Interstage Application Server: Vulnerability leading to leak of information. November 15th, 2010
1. Description
On a server to which a J2EE application has been deployed and is running, unauthorised file and directory access can be gained.
2. Impact
This vulnerability may be used to gain access to files and directories on the machine.
3. Affected systems and corresponding action
3-1. Affected systems:
GP7000F, PRIMEPOWER, SPARC Enterprise, PRIMERGY, GP5000, CELSIUS, FMV series, AT compatible machines, PRIMEQUEST
3-2. Affected products and required patch
| Products | Version | Target OS | Package name | Patch ID. |
|---|---|---|---|---|
| Interstage Application Server Enterprise Edition | 7.0 | Solaris 8/ 9 | FJSVjs4 | * |
| Interstage Application Server Enterprise Edition | 7.0 | Solaris 8/ 9 | FJSVj2ee | * |
| Interstage Application Server Enterprise Edition | 7.0.1 | Solaris 8/ 9/ 10 | FJSVjs4 | * |
| Interstage Application Server Enterprise Edition | 7.0.1 | Solaris 8/ 9/ 10 | FJSVj2ee | * |
| Interstage Application Server Enterprise Edition | V8.0.0 | Solaris 9/ 10 | FJSVjs4 | * |
| Interstage Application Server Enterprise Edition | V8.0.0 | Solaris 9/ 10 | FJSVj2ee | * |
| Interstage Application Server Enterprise Edition | V8.0.2 | Solaris 9/ 10 | FJSVjs4 | * |
| Interstage Application Server Enterprise Edition | V8.0.2 | Solaris 9/ 10 | FJSVj2ee | * |
| Interstage Application Server Enterprise Edition | V9.0.0 | Solaris 9/ 10 | FJSVjs5 | * |
| Interstage Application Server Enterprise Edition | V9.0.0 | Solaris 9/ 10 | FJSVj2ee | * |
| Interstage Application Server Enterprise Edition | V9.0.0 | Solaris 9/ 10 | FJSVjs4 | * |
| Interstage Application Server Enterprise Edition | V9.0.0 | Solaris 9/ 10 | FJSVj2ee | * |
| Interstage Application Server Standard-J Edition | V8.0.0 | Solaris 9/ 10 | FJSVjs4 | * |
| Interstage Application Server Standard-J Edition | V8.0.0 | Solaris 9/ 10 | FJSVj2ee | * |
| Interstage Application Server Standard-J Edition | V8.0.2 | Solaris 9/ 10 | FJSVjs4 | * |
| Interstage Application Server Standard-J Edition | V8.0.2 | Solaris 9/ 10 | FJSVj2ee | * |
| Interstage Application Server Standard-J Edition | V9.0.0 | Solaris 9/ 10 | FJSVjs5 | * |
| Interstage Application Server Standard-J Edition | V9.0.0 | Solaris 9/ 10 | FJSVj2ee | * |
| Interstage Application Server Standard-J Edition | V9.0.0 | Solaris 9/ 10 | FJSVjs4 | * |
| Interstage Application Server Standard-J Edition | V9.0.0 | Solaris 9/ 10 | FJSVj2ee | * |
| Interstage Application Server Plus | 7.0 | Solaris 8/ 9 | FJSVjs4 | * |
| Interstage Application Server Plus | 7.0 | Solaris 8/ 9 | FJSVj2ee | * |
| Interstage Application Server Plus | 7.0.1 | Solaris 8/ 9/ 10 | FJSVjs4 | * |
| Interstage Application Server Plus | 7.0.1 | Solaris 8/ 9/ 10 | FJSVj2ee | * |
| Interstage Application Server Enterprise Edition for Windows | V7.0 | Windows 2003/ 2000 | F3FMjs4 | * |
| Interstage Application Server Enterprise Edition for Windows | V7.0 | Windows 2003/ 2000 | J2EE | * |
