GTM-MQNC2Z4
Skip to main content
  1. Home >
  2. Support >
  3. Products >
  4. Software >
  5. Security >
  6. Fujitsu Patch & TA Information>
  7. This page provides Security Information.

Interstage HTTP Server: Security Vulnerability (CVE-2012-0053). November 26th, 2013


Notes on using this web page

1. Description

Interstage HTTP Server does not properly restrict header information in Bad Request (also known as 400) error documents. This vulnerability will allow remote attackers to obtain the values of HTTPOnly cookies.
This vulnerability corresponds to CVE-2012-0053.

Fujitsu provides security patches shown in 3. Please apply them as soon as possible.

2. Impact

A remote attacker could obtain the cookies of a user, if the user executes the malformed script provided by the remote attacker.

3. Affected systems and corresponding action

3-1. Affected systems:

GP7000F, PRIMEPOWER, PRIMERGY, GP5000, CELSIUS, AT-compatible machine, PRIMEQUEST, SPARC Enterprise

3-2. Affected products and required patch

Interstage Application Server
Products Version Target OS Package name Patch ID.
Interstage Application Server Enterprise Edition for Windows [*a] V5.0 Windows NT4.0/ Windows 2000 Server F3FMihs None*
Interstage Application Server Enterprise Edition for Windows [*a] V6.0 Windows NT4.0/ Windows 2000 Server/ Windows Server 2003 F3FMihs None*
Interstage Application Server Enterprise Edition for Windows [*a] V7.0/ V7.0.1 Windows 2000 Server/ Windows Server 2003 F3FMihs None*
Interstage Application Server Enterprise Edition for Windows [*a] 8.0.0/ 8.0.1/ 8.0.2 Windows 2000 Server/ Windows Server 2003 F3FMihs None*
Interstage Application Server Enterprise Edition for Windows [*b] V9.0.0/ V9.0.0A Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2 F3FMihs T001001WP-09
Interstage Application Server Enterprise Edition for Windows [*b] V9.1.0/ V9.1.0B Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008 F3FMihs T002174WP-06
Interstage Application Server Enterprise Edition for Windows [*b] V9.2.0 Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2 F3FMihs T004344WP-05
Interstage Application Server Enterprise Edition for Windows [*b] V10.0.0 Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2 F3FMihs T006036WP-02
Interstage Application Server Enterprise Edition for Windows [*b] V11.0.0 Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2/ Windows Small Business Server 2011/ Windows Server 2012 F3FMihs T008632WP-01
Interstage Application Server Standard Edition for Windows [*a] V5.0 Windows NT4.0/ Windows 2000 Server F3FMihs None*
Interstage Application Server Standard-J Edition for Windows [*a] 8.0.0/ 8.0.1/ 8.0.2 Windows 2000 Server/ Windows Server 2003 F3FMihs None*
Interstage Application Server Standard-J Edition for Windows [*b] V9.0.0/ V9.0.0A/ V9.0.0B Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2 F3FMihs T001001WP-09
Interstage Application Server Standard-J Edition for Windows [*b] V9.1.0/ V9.1.0B Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008 F3FMihs T002174WP-06
Interstage Application Server Standard-J Edition for Windows [*b] V9.2.0 Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2 F3FMihs T004344WP-05
