Interstage HTTP Server: Cross-site Scripting Problem (CVE-2007-4465/ CVE-2007-6203). July 27th, 2010
1. Description
- Problem 1)
A cross-site scripting vulnerability problem has been confirmed in the Interstage HTTP Server directory list automatic generation function.
This issue is described in CVE-2007-4465.
Fujitsu provides the workaround shown in 3-3.
Please apply them as soon as possible. - Problem 2)
A cross-site scripting vulnerability problem has been confirmed in the Interstage HTTP Server status code 413 response processing.
This issue is described in CVE-2007-6203.
Fujitsu provides security patches shown in 3-2.
Please apply the patch as soon as possible.
For the product without the patch apply the workaround shown in 3-3.
2. Impact
Attackers insert malicious scripts causing, taking over a victim's account or changing user settings, missusing or falsifying cookies, displaying illegal advertisements, etc.
3. Affected systems and corresponding action
3-1. Affected systems:
GP7000F, PRIMEPOWER, PRIMERGY, GP5000, CELSIUS, AT-compatible machine, PRIMEQUEST, SPARC Enterprise
3-2. Affected products and required patch
Note: The values set in "Workaround" below depend on the product. The symbol in square brackets after 'Product' corresponds to the contents set of "Workaround".
Products | Target OS | Package name | Patch ID. |
---|---|---|---|
Interstage Application Server Enterprise Edition V5.0 for Windows [a] | Windows | F3FMihs | None* |
Interstage Application Server Standard Edition V5.0 for Windows [a] | Windows | F3FMihs | None* |
Interstage Application Server Web-J Edition V5.0 for Windows [a] | Windows | F3FMihs | None* |
Interstage Application Server Plus V5.0.1 for Windows [a] | Windows | F3FMihs | None* |
Interstage Application Server Plus Developer V5.0.1 for Windows [a] | Windows | F3FMihs | None* |
Interstage Application Server Enterprise Edition V6.0 for Windows [a] | Windows | F3FMihs | None* |
Interstage Application Server Plus V6.0 for Windows [a] | Windows | F3FMihs | None* |
Interstage Application Server Plus Developer V6.0 for Windows [a] | Windows | F3FMihs | None* |
Interstage Application Server Enterprise Edition V7.0 for Windows [a] | Windows | F3FMihs | None* |
Interstage Application Server Plus V7.0 for Windows [a] | Windows | F3FMihs | None* |
Interstage Application Server Plus Developer V7.0 for Windows [a] | Windows | F3FMihs | None* |
Interstage Application Server Enterprise Edition V7.0.1 for Windows [a] | Windows | F3FMihs | None* |
Interstage Application Server Plus V7.0.1 for Windows [a] | Windows | F3FMihs | None* |
Interstage Application Server Enterprise Edition 8.0.0 for Windows [a] | Windows | F3FMihs | None* |
Interstage Application Server Standard-J Edition 8.0.0 for Windows [a] | Windows | F3FMihs | None* |
Interstage Application Server Enterprise Edition 8.0.1 for Windows [a] | Windows | F3FMihs | None* |
Interstage Application Server Standard-J Edition 8.0.1 for Windows [a] | Windows | F3FMihs | None* |
Interstage Application Server Enterprise Edition 8.0.2 for Windows [a] | Windows | F3FMihs | None* |
Interstage Application Server Standard-J Edition 8.0.2 for Windows [a] | Windows | F3FMihs | None* |
Interstage Application Server Enterprise Edition V9.0.0 for Windows [b] | Windows | F3FMihs | T001001WP-04(note) |
Interstage Application Server Standard-J Edition V9.0.0 for Windows [b] | Windows | F3FMihs | T001001WP-04(note) |
