Illegal HTTP request from a client could cause Interstage HTTP Server's connection process to terminate abnormally September 8th, 2005
This bulletin provides security information about the reports to CERT/CC, the coordination center, or detected by Fujitsu's own examination by the published date.
Products developed by third parties may be included as subject products. Information about such third party products may be exactly the same as provided by the respective third party.
The contents of this bulletin are provided "AS IS" without warranties of any kind, either express or implied (including, without limitation, any implied warranty of merchantability, fitness for a particular purpose and non-infringement). In no event shall Fujitsu be liable for any direct, indirect, special, incidental, consequential, punitive, or any other damages of any kind, including, without limitation, loss of profits and loss of data incurred by a customer arising out of, or in connection with, the use or non-use of any information in this bulletin, even if Fujitsu has been advised of the possibility of such damages.
The information contained in this bulletin will be updated from time to time without notice. Therefore, all customers are advised to always ascertain the latest information. In case of redistribution of this security bulletin, the full text of this statement shall be reproduced.
| [Outline] | |
|---|---|
| Problem | Illegal HTTP request from a client could cause Interstage HTTP Server's connection process to terminate abnormally. |
| Manufacturer | Fujitsu Limited |
| Corresponding products | Interstage Application Server Plus V5.0.1 for Windows
Interstage Application Server Plus Developer V5.0.1 for Windows Interstage Application Server Enterprise Edition V6.0 for Windows Interstage Application Server Plus V6.0 for Windows Interstage Application Server Plus Developer V6.0 for Windows Interstage Apworks Modelers-J Edition V6.0 for Windows Interstage Apworks Modelers-J Edition V6.0A for Windows |
| Corresponding systems | PRIMERGY, GP5000, CELSIUS, FMV
|
| Impact | Abnormal termination of Interstage HTTP Server's connection process. |
| Method to temporarily avoid the problem | None |
| Patch | Some |
1. Background
A security vulnerability has been observed in Interstage HTTP Server (FJapache) bundled with Interstage Application Server and Interstage Apworks. This vulnerability could cause a connection process of Interstage HTTP Server to terminate abnormally on reception of an illegal HTTP request from a client.
Fujitsu provides security patches shown in 5.
Please apply them as soon as possible.
2. Range of corresponding system(s)
| Corresponding
command/file | Products | Target OS |
|---|---|---|
| ApacheCore.dll | Interstage Application Server Enterprise Edition V6.0 for Windows | Windows |
| ApacheCore.dll | Interstage Application Server Plus V5.0.1 for Windows
Interstage Application Server Plus V6.0 for Windows | Windows |
| ApacheCore.dll | Interstage Application Server Plus Developer V5.0.1 for Windows
Interstage Application Server Plus Developer V6.0 for Windows | Windows |
| ApacheCore.dll | Interstage Apworks Modelers-J Edition V6.0 for Windows
Interstage Apworks Modelers-J Edition V6.0A for Windows | Windows |
3. Detected problem(s)
Illegal HTTP request from a client could cause Interstage HTTP Server's connection process(Apache.exe) to terminate abnormally. If this occurred in processing another request, all the connections for the requests would be disconnected.
Note that a new connection process will be created automatically after the termination and following requests can be handled normally.
4. Method to temporarily avoid the problem
None.
5. Patch information
| Products | Target OS | Package name | Patch ID. |
|---|---|---|---|
| Interstage Application Server Plus V5.0.1 for Windows | Windows | F3FMihs | TP17822* |
| Interstage Application Server Plus Developer V5.0.1 for Windows | Windows | F3FMihs | TP17822* |
| Interstage Application Server Enterprise Edition V6.0 for Windows | Windows | F3FMihs | TP27822* |
| Interstage Application Server Plus V6.0 for Windows | Windows | F3FMihs | TP27822* |
| Interstage Application Server Plus Developer V6.0 for Windows | Windows | F3FMihs | TP27822* |
| Interstage Apworks Modelers-J Edition V6.0 for Windows | Windows | F3FMihs | TP27822* |
| Interstage Apworks Modelers-J Edition V6.0A for Windows | Windows | F3FMihs | TP27822* |
* For the Patches without ID nor link, please contact a Fujitsu system engineer or your partner(s).
6. Revision history
- September 8th, 2005 : Initial release