Interstage Application Server Standard-J Edition for Windows [*b] V10.0.0 Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2 F3FMihs T006036WP-02
Interstage Application Server Standard-J Edition for Windows [*b] V11.0.0 Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2/ Windows Small Business Server 2011/ Windows Server 2012 F3FMihs T008632WP-01
Interstage Application Server Web-J Edition for Windows [*a] V5.0 Windows NT4.0/ Windows 2000 Server F3FMihs None*
Interstage Application Server Plus for Windows [*a] V5.0.1 Windows NT4.0/ Windows 2000 Server F3FMihs None*
Interstage Application Server Plus for Windows [*a] V6.0 Windows NT4.0/ Windows 2000 Server/ Windows Server 2003 F3FMihs None*
Interstage Application Server Plus for Windows [*a] V7.0/ V7.0.1 Windows 2000 Server/ Windows Server 2003 F3FMihs None*
Interstage Application Server Plus Developer for Windows [*a] V5.0.1 Windows NT4.0/ Windows 2000 Server/ Windows XP F3FMihs None*
Interstage Application Server Plus Developer for Windows [*a] V6.0 Windows NT4.0/ Windows 2000 Server/ Windows XP/ Windows Server 2003 F3FMihs None*
Interstage Application Server Plus Developer for Windows [*a] V7.0 Windows 2000 Server/ Windows XP/ Windows Server 2003 F3FMihs None*
Interstage Application Server Enterprise Edition for Windows [*a] 8.0.0 Windows(IPF) Server 2003 F3FMihs None*
Interstage Application Server Enterprise Edition for Windows [*b] V9.0.0 Windows(IPF) Server 2003/ Windows(IPF) Server 2003 R2 F3FMihs T001005IP-07
Interstage Application Server Enterprise Edition for Windows [*b] V9.1.0 Windows(IPF) Server 2003/ Windows(IPF) Server 2003 R2/ Windows(IPF) Server 2008 F3FMihs T002175IP-06
Interstage Application Server Enterprise Edition for Windows [*b] V9.2.0 Windows(IPF) Server 2003/ Windows(IPF) Server 2003 R2/ Windows(IPF) Server 2008 F3FMihs T004345IP-05
Interstage Application Server Standard-J Edition for Windows [*b] V9.0.0 Windows(IPF) Server 2003/ Windows(IPF) Server 2003 R2 F3FMihs T001005IP-07
Interstage Application Server Standard-J Edition for Windows [*b] V9.1.0 Windows(IPF) Server 2003/ Windows(IPF) Server 2003 R2/ Windows(IPF) Server 2008 F3FMihs T002175IP-06
Interstage Application Server Standard-J Edition for Windows [*b] V9.2.0 Windows(IPF) Server 2003/ Windows(IPF) Server 2003 R2/ Windows(IPF) Server 2008 F3FMihs T004345IP-05
Interstage Application Server Enterprise Edition for Windows [*b] V9.2.0 Windows(EM64T) Server 2003/ Windows(EM64T) Server 2003 R2/ Windows(EM64T) Server 2008/ Windows(EM64T) Server 2008 R2 F3FMihs T004346XP-05
Interstage Application Server Enterprise Edition for Windows [*b] V10.0.0 Windows(EM64T) Server 2003/ Windows(EM64T) Server 2003 R2/ Windows(EM64T) Server 2008/ Windows(EM64T) Server 2008 R2 F3FMihs T006037XP-02
Interstage Application Server Enterprise Edition for Windows [*b] V11.0.0 Windows(EM64T) Server 2003/ Windows(EM64T) Server 2003 R2/ Windows(EM64T) Server 2008/ Windows(EM64T) Server 2008 R2/ Windows(EM64T) Small Business Server 2011/ Windows(EM64T) Server 2012 F3FMihs T008633XP-01
Interstage Application Server Standard-J Edition for Windows [*b] V9.2.0 Windows(EM64T) Server 2003/ Windows(EM64T) Server 2003 R2/ Windows(EM64T) Server 2008/ Windows(EM64T) Server 2008 R2 F3FMihs T004346XP-05