Interstage Application Server Enterprise Edition V9.0.0A for Windows [b] | Windows | F3FMihs | T001001WP-04(note) |
Interstage Application Server Standard-J Edition V9.0.0A for Windows [b] | Windows | F3FMihs | T001001WP-04(note) |
Interstage Application Server Standard-J Edition V9.0.0B for Windows [b] | Windows | F3FMihs | T001001WP-04(note) |
Interstage Application Server Enterprise Edition V9.1.0 for Windows [b] | Windows | F3FMihs | T002174WP-02(note) |
Interstage Application Server Standard-J Edition V9.1.0 for Windows [b] | Windows | F3FMihs | T002174WP-02(note) |
Interstage Application Server Enterprise Edition V9.1.0B for Windows [b] | Windows | F3FMihs | T002174WP-02(note) |
Interstage Application Server Standard-J Edition V9.1.0B for Windows [b] | Windows | F3FMihs | T002174WP-02(note) |
Interstage Application Server Enterprise Edition V9.2.0 for Windows [b] | Windows | F3FMihs | T004344WP-01(note) |
Interstage Application Server Standard-J Edition V9.2.0 for Windows [b] | Windows | F3FMihs | T004344WP-01(note) |
Interstage Application Server Enterprise Edition 8.0.0 for Windows [a] | Windows(IPF) | F3FMihs | None* |
Interstage Application Server Enterprise Edition V9.0.0 for Windows [b] | Windows(IPF) | F3FMihs | T001005IP-03(note) |
Interstage Application Server Standard-J Edition V9.0.0 for Windows [b] | Windows(IPF) | F3FMihs | T001005IP-03(note) |
Interstage Application Server Enterprise Edition V9.1.0 for Windows [b] | Windows(IPF) | F3FMihs | T002175IP-02(note) |
Interstage Application Server Standard-J Edition V9.1.0 for Windows [b] | Windows(IPF) | F3FMihs | T002175IP-02(note) |
Interstage Application Server Enterprise Edition V9.2.0 for Windows [b] | Windows(IPF) | F3FMihs | T004345IP-01(note) |
Interstage Application Server Standard-J Edition V9.2.0 for Windows [b] | Windows(IPF) | F3FMihs | T004345IP-01(note) |
Interstage Application Server Enterprise Edition V9.2.0 for Windows [b] | Windows(EM64T) | F3FMihs | T004346XP-01(note) |
Interstage Application Server Standard-J Edition V9.2.0 for Windows [b] | Windows(EM64T) | F3FMihs | T004346XP-01(note) |
Interstage Application Server Enterprise Edition 5.0 [a] | Solaris | FJSVihs | None* |
Interstage Application Server Standard Edition 5.0 [a] | Solaris | FJSVihs | None* |
Interstage Application Server Web-J Edition 5.0 [a] | Solaris | FJSVihs | None* |
Interstage Application Server Enterprise Edition 5.0.1 [a] | Solaris | FJSVihs | None* |
Interstage Application Server Enterprise Edition 6.0 [a] | Solaris | FJSVihs | None* |
Interstage Application Server Enterprise Edition 7.0 [a] | Solaris | FJSVihs | None* |
Interstage Application Server Plus 7.0 [a] | Solaris | FJSVihs | None* |
Interstage Application Server Enterprise Edition 7.0.1 [a] | Solaris | FJSVihs | None* |
Interstage Application Server Plus 7.0.1 [a] | Solaris | FJSVihs | None* |
Interstage Application Server Enterprise Edition 8.0.0 [a] | Solaris | FJSVihs | None* |
Interstage Application Server Standard-J Edition 8.0.0 [a] | Solaris | FJSVihs | None* |
Interstage Application Server Enterprise Edition 8.0.2 [a] | Solaris | FJSVihs | None* |
Interstage Application Server Standard-J Edition 8.0.2 [a] | Solaris | FJSVihs | None* |
Interstage Application Server Enterprise Edition V9.0.0 [b] | Solaris | FJSVihs | T001004SP-05(note) |
Interstage Application Server Standard-J Edition V9.0.0 [b] | Solaris | FJSVihs | T001004SP-05(note) |