| Interstage Application Server Enterprise Edition for Windows | V7.0.1 | Windows 2003/ 2000 | F3FMjs4 | * |
| Interstage Application Server Enterprise Edition for Windows | V7.0.1 | Windows 2003/ 2000 | J2EE | * |
| Interstage Application Server Enterprise Edition for Windows | V8.0.0 | Windows 2003/ 2000 | F3FMjs4 | * |
| Interstage Application Server Enterprise Edition for Windows | V8.0.0 | Windows 2003/ 2000 | J2EE | * |
| Interstage Application Server Enterprise Edition for Windows | V8.0.1 | Windows 2003/ 2000 | F3FMjs4 | * |
| Interstage Application Server Enterprise Edition for Windows | V8.0.1 | Windows 2003/ 2000 | J2EE | * |
| Interstage Application Server Enterprise Edition for Windows | V8.0.2 | Windows 2003/ 2000 | F3FMjs4 | * |
| Interstage Application Server Enterprise Edition for Windows | V8.0.2 | Windows 2003/ 2000 | J2EE | * |
| Interstage Application Server Enterprise Edition for Windows | V9.0.0 | Windows 2003/ 2000 | F3FMjs5 | * |
| Interstage Application Server Enterprise Edition for Windows | V9.0.0 | Windows 2003/ 2000 | J2EE | * |
| Interstage Application Server Enterprise Edition for Windows | V9.0.0 | Windows 2003/ 2000 | F3FMjs4 | * |
| Interstage Application Server Enterprise Edition for Windows | V9.0.0 | Windows 2003/ 2000 | J2EE | * |
| Interstage Application Server Enterprise Edition for Windows | V9.0.0A | Windows 2003/ 2000 | F3FMjs5 | * |
| Interstage Application Server Enterprise Edition for Windows | V9.0.0A | Windows 2003/ 2000 | J2EE | * |
| Interstage Application Server Enterprise Edition for Windows | V9.0.0A | Windows 2003/ 2000 | F3FMjs4 | * |
| Interstage Application Server Enterprise Edition for Windows | V9.0.0A | Windows 2003/ 2000 | J2EE | * |
| Interstage Application Server Standard-J Edition for Windows | V8.0.0 | Windows 2003/ 2000 | F3FMjs4 | * |
| Interstage Application Server Standard-J Edition for Windows | V8.0.0 | Windows 2003/ 2000 | J2EE | * |
| Interstage Application Server Standard-J Edition for Windows | V8.0.1 | Windows 2003/ 2000 | F3FMjs4 | * |
| Interstage Application Server Standard-J Edition for Windows | V8.0.1 | Windows 2003/ 2000 | J2EE | * |
| Interstage Application Server Standard-J Edition for Windows | V8.0.2 | Windows 2003/ 2000 | F3FMjs4 | * |
| Interstage Application Server Standard-J Edition for Windows | V8.0.2 | Windows 2003/ 2000 | J2EE | * |
| Interstage Application Server Standard-J Edition for Windows | V9.0.0 | Windows 2003/ 2000 | F3FMjs5 | * |
| Interstage Application Server Standard-J Edition for Windows | V9.0.0 | Windows 2003/ 2000 | J2EE | * |
| Interstage Application Server Standard-J Edition for Windows | V9.0.0 | Windows 2003/ 2000 | F3FMjs4 | * |
| Interstage Application Server Standard-J Edition for Windows | V9.0.0 | Windows 2003/ 2000 | J2EE | * |
| Interstage Application Server Standard-J Edition for Windows | V9.0.0A | Windows 2003/ 2000 | F3FMjs5 | * |
| Interstage Application Server Standard-J Edition for Windows | V9.0.0A | Windows 2003/ 2000 | J2EE | * |