Interstage Application Server Standard-J Edition for Windows [*b] V10.0.0 Windows(EM64T) Server 2003/ Windows(EM64T) Server 2003 R2/ Windows(EM64T) Server 2008/ Windows(EM64T) Server 2008 R2 F3FMihs T006037XP-02
Interstage Application Server Standard-J Edition for Windows [*b] V11.0.0 Windows(EM64T) Server 2003/ Windows(EM64T) Server 2003 R2/ Windows(EM64T) Server 2008/ Windows(EM64T) Server 2008 R2/ Windows(EM64T) Small Business Server 2011/ Windows(EM64T) Server 2012 F3FMihs T008633XP-01
Interstage Application Server Enterprise Edition [*a] 5.0 Solaris 7/ 8/ 9 FJSVihs None*
Interstage Application Server Enterprise Edition [*a] 5.0.1 Solaris 7/ 8/ 9 FJSVihs None*
Interstage Application Server Enterprise Edition [*a] 6.0 Solaris 7/ 8/ 9 FJSVihs None*
Interstage Application Server Enterprise Edition [*a] 7.0 Solaris 8/ 9 FJSVihs None*
Interstage Application Server Enterprise Edition [*a] 7.0.1 Solaris 8/ 9/ 10 FJSVihs None*
Interstage Application Server Enterprise Edition [*a] 8.0.0/ 8.0.2 Solaris 9/ 10 FJSVihs None*
Interstage Application Server Enterprise Edition [*b] V9.0.0/ V9.0.0B Solaris 9/ 10 FJSVihs T001004SP-09
Interstage Application Server Enterprise Edition [*b] V9.1.0/ V9.1.0B Solaris 9/ 10 FJSVihs T002180SP-07
Interstage Application Server Enterprise Edition [*b] V9.2.0 Solaris 9/ 10 FJSVihs T004343SP-05
Interstage Application Server Enterprise Edition [*b] V10.0.0 Solaris 9/ 10 FJSVihs T006035SP-02
Interstage Application Server Enterprise Edition [*b] V11.0.0 Solaris 10/ 11 FJSVihs T008627SP-01
Interstage Application Server Standard Edition [*a] 5.0 Solaris 7/ 8/ 9 FJSVihs None*
Interstage Application Server Standard-J Edition [*a] 8.0.0/ 8.0.2 Solaris 9/ 10 FJSVihs None*
Interstage Application Server Standard-J Edition [*b] V9.0.0 Solaris 9/ 10 FJSVihs T001004SP-09
Interstage Application Server Standard-J Edition [*b] V9.1.0/ V9.1.0B Solaris 9/ 10 FJSVihs T002180SP-07
Interstage Application Server Standard-J Edition [*b] V9.2.0 Solaris 9/ 10 FJSVihs T004343SP-05
Interstage Application Server Standard-J Edition [*b] V10.0.0 Solaris 9/ 10 FJSVihs T006035SP-02
Interstage Application Server Standard-J Edition [*b] V11.0.0 Solaris 10/ 11 FJSVihs T008627SP-01
Interstage Application Server Web-J Edition [*a] 5.0 Solaris 7/ 8/ 9 FJSVihs None*
Interstage Application Server Plus [*a] 7.0 Solaris 8/ 9 FJSVihs None*
Interstage Application Server Plus [*a] 7.0.1 Solaris 8/ 9/ 10 FJSVihs None*
Interstage Application Server Enterprise Edition for Linux [*a] V5.0 Turbolinux 7 Server FJSVihs None*
Interstage Application Server Standard Edition for Linux [*a] V5.0 Turbolinux 7 Server FJSVihs None*
Interstage Application Server Web-J Edition for Linux [*a] V5.0 Turbolinux 7 Server FJSVihs None*
Interstage Application Server Enterprise Edition for Linux [*a] V6.0 RHEL-AS3(x86)/ ES3(x86) FJSVihs None*
Interstage Application Server Enterprise Edition for Linux [*a] V7.0 RHEL-AS3(x86)/ ES3(x86) FJSVihs None*
Interstage Application Server Plus for Linux [*a] V7.0 RHEL-AS3(x86)/ ES3(x86) FJSVihs None*
