GTM-MQNC2Z4
Skip to main content
  1. Home >
  2. Support >
  3. Products >
  4. Software >
  5. Security >
  6. Fujitsu Patch & TA Information >
  7. Interstage Application Server, Interstage Apworks, Interstage Interaction Manager, Interstage Studio: Apache Struts1 vulnerable to input validation bypass (CVE-2016-1182). June 7th, 2016

Interstage Application Server, Interstage Apworks, Interstage Interaction Manager, Interstage Studio: Apache Struts1 vulnerable to input validation bypass (CVE-2016-1182). June 7th, 2016


Notes on using this web page

1. Description

Struts1 Validator contains a vulnerability where input value validation is bypassed.

Not all computers are exposed to the threat of the vulnerability even if the corresponding product is installed.
There is a possibility of this vulnerability affecting the computer in which the product is installed if Struts1 is enabled and used in a Web application.
In addition, there is a condition that the web application uses the following ActionForms or their subclasses in session scope.

  • ValidatorForm
  • ValidatorActionForm

For the Patches, please contact a Fujitsu system engineer or your partner(s).

2. Impact

This vulnerability allows a malicious user to perform a DoS attack against the Web application, register arbitrary data to the Web application, and/or execute arbitrary script on the browser.

3. Affected systems and corresponding action

3-1. Affected systems:

GP7000F, PRIMEPOWER, PRIMERGY, GP5000, CELSIUS, AT compatible machine, PRIMEQUEST, SPARC Enterprise, Fujitsu M10