| Interstage Application Server Standard-J Edition for Windows | V9.0.0A | Windows 2003/ 2000 | F3FMjs4 | * |
| Interstage Application Server Standard-J Edition for Windows | V9.0.0A | Windows 2003/ 2000 | J2EE | * |
| Interstage Application Server Plus for Windows | V7.0 | Windows 2003/ 2000 | F3FMjs4 | * |
| Interstage Application Server Plus for Windows | V7.0 | Windows 2003/ 2000 | J2EE | * |
| Interstage Application Server Plus for Windows | V7.0.1 | Windows 2003/ 2000 | F3FMjs4 | * |
| Interstage Application Server Plus for Windows | V7.0.1 | Windows 2003/ 2000 | J2EE | * |
| Interstage Application Server Plus Developer for Windows | V7.0 | Windows 2003/ 2000/ XP | F3FMjs4 | * |
| Interstage Application Server Plus Developer for Windows | V7.0 | Windows 2003/ 2000/ XP | J2EE | * |
| Interstage Application Server Enterprise Edition for Windows | V8.0.0 | Windows 2003(IPF) | F3FMjs4 | * |
| Interstage Application Server Enterprise Edition for Windows | V8.0.0 | Windows 2003(IPF) | J2EE | * |
| Interstage Application Server Enterprise Edition for Windows | V9.0.0 | Windows 2003(IPF) | F3FMjs5 | * |
| Interstage Application Server Enterprise Edition for Windows | V9.0.0 | Windows 2003(IPF) | J2EE | * |
| Interstage Application Server Enterprise Edition for Windows | V9.0.0 | Windows 2003(IPF) | F3FMjs4 | * |
| Interstage Application Server Enterprise Edition for Windows | V9.0.0 | Windows 2003(IPF) | J2EE | * |
| Interstage Application Server Standard-J Edition for Windows | V9.0.0 | Windows 2003(IPF) | F3FMjs5 | * |
| Interstage Application Server Standard-J Edition for Windows | V9.0.0 | Windows 2003(IPF) | J2EE | * |
| Interstage Application Server Standard-J Edition for Windows | V9.0.0 | Windows 2003(IPF) | F3FMjs4 | * |
| Interstage Application Server Standard-J Edition for Windows | V9.0.0 | Windows 2003(IPF) | J2EE | * |
| Interstage Application Server Enterprise Edition for Linux | V7.0 | RHEL-AS3(x86)/ ES3(x86) | FJSVjs4 | * |
| Interstage Application Server Enterprise Edition for Linux | V7.0 | RHEL-AS3(x86)/ ES3(x86) | FJSVj2ee | * |
| Interstage Application Server Enterprise Edition for Linux | V7.0.1 | RHEL-AS3(x86)/ ES3(x86) | FJSVjs4 | * |
| Interstage Application Server Enterprise Edition for Linux | V7.0.1 | RHEL-AS3(x86)/ ES3(x86) | FJSVj2ee | * |
| Interstage Application Server Enterprise Edition for Linux | V8.0.0 | RHEL-AS4(x86)/ AS4(EM64T) | FJSVjs4 | * |
| Interstage Application Server Enterprise Edition for Linux | V8.0.0 | RHEL-AS4(x86)/ AS4(EM64T) | FJSVj2ee | * |
| Interstage Application Server Enterprise Edition for Linux | V8.0.2 | RHEL-AS4(x86)/ AS4(EM64T) | FJSVjs4 | * |
| Interstage Application Server Enterprise Edition for Linux | V8.0.2 | RHEL-AS4(x86)/ AS4(EM64T) | FJSVj2ee | * |
| Interstage Application Server Enterprise Edition for Linux | V9.0.0 | RHEL-AS4(x86)/ AS4(EM64T) | FJSVjs5 | * |
| Interstage Application Server Enterprise Edition for Linux | V9.0.0 | RHEL-AS4(x86)/ AS4(EM64T) | FJSVj2ee | * |