Interstage Application Server Enterprise Edition for Linux [*a] V7.0.1 RHEL-AS3(x86)/ ES3(x86)/ AS4(x86) FJSVihs None*
Interstage Application Server Plus for Linux [*a] V7.0.1 RHEL-AS3(x86)/ ES3(x86)/ AS4(x86) FJSVihs None*
Interstage Application Server Enterprise Edition for Linux [*a] 8.0.0/ 8.0.2 RHEL-AS4(x86)/ AS4(EM64T) FJSVihs None*
Interstage Application Server Enterprise Edition for Linux [*b] V9.0.0 RHEL-AS4(x86)/ AS4(EM64T) FJSVihs T001003LP-07
Interstage Application Server Enterprise Edition for Linux [*b] V9.1.0/ V9.1.0B RHEL-AS4(x86)/ AS4(EM64T) FJSVihs T002176LP-06
Interstage Application Server Enterprise Edition for Linux [*b] V9.2.0/ V9.3.1 RHEL-AS4(x86)/ AS4(EM64T) FJSVihs T004338LP-05
Interstage Application Server Standard-J Edition for Linux [*a] 8.0.0/ 8.0.2 RHEL-AS4(x86)/ AS4(EM64T) FJSVihs None*
Interstage Application Server Standard-J Edition for Linux [*b] V9.0.0 RHEL-AS4(x86)/ AS4(EM64T) FJSVihs T001003LP-07
Interstage Application Server Standard-J Edition for Linux [*b] V9.1.0/ V9.1.0B RHEL-AS4(x86)/ AS4(EM64T) FJSVihs T002176LP-06
Interstage Application Server Standard-J Edition for Linux [*b] V9.2.0/ V9.3.1 RHEL-AS4(x86)/ AS4(EM64T) FJSVihs T004338LP-05
Interstage Application Server Enterprise Edition for Linux [*b] V9.0.0 RHEL5(x86)/ RHEL5(Intel64) FJSVihs T001044LP-07
Interstage Application Server Enterprise Edition for Linux [*b] V9.1.0/ V9.1.0B RHEL5(x86)/ RHEL5(Intel64) FJSVihs T002177LP-06
Interstage Application Server Enterprise Edition for Linux [*b] V9.2.0/ V9.3.1 RHEL5(x86)/ RHEL5(Intel64) FJSVihs T004339LP-05
Interstage Application Server Enterprise Edition for Linux [*b] V10.0.0 RHEL5(x86)/ RHEL5(Intel64) FJSVihs T006038LP-02
Interstage Application Server Enterprise Edition for Linux [*b] V11.0.0 RHEL5(x86)/ RHEL5(Intel64) FJSVihs T008628LP-01
Interstage Application Server Standard-J Edition for Linux [*b] V9.0.0 RHEL5(x86)/ RHEL5(Intel64) FJSVihs T001044LP-07
Interstage Application Server Standard-J Edition for Linux [*b] V9.1.0/ V9.1.0B RHEL5(x86)/ RHEL5(Intel64) FJSVihs T002177LP-06
Interstage Application Server Standard-J Edition for Linux [*b] V9.2.0/ V9.3.1 RHEL5(x86)/ RHEL5(Intel64) FJSVihs T004339LP-05
Interstage Application Server Standard-J Edition for Linux [*b] V10.0.0 RHEL5(x86)/ RHEL5(Intel64) FJSVihs T006038LP-02
Interstage Application Server Standard-J Edition for Linux [*b] V11.0.0 RHEL5(x86)/ RHEL5(Intel64) FJSVihs T008628LP-01
Interstage Application Server Enterprise Edition for Linux [*b] V9.3.1 RHEL6(x86)/ RHEL6(Intel64) FJSVihs T006033LP-02
Interstage Application Server Enterprise Edition for Linux [*b] V10.0.0 RHEL6(x86)/ RHEL6(Intel64) FJSVihs T006039LP-02
Interstage Application Server Enterprise Edition for Linux [*b] V11.0.0 RHEL6(x86)/ RHEL6(Intel64) FJSVihs T008629LP-01
Interstage Application Server Standard-J Edition for Linux [*b] V9.3.1 RHEL6(x86)/ RHEL6(Intel64) FJSVihs T006033LP-02
Interstage Application Server Standard-J Edition for Linux [*b] V10.0.0 RHEL6(x86)/ RHEL6(Intel64) FJSVihs T006039LP-02
Interstage Application Server Standard-J Edition for Linux [*b] V11.0.0 RHEL6(x86)/ RHEL6(Intel64) FJSVihs T008629LP-01
Interstage Application Server Enterprise Edition for Linux [*a] V7.0 RHEL-AS4(IPF) FJSVihs None*