3-2. Affected products and required patch

Interstage Application Server
Products Version Target OS Package name Patch ID.
Interstage Application Server Enterprise Edition V7.0L10 RHEL-AS4(IPF) FJSVapcst Pending*
Interstage Application Server Enterprise Edition V8.0.0 RHEL-AS4(IPF) FJSVapcst Pending*
Interstage Application Server Enterprise Edition V8.0.1 RHEL-AS4(IPF) FJSVapcst Pending*
Interstage Application Server Enterprise Edition V8.0.2 RHEL-AS4(IPF) FJSVapcst Pending*
Interstage Application Server Enterprise Edition V9.0.0 RHEL-AS4(IPF)/ RHEL5(IPF) FJSVapcst Pending*
Interstage Application Server Enterprise Edition V9.0.0A RHEL-AS4(IPF)/ RHEL5(IPF) FJSVapcst Pending*
Interstage Application Server Enterprise Edition V9.1.0 RHEL-AS4(IPF)/ RHEL5(IPF) FJSVapcst T010235QP-02
Interstage Application Server Enterprise Edition V9.2.0 RHEL-AS4(IPF)/ RHEL5(IPF) FJSVapcst T010235QP-02
Interstage Application Server Standard-J Edition V9.0.0 RHEL-AS4(IPF)/ RHEL5(IPF) FJSVapcst Pending*
Interstage Application Server Standard-J Edition V9.1.0 RHEL-AS4(IPF)/ RHEL5(IPF) FJSVapcst T010235QP-02
Interstage Application Server Standard-J Edition V9.2.0 RHEL-AS4(IPF)/ RHEL5(IPF) FJSVapcst T010235QP-02
Interstage Application Server Enterprise Edition V9.2.0 RHEL5(Intel64) FJSVapcst T010232LP-02
Interstage Application Server Enterprise Edition V9.3.1 RHEL5(Intel64)/ RHEL6(Intel64) FJSVapcst T010232LP-02
Interstage Application Server Enterprise Edition V10.0.0 RHEL5(Intel64)/ RHEL6(Intel64) FJSVapcst T010232LP-02
Interstage Application Server Enterprise Edition V11.0.0 RHEL5(Intel64)/ RHEL6(Intel64) FJSVapcst T010232LP-02
Interstage Application Server Standard-J Edition V9.2.0 RHEL5(Intel64) FJSVapcst T010232LP-02
Interstage Application Server Standard-J Edition V9.3.1 RHEL5(Intel64)/ RHEL6(Intel64) FJSVapcst T010232LP-02
Interstage Application Server Standard-J Edition V10.0.0 RHEL5(Intel64)/ RHEL6(Intel64) FJSVapcst T010232LP-02
Interstage Application Server Standard-J Edition V11.0.0 RHEL5(Intel64)/ RHEL6(Intel64) FJSVapcst T010232LP-02
Interstage Application Server Enterprise Edition V6.0L10 RHEL-AS3(x86)/ RHEL-ES3(x86) FJSVapcst Pending*
Interstage Application Server Enterprise Edition V7.0L10 RHEL-AS3(x86)/ RHEL-ES3(x86) FJSVapcst Pending*
Interstage Application Server Enterprise Edition V7.0L11 RHEL-AS3(x86)/ RHEL-ES3(x86)/ RHEL-AS4(x86) FJSVapcst Pending*
Interstage Application Server Enterprise Edition V8.0.0 RHEL-AS4(x86)/ RHEL-AS4(EM64T) FJSVapcst Pending*
Interstage Application Server Enterprise Edition V8.0.2 RHEL-AS4(x86)/ RHEL-AS4(EM64T) FJSVapcst Pending*
Interstage Application Server Enterprise Edition V9.0.0 RHEL-AS4(x86)/ RHEL-AS4(EM64T)/ RHEL5(x86)/ RHEL5(Intel64) FJSVapcst Pending*
Interstage Application Server Enterprise Edition V9.1.0 RHEL-AS4(x86)/ RHEL-AS4(EM64T)/ RHEL5(x86)/ RHEL5(Intel64) FJSVapcst T010232LP-02
Interstage Application Server Enterprise Edition V9.1.0B RHEL-AS4(x86)/ RHEL-AS4(EM64T)/ RHEL5(x86)/ RHEL5(Intel64) FJSVapcst T010232LP-02
Interstage Application Server Enterprise Edition V9.2.0 RHEL-AS4(x86)/ RHEL-AS4(EM64T)/ RHEL5(x86)/ RHEL5(Intel64) FJSVapcst T010232LP-02
Interstage Application Server Enterprise Edition V9.3.1 RHEL-AS4(x86)/ RHEL-AS4(EM64T)/ RHEL5(x86)/ RHEL5(Intel64)/ RHEL6(x86)/ RHEL6(Intel64) FJSVapcst T010232LP-02
Interstage Application Server Enterprise Edition V10.0.0 RHEL5(x86)/ RHEL5(Intel64)/ RHEL6(x86)/ RHEL6(Intel64) FJSVapcst T010232LP-02
Interstage Application Server Enterprise Edition V11.0.0 RHEL5(x86)/ RHEL5(Intel64)/ RHEL6(x86)/ RHEL6(Intel64) FJSVapcst T010232LP-02
Interstage Application Server Plus V7.0L10 RHEL-AS3(x86)/ RHEL-ES3(x86) FJSVapcst Pending*
Interstage Application Server Plus V7.0L11 RHEL-AS3(x86)/ RHEL-ES3(x86)/ RHEL-AS4(x86) FJSVapcst Pending*
Interstage Application Server Standard-J Edition V8.0.0 RHEL-AS4(x86)/ RHEL-AS4(EM64T) FJSVapcst Pending*
Interstage Application Server Standard-J Edition V8.0.2 RHEL-AS4(x86)/ RHEL-AS4(EM64T) FJSVapcst Pending*
Interstage Application Server Standard-J Edition V9.0.0 RHEL-AS4(x86)/ RHEL-AS4(EM64T)/ RHEL5(x86)/ RHEL5(Intel64) FJSVapcst Pending*
