded to [c], and [d] of "3. Corresponding system and Patch information" were changed.
    • "Patch ID" of "3. Corresponding system and Patch information" were changed.
      The table below maps the 2nd edition and the 3rd edition.
2nd edition3rd edition
Patch IDfixed problemPatch IDfixed problem
TP09615a, eTP09823a, d, e
TP39615a, eTP39823a, d, e
912327-10a912327-11a, c, d
T0103S-06aT0103S-07a, c, d
T013RS-05aT013RS-06a, c, d
T023AS-04a, fT023AS-05a, c, d, f
T00019-09aT00019-10a, c, d
T00603-04aT00603-05a, c, d
  • January 24th, 2008: 2nd edition:
    Products which corresponded to [b], [c], and [d] of "3. Corresponding system and Patch information" were corrected.
  • January 22nd, 2008: Initial release

Services & Products

Corporate Information

Country Selector

Global

Change

World Map