Interstage Application Server Enterprise Edition for Linux [*a] 8.0.0/ 8.0.1/ 8.0.2 RHEL-AS4(IPF) FJSVihs None*
Interstage Application Server Enterprise Edition for Linux [*b] V9.0.0/ V9.0.0A RHEL-AS4(IPF) FJSVihs T001002QP-08
Interstage Application Server Enterprise Edition for Linux [*b] V9.1.0 RHEL-AS4(IPF) FJSVihs T002178QP-06
Interstage Application Server Enterprise Edition for Linux [*b] V9.2.0 RHEL-AS4(IPF) FJSVihs T004340QP-05
Interstage Application Server Standard-J Edition for Linux [*b] V9.0.0 RHEL-AS4(IPF) FJSVihs T001002QP-08
Interstage Application Server Standard-J Edition for Linux [*b] V9.1.0 RHEL-AS4(IPF) FJSVihs T002178QP-06
Interstage Application Server Standard-J Edition for Linux [*b] V9.2.0 RHEL-AS4(IPF) FJSVihs T004340QP-05
Interstage Application Server Enterprise Edition for Linux [*b] V9.0.0/ V9.0.0A RHEL5(IPF) FJSVihs T001043QP-08
Interstage Application Server Enterprise Edition for Linux [*b] V9.1.0 RHEL5(IPF) FJSVihs T002179QP-06
Interstage Application Server Enterprise Edition for Linux [*b] V9.2.0 RHEL5(IPF) FJSVihs T004341QP-05
Interstage Application Server Standard-J Edition for Linux [*b] V9.0.0 RHEL5(IPF) FJSVihs T001043QP-08
Interstage Application Server Standard-J Edition for Linux [*b] V9.1.0 RHEL5(IPF) FJSVihs T002179QP-06
Interstage Application Server Standard-J Edition for Linux [*b] V9.2.0 RHEL5(IPF) FJSVihs T004341QP-05
Interstage Application Server Enterprise Edition for Linux [*b] V9.2.0/ V9.3.1 RHEL5(Intel64) FJSVihs T004342LP-05
Interstage Application Server Enterprise Edition for Linux [*b] V10.0.0 RHEL5(Intel64) FJSVihs T006040LP-02
Interstage Application Server Enterprise Edition for Linux [*b] V11.0.0 RHEL5(Intel64) FJSVihs T008630LP-01
Interstage Application Server Standard-J Edition for Linux [*b] V9.2.0/ V9.3.1 RHEL5(Intel64) FJSVihs T004342LP-05
Interstage Application Server Standard-J Edition for Linux [*b] V10.0.0 RHEL5(Intel64) FJSVihs T006040LP-02
Interstage Application Server Standard-J Edition for Linux [*b] V11.0.0 RHEL5(Intel64) FJSVihs T008630LP-01
Interstage Application Server Enterprise Edition for Linux [*b] V9.3.1 RHEL6(Intel64) FJSVihs T006034LP-02
Interstage Application Server Enterprise Edition for Linux [*b] V10.0.0 RHEL6(Intel64) FJSVihs T006041LP-02
Interstage Application Server Enterprise Edition for Linux [*b] V11.0.0 RHEL6(Intel64) FJSVihs T008631LP-01
Interstage Application Server Standard-J Edition for Linux [*b] V9.3.1 RHEL6(Intel64) FJSVihs T006034LP-02
Interstage Application Server Standard-J Edition for Linux [*b] V10.0.0 RHEL6(Intel64) FJSVihs T006041LP-02
Interstage Application Server Standard-J Edition for Linux [*b] V11.0.0 RHEL6(Intel64) FJSVihs T008631LP-01
Interstage Apworks
Products Version Target OS Package name Patch ID.
Interstage Apworks Modelers-J Edition for Windows [*a] V6.0/ V6.0A Windows 2000 Server/ Windows XP F3FMihs None*
Interstage Apworks Modelers-J Edition for Windows [*a] V7.0 Windows 2000 Server/ Windows XP F3FMihs None*
Interstage Studio
Products Version Target OS Package name Patch ID.
Interstage Studio Enterprise Edition for Windows [*a] 8.0.1 Windows 2000 Server/ Windows XP/ Windows Server 2003 F3FMihs None*