Interstage Application Server Standard-J Edition V9.1.0 RHEL-AS4(x86)/ RHEL-AS4(EM64T)/ RHEL5(x86)/ RHEL5(Intel64) FJSVapcst T010232LP-02
Interstage Application Server Standard-J Edition V9.1.0B RHEL-AS4(x86)/ RHEL-AS4(EM64T)/ RHEL5(x86)/ RHEL5(Intel64) FJSVapcst T010232LP-02
Interstage Application Server Standard-J Edition V9.2.0 RHEL-AS4(x86)/ RHEL-AS4(EM64T)/ RHEL5(x86)/ RHEL5(Intel64) FJSVapcst T010232LP-02
Interstage Application Server Standard-J Edition V9.3.1 RHEL-AS4(x86)/ RHEL-AS4(EM64T)/ RHEL5(x86)/ RHEL5(Intel64)/ RHEL6(x86)/ RHEL6(Intel64) FJSVapcst T010232LP-02
Interstage Application Server Standard-J Edition V10.0.0 RHEL5(x86)/ RHEL5(Intel64)/ RHEL6(x86)/ RHEL6(Intel64) FJSVapcst T010232LP-02
Interstage Application Server Standard-J Edition V11.0.0 RHEL5(x86)/ RHEL5(Intel64)/ RHEL6(x86)/ RHEL6(Intel64) FJSVapcst T010232LP-02
Interstage Application Server Enterprise Edition V6.0.0 Solaris 7/ Solaris 8/ Solaris 9 FJSVapcst Pending*
Interstage Application Server Enterprise Edition V7.0.0 Solaris 8/ Solaris 9 FJSVapcst Pending*
Interstage Application Server Enterprise Edition V7.0.1 Solaris 8/ Solaris 9/ Solaris 10 FJSVapcst Pending*
Interstage Application Server Enterprise Edition V8.0.0 Solaris 9/ Solaris 10 FJSVapcst Pending*
Interstage Application Server Enterprise Edition V8.0.2 Solaris 9/ Solaris 10 FJSVapcst Pending*
Interstage Application Server Enterprise Edition V9.0.0 Solaris 9/ Solaris 10 FJSVapcst Pending*
Interstage Application Server Enterprise Edition V9.0.0B Solaris 9/ Solaris 10 FJSVapcst Pending*
Interstage Application Server Enterprise Edition V9.1.0 Solaris 9/ Solaris 10 FJSVapcst T010234SP-02
Interstage Application Server Enterprise Edition V9.1.0B Solaris 9/ Solaris 10 FJSVapcst T010234SP-02
Interstage Application Server Enterprise Edition V9.2.0 Solaris 9/ Solaris 10 FJSVapcst T010234SP-02
Interstage Application Server Enterprise Edition V10.0.0 Solaris 9/ Solaris 10 FJSVapcst T010234SP-02
Interstage Application Server Enterprise Edition V11.0.0 Solaris 10/ Solaris 11 FJSVapcst T010234SP-02
Interstage Application Server Plus V7.0.0 Solaris 8/ Solaris 9 FJSVapcst Pending*
Interstage Application Server Plus V7.0.1 Solaris 8/ Solaris 9/ Solaris 10 FJSVapcst Pending*
Interstage Application Server Standard-J Edition V8.0.0 Solaris 9/ Solaris 10 FJSVapcst Pending*
Interstage Application Server Standard-J Edition V8.0.2 Solaris 9/ Solaris 10 FJSVapcst Pending*
Interstage Application Server Standard-J Edition V9.0.0 Solaris 9/ Solaris 10 FJSVapcst Pending*
Interstage Application Server Standard-J Edition V9.1.0 Solaris 9/ Solaris 10 FJSVapcst T010234SP-02
Interstage Application Server Standard-J Edition V9.1.0B Solaris 9/ Solaris 10 FJSVapcst T010234SP-02
Interstage Application Server Standard-J Edition V9.2.0 Solaris 9/ Solaris 10 FJSVapcst T010234SP-02
Interstage Application Server Standard-J Edition V10.0.0 Solaris 9/ Solaris 10 FJSVapcst T010234SP-02
Interstage Application Server Standard-J Edition V11.0.0 Solaris 10/ Solaris 11 FJSVapcst T010234SP-02
Interstage Application Server Enterprise Edition V8.0.0 Windows Server 2003(IPF) FJSVapcst Pending*
Interstage Application Server Enterprise Edition V9.0.0 Windows Server 2003(IPF) FJSVapcst Pending*
Interstage Application Server Enterprise Edition V9.1.0 Windows Server 2003(IPF)/ Windows Server 2008(IPF) FJSVapcst Pending*
Interstage Application Server Enterprise Edition V9.2.0 Windows Server 2003(IPF)/ Windows Server 2008(IPF) FJSVapcst Pending*
Interstage Application Server Standard-J Edition V9.0.0 Windows Server 2003(IPF) FJSVapcst Pending*
Interstage Application Server Standard-J Edition V9.1.0 Windows Server 2003(IPF)/ Windows Server 2008(IPF) FJSVapcst Pending*
Interstage Application Server Standard-J Edition V9.2.0 Windows Server 2003(IPF)/ Windows Server 2008(IPF) FJSVapcst Pending*
Interstage Application Server Enterprise Edition V9.2.0 Windows(EM64T) Server 2003/ Windows(EM64T) Server 2003 R2/ Windows(EM64T) Server 2008 FJSVapcst T010236XP-02