Interstage Application Server Enterprise Edition V9.0.0B [b] | Solaris | FJSVihs | T001004SP-05(note) |
Interstage Application Server Enterprise Edition V9.1.0 [b] | Solaris | FJSVihs | T002180SP-03(note) |
Interstage Application Server Standard-J Edition V9.1.0 [b] | Solaris | FJSVihs | T002180SP-03(note) |
Interstage Application Server Enterprise Edition V9.1.0B [b] | Solaris | FJSVihs | T002180SP-03(note) |
Interstage Application Server Standard-J Edition V9.1.0B [b] | Solaris | FJSVihs | T002180SP-03(note) |
Interstage Application Server Enterprise Edition V9.2.0 [b] | Solaris | FJSVihs | T004343SP-01(note) |
Interstage Application Server Standard-J Edition V9.2.0 [b] | Solaris | FJSVihs | T004343SP-01(note) |
Interstage Application Server Enterprise Edition V5.0 [a] | Turbolinux 7 Server | FJSVihs | None* |
Interstage Application Server Standard Edition V5.0 [a] | Turbolinux 7 Server | FJSVihs | None* |
Interstage Application Server Web-J Edition V5.0 [a] | Turbolinux 7 Server | FJSVihs | None* |
Interstage Application Server Enterprise Edition V6.0 [a] | RHEL-AS3(x86)/ ES3(x86) | FJSVihs | None* |
Interstage Application Server Enterprise Edition V7.0 [a] | RHEL-AS3(x86)/ ES3(x86) | FJSVihs | None* |
Interstage Application Server Plus V7.0 [a] | RHEL-AS3(x86)/ ES3(x86) | FJSVihs | None* |
Interstage Application Server Enterprise Edition V7.0.1 [a] | RHEL-AS3(x86)/ ES3(x86)/ AS4(x86) | FJSVihs | None* |
Interstage Application Server Plus V7.0.1 [a] | RHEL-AS3(x86)/ ES3(x86)/ AS4(x86) | FJSVihs | None* |
Interstage Application Server Enterprise Edition 8.0.0 [a] | RHEL-AS4(x86)/ AS4(EM64T) | FJSVihs | None* |
Interstage Application Server Standard-J Edition 8.0.0 [a] | RHEL-AS4(x86)/ AS4(EM64T) | FJSVihs | None* |
Interstage Application Server Enterprise Edition 8.0.2 [a] | RHEL-AS4(x86)/ AS4(EM64T) | FJSVihs | None* |
Interstage Application Server Standard-J Edition 8.0.2 [a] | RHEL-AS4(x86)/ AS4(EM64T) | FJSVihs | None* |
Interstage Application Server Enterprise Edition V9.0.0 [b] | RHEL-AS4(x86)/ AS4(EM64T) | FJSVihs | T001003LP-03(note) |
Interstage Application Server Enterprise Edition V9.0.0 [b] | RHEL5(x86)/ RHEL5(Intel64) | FJSVihs | T001044LP-03(note) |
Interstage Application Server Standard-J Edition V9.0.0 [b] | RHEL-AS4(x86)/ AS4(EM64T) | FJSVihs | T001003LP-03(note) |
Interstage Application Server Standard-J Edition V9.0.0 [b] | RHEL5(x86)/ RHEL5(Intel64) | FJSVihs | T001044LP-03(note) |
Interstage Application Server Enterprise Edition V9.1.0 [b] | RHEL-AS4(x86)/ AS4(EM64T) | FJSVihs | T002176LP-02(note) |
Interstage Application Server Enterprise Edition V9.1.0 [b] | RHEL5(x86)/ RHEL5(Intel64) | FJSVihs | T002177LP-02(note) |
Interstage Application Server Standard-J Edition V9.1.0 [b] | RHEL-AS4(x86)/ AS4(EM64T) | FJSVihs | T002176LP-02(note) |
Interstage Application Server Standard-J Edition V9.1.0 [b] | RHEL5(x86)/ RHEL5(Intel64) | FJSVihs | T002177LP-02(note) |
Interstage Application Server Enterprise Edition V9.1.0B [b] | RHEL-AS4(x86)/ AS4(EM64T) | FJSVihs | T002176LP-02(note) |
Interstage Application Server Enterprise Edition V9.1.0B [b] | RHEL5(x86)/ RHEL5(Intel64) | FJSVihs | T002177LP-02(note) |
Interstage Application Server Standard-J Edition V9.1.0B [b] | RHEL-AS4(x86)/ AS4(EM64T) | FJSVihs | T002176LP-02(note) |
Interstage Application Server Standard-J Edition V9.1.0B [b] | RHEL5(x86)/ RHEL5(Intel64) | FJSVihs | T002177LP-02(note) |