| Interstage Application Server Enterprise Edition for Linux | V9.0.0 | RHEL-AS4(x86)/ AS4(EM64T) | FJSVjs4 | * |
| Interstage Application Server Enterprise Edition for Linux | V9.0.0 | RHEL-AS4(x86)/ AS4(EM64T) | FJSVj2ee | * |
| Interstage Application Server Enterprise Edition for Linux | V9.0.0 | RHEL5(x86)/ RHEL5(Intel64) | FJSVjs5 | * |
| Interstage Application Server Enterprise Edition for Linux | V9.0.0 | RHEL5(x86)/ RHEL5(Intel64) | FJSVj2ee | * |
| Interstage Application Server Standard-J Edition for Linux | V8.0.0 | RHEL-AS4(x86)/ AS4(EM64T) | FJSVjs4 | * |
| Interstage Application Server Standard-J Edition for Linux | V8.0.0 | RHEL-AS4(x86)/ AS4(EM64T) | FJSVj2ee | * |
| Interstage Application Server Standard-J Edition for Linux | V8.0.2 | RHEL-AS4(x86)/ AS4(EM64T) | FJSVjs4 | * |
| Interstage Application Server Standard-J Edition for Linux | V8.0.2 | RHEL-AS4(x86)/ AS4(EM64T) | FJSVj2ee | * |
| Interstage Application Server Standard-J Edition for Linux | V9.0.0 | RHEL-AS4(x86)/ AS4(EM64T) | FJSVjs5 | * |
| Interstage Application Server Standard-J Edition for Linux | V9.0.0 | RHEL-AS4(x86)/ AS4(EM64T) | FJSVj2ee | * |
| Interstage Application Server Standard-J Edition for Linux | V9.0.0 | RHEL-AS4(x86)/ AS4(EM64T) | FJSVjs4 | * |
| Interstage Application Server Standard-J Edition for Linux | V9.0.0 | RHEL-AS4(x86)/ AS4(EM64T) | FJSVj2ee | * |
| Interstage Application Server Standard-J Edition for Linux | V9.0.0 | RHEL5(x86)/ RHEL5(Intel64) | FJSVjs5 | * |
| Interstage Application Server Standard-J Edition for Linux | V9.0.0 | RHEL5(x86)/ RHEL5(Intel64) | FJSVj2ee | * |
| Interstage Application Server Plus for Linux | V7.0 | RHEL-AS3(x86)/ ES3(x86) | FJSVjs4 | * |
| Interstage Application Server Plus for Linux | V7.0 | RHEL-AS3(x86)/ ES3(x86) | FJSVj2ee | * |
| Interstage Application Server Plus for Linux | V7.0.1 | RHEL-AS3(x86)/ ES3(x86) | FJSVjs4 | * |
| Interstage Application Server Plus for Linux | V7.0.1 | RHEL-AS3(x86)/ ES3(x86) | FJSVj2ee | * |
| Interstage Application Server Enterprise Edition for Linux | V7.0 | RHEL-AS4(IPF) | FJSVjs4 | * |
| Interstage Application Server Enterprise Edition for Linux | V7.0 | RHEL-AS4(IPF) | FJSVj2ee | * |
| Interstage Application Server Enterprise Edition for Linux | V8.0.0 | RHEL-AS4(IPF) | FJSVjs4 | * |
| Interstage Application Server Enterprise Edition for Linux | V8.0.0 | RHEL-AS4(IPF) | FJSVj2ee | * |
| Interstage Application Server Enterprise Edition for Linux | V8.0.1 | RHEL-AS4(IPF) | FJSVjs4 | * |
| Interstage Application Server Enterprise Edition for Linux | V8.0.1 | RHEL-AS4(IPF) | FJSVj2ee | * |
| Interstage Application Server Enterprise Edition for Linux | V8.0.2 | RHEL-AS4(IPF) | FJSVjs4 | * |
| Interstage Application Server Enterprise Edition for Linux | V8.0.2 | RHEL-AS4(IPF) | FJSVj2ee | * |
| Interstage Application Server Enterprise Edition for Linux | V9.0.0 | RHEL-AS4(IPF) | FJSVjs5 | * |
| Interstage Application Server Enterprise Edition for Linux | V9.0.0 | RHEL-AS4(IPF) | FJSVj2ee | * |