Interstage Application Server Enterprise Edition V10.0.0 Windows(EM64T) Server 2003/ Windows(EM64T) Server 2003 R2/ Windows(EM64T) Server 2008/ Windows Server 2008 R2 FJSVapcst T010236XP-02
Interstage Application Server Enterprise Edition V11.0.0 Windows(EM64T) Server 2003/ Windows(EM64T) Server 2003 R2/ Windows(EM64T) Server 2008/ Windows Server 2008 R2/ Windows Server 2012 FJSVapcst T010236XP-02
Interstage Application Server Standard-J Edition V9.2.0 Windows(EM64T) Server 2003/ Windows(EM64T) Server 2003 R2/ Windows(EM64T) Server 2008 FJSVapcst T010236XP-02
Interstage Application Server Standard-J Edition V10.0.0 Windows(EM64T) Server 2003/ Windows(EM64T) Server 2003 R2/ Windows(EM64T) Server 2008/ Windows Server 2008 R2 FJSVapcst T010236XP-02
Interstage Application Server Standard-J Edition V11.0.0 Windows(EM64T) Server 2003/ Windows(EM64T) Server 2003 R2/ Windows(EM64T) Server 2008/ Windows Server 2008 R2/ Windows Server 2012 FJSVapcst T010236XP-02
Interstage Application Server Enterprise Edition V6.0L10 Windows NT Server / Windows 2000 Server / Windows Server 2003/ Windows Server 2003 R2 FJSVapcst Pending*
Interstage Application Server Enterprise Edition V7.0L10 Windows 2000 Server / Windows Server 2003/ Windows Server 2003 R2 FJSVapcst Pending*
Interstage Application Server Enterprise Edition V7.0L11 Windows 2000 Server / Windows Server 2003/ Windows Server 2003 R2 FJSVapcst Pending*
Interstage Application Server Enterprise Edition V8.0.0 Windows 2000 Server / Windows Server 2003/ Windows Server 2003 R2 FJSVapcst Pending*
Interstage Application Server Enterprise Edition V8.0.1 Windows 2000 Server / Windows Server 2003/ Windows Server 2003 R2 FJSVapcst Pending*
Interstage Application Server Enterprise Edition V8.0.2 Windows 2000 Server / Windows Server 2003/ Windows Server 2003 R2 FJSVapcst Pending*
Interstage Application Server Enterprise Edition V9.0.0 Windows 2000 Server / Windows Server 2003/ Windows Server 2003 R2 FJSVapcst Pending*
Interstage Application Server Enterprise Edition V9.0.0A Windows 2000 Server / Windows Server 2003/ Windows Server 2003 R2 FJSVapcst Pending*
Interstage Application Server Enterprise Edition V9.1.0 Windows 2000 Server / Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2 FJSVapcst T010233WP-02
Interstage Application Server Enterprise Edition V9.1.0B Windows 2000 Server / Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2 FJSVapcst T010233WP-02
Interstage Application Server Enterprise Edition V9.2.0 Windows 2000 Server / Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2 FJSVapcst T010233WP-02
Interstage Application Server Enterprise Edition V10.0.0 Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2 FJSVapcst T010233WP-02
Interstage Application Server Enterprise Edition V11.0.0 Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2/ Windows Server 2012/ Windows Server 2012 R2 FJSVapcst T010233WP-02
Interstage Application Server Plus V6.0L10 Windows NT Server / Windows 2000 Server / Windows Server 2003/ Windows Server 2003 R2 FJSVapcst Pending*
Interstage Application Server Plus V7.0L10 Windows 2000 Server / Windows Server 2003/ Windows Server 2003 R2 FJSVapcst Pending*
Interstage Application Server Plus V7.0L11 Windows 2000 Server / Windows Server 2003/ Windows Server 2003 R2 FJSVapcst Pending*
Interstage Application Server Plus Developer V6.0L10 Windows XP/ Windows NT/ Windows 2000/ Windows Server 2003 FJSVapcst Pending*
Interstage Application Server Plus Developer V7.0L10 Windows XP/ Windows NT/ Windows 2000/ Windows Server 2003 FJSVapcst Pending*
Interstage Application Server Standard-J Edition V8.0.0 Windows 2000 Server / Windows Server 2003/ Windows Server 2003 R2 FJSVapcst Pending*
Interstage Application Server Standard-J Edition V8.0.1 Windows 2000 Server / Windows Server 2003/ Windows Server 2003 R2 FJSVapcst Pending*
Interstage Application Server Standard-J Edition V8.0.2 Windows 2000 Server / Windows Server 2003/ Windows Server 2003 R2 FJSVapcst Pending*
Interstage Application Server Standard-J Edition V9.0.0 Windows 2000 Server / Windows Server 2003/ Windows Server 2003 R2 FJSVapcst Pending*