Interstage Application Server Enterprise Edition V9.2.0 [b] | RHEL-AS4(x86)/ AS4(EM64T) | FJSVihs | T004338LP-01(note) |
Interstage Application Server Enterprise Edition V9.2.0 [b] | RHEL5(x86)/ RHEL5(Intel64) | FJSVihs | T004339LP-01(note) |
Interstage Application Server Standard-J Edition V9.2.0 [b] | RHEL-AS4(x86)/ AS4(EM64T) | FJSVihs | T004338LP-01(note) |
Interstage Application Server Standard-J Edition V9.2.0 [b] | RHEL5(x86)/ RHEL5(Intel64) | FJSVihs | T004339LP-01(note) |
Interstage Application Server Enterprise Edition V7.0 [a] | RHEL-AS4(IPF) | FJSVihs | None* |
Interstage Application Server Enterprise Edition 8.0.0 [a] | RHEL-AS4(IPF) | FJSVihs | None* |
Interstage Application Server Enterprise Edition 8.0.1 [a] | RHEL-AS4(IPF) | FJSVihs | None* |
Interstage Application Server Enterprise Edition 8.0.2 [a] | RHEL-AS4(IPF) | FJSVihs | None* |
Interstage Application Server Enterprise Edition V9.0.0 [b] | RHEL-AS4(IPF) | FJSVihs | T001002QP-03(note) |
Interstage Application Server Enterprise Edition V9.0.0 [b] | RHEL5(IPF) | FJSVihs | T001043QP-03(note) |
Interstage Application Server Standard-J Edition V9.0.0 [b] | RHEL-AS4(IPF) | FJSVihs | T001002QP-03(note) |
Interstage Application Server Standard-J Edition V9.0.0 [b] | RHEL5(IPF) | FJSVihs | T001043QP-03(note) |
Interstage Application Server Enterprise Edition V9.0.0A [b] | RHEL-AS4(IPF) | FJSVihs | T001002QP-03(note) |
Interstage Application Server Enterprise Edition V9.0.0A [b] | RHEL5(IPF) | FJSVihs | T001043QP-03(note) |
Interstage Application Server Enterprise Edition V9.1.0 [b] | RHEL-AS4(IPF) | FJSVihs | T002178QP-02(note) |
Interstage Application Server Enterprise Edition V9.1.0 [b] | RHEL5(IPF) | FJSVihs | T002179QP-02(note) |
Interstage Application Server Standard-J Edition V9.1.0 [b] | RHEL-AS4(IPF) | FJSVihs | T002178QP-02(note) |
Interstage Application Server Standard-J Edition V9.1.0 [b] | RHEL5(IPF) | FJSVihs | T002179QP-02(note) |
Interstage Application Server Enterprise Edition V9.2.0 [b] | RHEL-AS4(IPF) | FJSVihs | T004340QP-01(note) |
Interstage Application Server Enterprise Edition V9.2.0 [b] | RHEL5(IPF) | FJSVihs | T004341QP-01(note) |
Interstage Application Server Standard-J Edition V9.2.0 [b] | RHEL-AS4(IPF) | FJSVihs | T004340QP-01(note) |
Interstage Application Server Standard-J Edition V9.2.0 [b] | RHEL5(IPF) | FJSVihs | T004341QP-01(note) |
Interstage Application Server Enterprise Edition V9.2.0 [b] | RHEL5(Intel64) | FJSVihs | T004342LP-01(note) |
Interstage Application Server Standard-J Edition V9.2.0 [b] | RHEL5(Intel64) | FJSVihs | T004342LP-01(note) |
Products | Target OS | Package name | Patch ID. |
---|---|---|---|
Interstage Studio Enterprise Edition 8.0.1 for Windows [a] | Windows | F3FMihs | None* |
Interstage Studio Standard-J Edition 8.0.1 for Windows [a] | Windows | F3FMihs | None* |
Interstage Studio Enterprise Edition V9.0.0 for Windows [b] | Windows | F3FMihs | T001001WP-04(note) |
Interstage Studio Standard-J Edition V9.0.0 for Windows [b] | Windows | F3FMihs | T001001WP-04(note) |
Interstage Studio Enterprise Edition V9.1.0 for Windows [b] | Windows | F3FMihs | T002174WP-02(note) |
Interstage Studio Standard-J Edition V9.1.0 for Windows [b] | Windows | F3FMihs | T002174WP-02(note) |
Interstage Studio Enterprise Edition V9.1.0B for Windows [b] | Windows | F3FMihs | T002174WP-02(note) |
Interstage Studio Standard-J Edition V9.1.0B for Windows [b] | Windows | F3FMihs | T002174WP-02(note) |
