Three Security Vulnerabilities in Interstage HTTP Server (CVE-2008-2364/ CVE-2010-0425/ CVE-2010-0434). July 26th, 2010

Notes on using this web page

1. Description

Interstage Application Server, Interstage Studio and Interstage Web Server contain the security vulnerabilities below.

1. A Denial of Service (DoS) vulnerability has been confirmed in the Interstage HTTP Server proxy function.
   This vulnerability corresponds to CVE-2008-2364.
2. A Denial of Service (DoS) and arbitrary code execution vulnerabilities have been confirmed in the Interstage HTTP Server ISAPI function.
   This vulnerability corresponds to CVE-2010-0425.
3. An information disclosure vulnerability has been confirmed in Interstage HTTP Server response processing.
   This vulnerability corresponds to CVE-2010-0434.

Fujitsu provides security patches shown in 3.
Please apply them as soon as possible.

2. Impact

1. A Denial of Service (DoS) may occur when a large number of responses are sent by a third party.
2. A Denial of Service (DoS) or arbitrary code execution may occur on the Web server when a modified request is sent by a remote attacker.
3. When a modified request is sent by a remote attacker, other request information may also be read.

3. Affected systems and corresponding action

3-1. Affected systems:

GP7000F, PRIMEPOWER, PRIMERGY, GP5000, CELSIUS, AT-compatible machine, PRIMEQUEST, SPARC Enterprise

3-2. Affected products and required patch

Note: The vulnerability depends on the product. Refer to the letter in the square products at the end of the product name for details (shown below).

• [a]: CVE-2008-2364.
• [b]: CVE-2010-0425
• [c]: CVE-2010-0434

Note: Determining the affected product
To check the software version, refer to the "FUJITSU SOFTWARE RELEASE GUIDE" supplied with the product.

3-3. Workaround

None.

4. Related information

• CVE-2008-2364
  The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses.
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364
• CVE-2010-0425
  modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0425
• CVE-2010-0434
  The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, which might allow remote attackers to obtain sensitive information via a crafted request that triggers access to memory locations associated with an earlier request.
  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434

5. Revision history

• July 26th, 2010: Initial release