Interstage Application Server Standard-J Edition V9.0.0A Windows 2000 Server / Windows Server 2003/ Windows Server 2003 R2 FJSVapcst Pending*
Interstage Application Server Standard-J Edition V9.0.0B Windows 2000 Server / Windows Server 2003/ Windows Server 2003 R2 FJSVapcst Pending*
Interstage Application Server Standard-J Edition V9.1.0 Windows 2000 Server / Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2 FJSVapcst T010233WP-02
Interstage Application Server Standard-J Edition V9.1.0B Windows 2000 Server / Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2 FJSVapcst T010233WP-02
Interstage Application Server Standard-J Edition V9.2.0 Windows 2000 Server / Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2 FJSVapcst T010233WP-02
Interstage Application Server Standard-J Edition V10.0.0 Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2 FJSVapcst T010233WP-02
Interstage Application Server Standard-J Edition V11.0.0 Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows Server 2008 R2/ Windows Server 2012/ Windows Server 2012 R2 FJSVapcst T010233WP-02
Interstage Apworks
Products Version Target OS Package name Patch ID.
Interstage Apworks Modelers-J Edition V6.0L10 Windows 98/ Windows Me/ Windows XP/ Windows NT/ Windows 2000/ Windows Server 2003 FJSVapcst Pending*
Interstage Apworks Modelers-J Edition V6.0L10A Windows 98/ Windows Me/ Windows XP/ Windows NT/ Windows 2000/ Windows Server 2003 FJSVapcst Pending*
Interstage Apworks Modelers-J Edition V7.0L11 Windows 98/ Windows Me/ Windows XP/ Windows 2000/ Windows Server 2003 FJSVapcst Pending*
Interstage Interaction Manager
Products Version Target OS Package name Patch ID.
Interstage Interaction Manager V10.1.0 RHEL5(Intel64)/ RHEL6(Intel64) FJSVapcst T010232LP-02
Interstage Interaction Manager V10.1.0 Windows Server 2008 R2/ Windows Server 2012/ Windows Server 2012 R2 FJSVapcst T010236XP-02
Interstage Studio
Products Version Target OS Package name Patch ID.
Interstage Studio Enterprise Edition V8.0.1 Windows XP/ Windows 2000/ Windows Server 2003/ Windows Vista FJSVapcst Pending*
Interstage Studio Enterprise Edition V9.0.0 Windows XP/ Windows 2000/ Windows Server 2003/ Windows Vista FJSVapcst Pending*
Interstage Studio Enterprise Edition V9.1.0 Windows XP/ Windows 2000/ Windows Server 2003/ Windows Vista/ Windows Server 2008 FJSVapcst T010233WP-02
Interstage Studio Enterprise Edition V9.1.0B Windows XP/ Windows 2000/ Windows Server 2003/ Windows Vista/ Windows Server 2008 FJSVapcst T010233WP-02
Interstage Studio Enterprise Edition V9.2.0 Windows XP/ Windows 2000/ Windows Server 2003/ Windows Vista/ Windows Server 2008/ Windows 7 FJSVapcst T010233WP-02
Interstage Studio Standard-J Edition V8.0.1 Windows XP/ Windows 2000/ Windows Server 2003/ Windows Vista FJSVapcst Pending*
Interstage Studio Standard-J Edition V9.0.0 Windows XP/ Windows 2000/ Windows Server 2003/ Windows Vista FJSVapcst Pending*
Interstage Studio Standard-J Edition V9.1.0 Windows XP/ Windows 2000/ Windows Server 2003/ Windows Vista/ Windows Server 2008 FJSVapcst T010233WP-02
Interstage Studio Standard-J Edition V9.1.0B Windows XP/ Windows 2000/ Windows Server 2003/ Windows Vista/ Windows Server 2008 FJSVapcst T010233WP-02
Interstage Studio Standard-J Edition V9.2.0 Windows XP/ Windows 2000/ Windows Server 2003/ Windows Vista/ Windows Server 2008/ Windows 7 FJSVapcst T010233WP-02
Interstage Studio Standard-J Edition V10.0.0 Windows XP/ Windows Server 2003/ Windows Vista/ Windows Server 2008/ Windows 7 FJSVapcst T010233WP-02
Interstage Studio Standard-J Edition V11.0.0 Windows XP/ Windows Server 2003/ Windows Vista/ Windows Server 2008/ Windows 7/ Windows Server 2012/ Windows 8 FJSVapcst T010233WP-02

For the Patches, please contact a Fujitsu system engineer or your partner(s).



Note: Determining the affected product
Please confirm the version of the product by "Software manual" appended to the product.

3-3. Workaround

No workaround exists.

4. Related information

5. Revision history

  • June 7th, 2016: Initial release


Services & Products

Corporate Information

Country Selector

Global

Change

World Map