Interstage Studio Enterprise Edition V9.2.0 for Windows [b] | Windows | F3FMihs | T004344WP-01(note) |
Interstage Studio Standard-J Edition V9.2.0 for Windows [b] | Windows | F3FMihs | T004344WP-01(note) |
Products | Target OS | Package name | Patch ID. |
---|---|---|---|
Interstage Business Application Server Enterprise Edition 8.0.0 [a] | RHEL-AS4(IPF) | FJSVihs | None* |
Products | Target OS | Package name | Patch ID. |
---|---|---|---|
Interstage Job Workload Server 8.1.0 [a] | RHEL-AS4(IPF) | FJSVihs | None* |
* You can avoid this vulnerability by the coping in "3-3. Workaround" below.
(note) These patches only address "Problem 2" shown in "1. Description". Therefore please apply the workaround shown in "3-3. Workaround" for "Problem 1".
Note: Determining the affected product
To check the software version, refer to the "FUJITSU SOFTWARE RELEASE GUIDE" supplied with the product.
3-3. Workaround
- Problem 1)
To avoid the problem, edit the environment definition file (httpd.conf) in one of the following ways. After the file is edited, Interstage HTTP Server must be restarted.- 1-1)
If "Indexes" has been set in Options directive, the automatic directory list generation function is disabled by deleting "Indexes". - 1-2)
Avoid the problem by setting the explicit contents character set.
Example:
If the contents type is text/plain or text/html and the character set of the contents is UTF-8, set utf-8 in the AddDefaultCharset directive.
Specification example: AddDefaultCharset utf-8
Note:
In environments in which multiple contents character sets are mixed together, characters may be garbled. In this case, avoid the problem by following the procedure in 1-1).
- 1-1)
- Problem 2)
Avoid the problem by editing the environment definition file (httpd.conf) with the following method and setting the error message of the status code 413 to a text message. After editing the file, Interstage HTTP Server must be restarted.- For [a] products:
Specify the text message after double quotation marks (").
Specification example: ErrorDocument 413 "413 Request Entity Too Large - For [b] products:
Enclose the text message in double quotation marks (").
Specification example: ErrorDocument 413 "413 Request Entity Too Large"
- For [a] products:
4. Related information
- CVE-2007-4465
Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that this issue is due to a design limitation of browsers that attempt to perform automatic content type detection.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465 - CVE-2007-6203
Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6203
5. Revision history
- July 27th, 2010: 2nd edition
- The counter-action method in "1. Description" has been changed.
- Some patch ids have been added to "3-2. Affected products and required patch".
- The following products have been added to "3-2. Affected products and required patch":
Interstage Application Server Standard-J Edition V9.0.0 Windows(IPF)
Interstage Application Server Enterprise Edition V9.0.0A RHEL-AS4(IPF)
Interstage Application Server Enterprise Edition V9.0.0A RHEL5(IPF)
Interstage Application Server Enterprise Edition V9.0.0B
Interstage Application Server Standard-J Edition V9.0.0B
Interstage Application Server Enterprise Edition V9.1.0B
Interstage Application Server Standard-J Edition V9.1.0B
Interstage Application Server Enterprise Edition V9.2.0
Interstage Application Server Standard-J Edition V9.2.0
- December 15th, 2008 : Initial release