| Interstage Application Server Enterprise Edition for Linux | V9.0.0 | RHEL5(IPF) | FJSVjs5 | * |
| Interstage Application Server Enterprise Edition for Linux | V9.0.0 | RHEL5(IPF) | FJSVj2ee | * |
| Interstage Application Server Enterprise Edition for Linux | V9.0.0 | RHEL-AS4(IPF) | FJSVjs4 | * |
| Interstage Application Server Enterprise Edition for Linux | V9.0.0 | RHEL-AS4(IPF) | FJSVj2ee | * |
| Interstage Application Server Enterprise Edition for Linux | V9.0.0A | RHEL-AS4(IPF) | FJSVjs5 | * |
| Interstage Application Server Enterprise Edition for Linux | V9.0.0A | RHEL-AS4(IPF) | FJSVj2ee | * |
| Interstage Application Server Enterprise Edition for Linux | V9.0.0A | RHEL5(IPF) | FJSVjs5 | * |
| Interstage Application Server Enterprise Edition for Linux | V9.0.0A | RHEL5(IPF) | FJSVj2ee | * |
| Interstage Application Server Enterprise Edition for Linux | V9.0.0A | RHEL-AS4(IPF) | FJSVjs4 | * |
| Interstage Application Server Enterprise Edition for Linux | V9.0.0A | RHEL-AS4(IPF) | FJSVj2ee | * |
| Interstage Application Server Standard-J Edition for Linux | V9.0.0 | RHEL-AS4(IPF) | FJSVjs5 | * |
| Interstage Application Server Standard-J Edition for Linux | V9.0.0 | RHEL-AS4(IPF) | FJSVj2ee | * |
| Interstage Application Server Standard-J Edition for Linux | V9.0.0 | RHEL5(IPF) | FJSVjs5 | * |
| Interstage Application Server Standard-J Edition for Linux | V9.0.0 | RHEL5(IPF) | FJSVj2ee | * |
| Interstage Application Server Standard-J Edition for Linux | V9.0.0 | RHEL-AS4(IPF) | FJSVjs4 | * |
| Interstage Application Server Standard-J Edition for Linux | V9.0.0 | RHEL-AS4(IPF) | FJSVj2ee | * |
| Products | Version | Target OS | Package name | Patch ID. |
|---|---|---|---|---|
| Interstage Apworks Modelers-J Edition for Windows | V7.0 | Windows 2003/ 2000/ XP | F3FMjs4 | * |
| Interstage Apworks Modelers-J Edition for Windows | V7.0 | Windows 2003/ 2000/ XP | J2EE | * |
| Interstage Studio Enterprise Edition for Windows | 8.0.1 | Windows 2003/ 2000/ XP | F3FMjs4 | * |
| Interstage Studio Enterprise Edition for Windows | 8.0.1 | Windows 2003/ 2000/ XP | J2EE | * |
| Interstage Studio Enterprise Edition for Windows | 9.0.0 | Windows 2003/ 2000/ XP/ Vista | F3FMjs5 | * |
| Interstage Studio Enterprise Edition for Windows | 9.0.0 | Windows 2003/ 2000/ XP/ Vista | J2EE | * |
| Interstage Studio Standard-J Edition for Windows | 8.0.1 | Windows 2003/ 2000/ XP | F3FMjs4 | * |
| Interstage Studio Standard-J Edition for Windows | 8.0.1 | Windows 2003/ 2000/ XP | J2EE | * |
| Interstage Studio Standard-J Edition for Windows | 9.0.0 | Windows 2003/ 2000/ XP/ Vista | F3FMjs5 | * |
| Interstage Studio Standard-J Edition for Windows | 9.0.0 | Windows 2003/ 2000/ XP/ Vista | J2EE | * |
* For the Patches without ID nor link, please contact a Fujitsu system engineer or your partner(s).
Note: Determining the affected product
- [V7 series or later]
Use the isprintvl command.
isprintvl
3-3. Workaround
None.
4. Related information
None.
5. Revision history
- November 15th, 2010: Initial release