Interstage Studio Enterprise Edition for Windows [*b] V9.0.0 Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows XP/ Windows Vista F3FMihs T001001WP-09
Interstage Studio Enterprise Edition for Windows [*b] V9.1.0/ V9.1.0B Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows XP/ Windows Vista F3FMihs T002174WP-06
Interstage Studio Enterprise Edition for Windows [*b] V9.2.0 Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2/ Windows XP/ Windows Vista/ Windows 7 F3FMihs T004344WP-05
Interstage Studio Standard-J Edition for Windows [*a] 8.0.1 Windows 2000 Server/ Windows XP/ Windows Server 2003 F3FMihs None*
Interstage Studio Standard-J Edition for Windows [*b] V9.0.0 Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows XP/ Windows Vista F3FMihs T001001WP-09
Interstage Studio Standard-J Edition for Windows [*b] V9.1.0/ V9.1.0B Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows XP/ Windows Vista F3FMihs T002174WP-06
Interstage Studio Standard-J Edition for Windows [*b] V9.2.0 Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2/ Windows XP/ Windows Vista/ Windows 7 F3FMihs T004344WP-05
Interstage Studio Standard-J Edition for Windows [*b] V10.0.0 Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2/ Windows XP/ Windows Vista/ Windows 7 F3FMihs T006036WP-02
Interstage Studio Standard-J Edition for Windows [*b] V11.0.0 Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2/ Windows XP/ Windows Vista/ Windows 7/ Windows Small Business Server 2011/ Windows Server 2012/ Windows 8 F3FMihs T008632WP-01
Interstage Business Application Server
Products Version Target OS Package name Patch ID.
Interstage Business Application Server Enterprise Edition for Linux [*a] 8.0.0 RHEL-AS4(IPF) FJSVihs None*
Interstage Job Workload Server
Products Version Target OS Package name Patch ID.
Interstage Job Workload Server for Linux [*a] 8.1.0 RHEL-AS4(IPF) FJSVihs None*

For the solution, please refer to the following "3-3. Workaround".
The "3-3 Workaround" depends on the product. Refer to the letter in the square brackets at the end of the product name for details.

Note: Determining the affected product
To check the software version, refer to the "FUJITSU SOFTWARE RELEASE GUIDE" supplied with the product.

3-3. Workaround

Avoid the problem by editing the environment definition file (httpd.conf) with the following method and setting the error message of the status code 400 to a text message. After editing the file, Interstage HTTP Server must be restarted.

  • For [*a] products:
    Specify the text message after double quotation marks (").
        Specification example: ErrorDocument 400 "400 Bad Request
  • For [*b] products:
    Enclose the text message in double quotation marks (").
        Specification example: ErrorDocument 400 "400 Bad Request"

4. Related information

  • CVE-2012-0053
    protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053

5. Revision history

  • November 26th, 2013: 2nd release
    space
    • Change the Patch ID in "3-2. Affected products and required patch".
    • Add some products to "3-2. Affected products and required patch".
  • October 9th, 2012: Initial release