1. Home
  2. support
  3. products
  4. Software
  5. Security
  6. Web Root Path Disclosure Vulnerability in Interstage Application Server. October 9th, 2007

Web Root Path Disclosure Vulnerability in Interstage Application Server. October 9th, 2007

Notes on using this web page

1. Background and Detected problem(s)

Web root path disclosure vulnerability has been discovered in the Tomcat 4.1-based Servlet Service.

There is a possibility being returned the error page which contains the root path of the Web application (physical path about the document root) to the remote attackers.

2. Method to avoid the problem

Add following JavaVM option(Note1) by setting the IJServer work unit.

  -Dsun.io.useCanonCaches=false

  Note1)Set in the following input forms.

  • Interstage Management Console  ->
  • Interstage Application Server  ->
  • System  ->
  • WorkUnit  ->
  • [WorkUnit(IJServer) Name]  ->
  • Settings  ->
  • WorkUnit Settings  ->
  • Java VM Options

Fujitsu has confirmed this vulnerability as a problem of the Tomcat 4.1-based Servlet Service. However, because it was a problem concerning the JavaVM option, this problem is scheduled to be corrected in a future version of the Interstage Application Server.

3. Corresponding system and Patch information

Corresponding system :PRIMERGY, GP5000, CELSIUS, FMV series, AT compatible machine, PRIMEQUEST

Interstage Application Server
ProductsTarget OSPackage name
Interstage Application Server Enterprise Edition V7.0 for WindowsWindows Server 2003/ Windows 2000FJSVj2ee
Interstage Application Server Enterprise Edition V7.0.1 for WindowsWindows Server 2003/ Windows 2000FJSVj2ee
Interstage Application Server Enterprise Edition 8.0.0 for WindowsWindows Server 2003/ Windows 2000FJSVj2ee
Interstage Application Server Enterprise Edition 8.0.1 for WindowsWindows Server 2003/ Windows 2000FJSVj2ee
Interstage Application Server Enterprise Edition 8.0.2 for WindowsWindows Server 2003/ Windows 2000FJSVj2ee
Interstage Application Server Enterprise Edition 8.0.3 for WindowsWindows Server 2003/ Windows 2000FJSVj2ee
Interstage Application Server Enterprise Edition V9.0.0 for WindowsWindows Server 2003/ Windows 2000FJSVj2ee
Interstage Application Server Enterprise Edition V9.0.0A for WindowsWindows Server 2003/ Windows 2000FJSVj2ee
Interstage Application Server Standard Edition V7.0 for WindowsWindows Server 2003/ Windows 2000FJSVj2ee
Interstage Application Server Standard-J Edition 8.0.0 for WindowsWindows Server 2003/ Windows 2000FJSVj2ee
Interstage Application Server Standard-J Edition 8.0.1 for WindowsWindows Server 2003/ Windows 2000FJSVj2ee
Interstage Application Server Standard-J Edition 8.0.2 for WindowsWindows Server 2003/ Windows 2000FJSVj2ee
Interstage Application Server Standard-J Edition 8.0.3 for WindowsWindows Server 2003/ Windows 2000FJSVj2ee
Interstage Application Server Standard-J Edition V9.0.0 for WindowsWindows Server 2003/ Windows 2000FJSVj2ee
Interstage Application Server Standard-J Edition V9.0.0A for WindowsWindows Server 2003/ Windows 2000FJSVj2ee
Interstage Application Server Plus V7.0 for WindowsWindows Server 2003/ Windows 2000FJSVj2ee
Interstage Application Server Plus V7.0.1 for WindowsWindows Server 2003/ Windows 2000FJSVj2ee
Interstage Application Server Plus Developer V7.0 for WindowsWindows Server 2003/ Windows 2000/ Windows XPFJSVj2ee
Interstage Application Server Enterprise Edition 8.0.0 for WindowsWindows Server 2003(IPF)FJSVj2ee
Interstage Application Server Enterprise Edition 8.0.3 for WindowsWindows Server 2003(IPF)FJSVj2ee
Interstage Apworks/Studio
ProductsTarget OSPackage name
Interstage Apworks Enterprise Edition 8.0.0 for WindowsWindows Server 2003/ Windows 2000/ Windows XPFJSVj2ee
Interstage Apworks Standard-J Edition 8.0.0 for WindowsWindows Server 2003/ Windows 2000/ Windows XPFJSVj2ee
Interstage Apworks Modelers-J Edition V7.0 for WindowsWindows Server 2003/ Windows 2000/ Windows XPFJSVj2ee
Interstage Studio Enterprise Edition 8.0.1 for WindowsWindows Server 2003/ Windows 2000/ Windows XPFJSVj2ee
Interstage Studio Enterprise Edition V9.0.0 for WindowsWindows Server 2003/ Windows 2000/ Windows XP/ Windows VistaFJSVj2ee
Interstage Studio Standard-J Edition 8.0.1 for WindowsWindows Server 2003/ Windows 2000/ Windows XPFJSVj2ee
Interstage Studio Standard-J Edition V9.0.0 for WindowsWindows Server 2003/ Windows 2000/ Windows XP/ Windows VistaFJSVj2ee

Note2)For the Patches, please see "2. Method to avoid the problem".

4. Revision history

  • October 9th, 2007 : Initial release

Top of Page