Vulnerability in Interstage Management Console May Lead to Obtain or Delete Arbitrary Files on the Server. February 13th, 2012
1. Description
A vulnerability has been confirmed in environments using the Interstage Management Console, which may lead to obtain or delete abitrary files on the server.
Fujitsu provides workaround in section 3-3, Please apply them as soon as possible.
2. Impact
There is a threat of exposure of information by obtaining abitrary files and/or corruption of the system environment by deleting them.
3. Affected systems and corresponding action
3-1. Affected systems:
GP7000F, PRIMEPOWER, PRIMERGY, GP5000, CELSIUS, FMV series, AT compatible machines, PRIMEQUEST, SPARC Enterprise
3-2. Affected products and required patch
Note: The values set in "3-3. Workaround" below depend on the product. The symbol in square brackets after 'Product' corresponds to the contents set of "3-3. Workaround".
Products | Version | Target OS | Package name | Patch ID. |
---|---|---|---|---|
Interstage Application Server Enterprise Edition [a] | V6.0 | RHEL-AS3(x86)/ ES3(x86) | FJSVisgui | SCHEDULED * |
Interstage Application Server Enterprise Edition [c] | V7.0 | RHEL-AS3(x86)/ ES3(x86) | FJSVisgui | SCHEDULED * |
Interstage Application Server Plus [c] | V7.0 | RHEL-AS3(x86)/ ES3(x86) | FJSVisgui | SCHEDULED * |
Interstage Application Server Enterprise Edition [c] | V7.0.1 | RHEL-AS3(x86)/ ES3(x86)/ AS4(x86) | FJSVisgui | SCHEDULED * |
Interstage Application Server Plus [c] | V7.0.1 | RHEL-AS3(x86)/ ES3(x86)/ AS4(x86) | FJSVisgui | SCHEDULED * |
Interstage Application Server Enterprise Edition [c] | 8.0.0/ 8.0.2 | RHEL-AS4(x86) | FJSVisgui | SCHEDULED * |
Interstage Application Server Standard-J Edition [c] | 8.0.0/ 8.0.2 | RHEL-AS4(x86) | FJSVisgui | SCHEDULED * |
Interstage Application Server Enterprise Edition [d] | V9.0.0 | RHEL-AS4(x86)/ AS4(EM64T)/ RHEL5(x86)/ RHEL5(Intel64) | FJSVisgui | SCHEDULED * |
Interstage Application Server Standard-J Edition [d] | V9.0.0 | RHEL-AS4(x86)/ AS4(EM64T)/ RHEL5(x86)/ RHEL5(Intel64) | FJSVisgui | SCHEDULED * |
Interstage Application Server Enterprise Edition [d] | V9.1.0/ V9.1.0B | RHEL-AS4(x86)/ AS4(EM64T)/ RHEL5(x86)/ RHEL5(Intel64) | FJSVisgui | SCHEDULED * |
Interstage Application Server Standard-J Edition [d] | V9.1.0/ V9.1.0B | RHEL-AS4(x86)/ AS4(EM64T)/ RHEL5(x86)/ RHEL5(Intel64) | FJSVisgui | SCHEDULED * |
Interstage Application Server Enterprise Edition [c] | V7.0 | RHEL-AS4(IPF) | FJSVisgui | SCHEDULED * |
Interstage Application Server Enterprise Edition [c] | 8.0.0/ 8.0.1/ 8.0.2 | RHEL-AS4(IPF) | FJSVisgui | SCHEDULED * |
Interstage Application Server Enterprise Edition [d] | V9.0.0 | RHEL-AS4(IPF)/ RHEL5(IPF) | FJSVisgui | SCHEDULED * |
Interstage Application Server Standard-J Edition [d] | V9.0.0 | RHEL-AS4(IPF)/ RHEL5(IPF) | FJSVisgui | SCHEDULED * |
Interstage Application Server Enterprise Edition [d] | V9.0.0A | RHEL-AS4(IPF)/ RHEL5(IPF) | FJSVisgui | SCHEDULED * |
Interstage Application Server Enterprise Edition [d] | V9.1.0 | RHEL-AS4(IPF)/ RHEL5(IPF) | FJSVisgui | SCHEDULED * |
Interstage Application Server Standard-J Edition [d] | V9.1.0 | RHEL-AS4(IPF)/ RHEL5(IPF) | FJSVisgui | SCHEDULED * |
Interstage Application Server Enterprise Edition [a] | 6.0 | Solaris 7/ 8/ 9 | FJSVisgui | SCHEDULED * |
Interstage Application Server Enterprise Edition [c] | 7.0 | Solaris 8/ 9 | FJSVisgui | SCHEDULED * |
Interstage Application Server Plus [c] | 7.0 | Solaris 8/ 9 | FJSVisgui | SCHEDULED * |
Interstage Application Server Enterprise Edition [c] | 7.0.1 | Solaris 8/ 9/ 10 | FJSVisgui | SCHEDULED * |
Interstage Application Server Plus [c] | 7.0.1 | Solaris 8/ 9/ 10 | FJSVisgui | SCHEDULED * |
Interstage Application Server Enterprise Edition [c] | 8.0.0/ 8.0.2 | Solaris 9/ 10 | FJSVisgui | SCHEDULED * |
Interstage Application Server Standard-J Edition [c] | 8.0.0/ 8.0.2 | Solaris 9/ 10 | FJSVisgui | SCHEDULED * |
Interstage Application Server Enterprise Edition [d] | V9.0.0/ V9.0.0B | Solaris 9/ 10 | FJSVisgui | SCHEDULED * |
Interstage Application Server Standard-J Edition [d] | V9.0.0 | Solaris 9/ 10 | FJSVisgui | SCHEDULED * |
Interstage Application Server Enterprise Edition [d] | V9.1.0/ V9.1.0B | Solaris 9/ 10 | FJSVisgui | SCHEDULED * |
Interstage Application Server Standard-J Edition [d] | V9.1.0/ V9.1.0B | Solaris 9/ 10 | FJSVisgui | SCHEDULED * |
Interstage Application Server Enterprise Edition [e] | V6.0 | Windows NT4.0/ Windows 2000 Server/ Windows Server 2003 | GUI | SCHEDULED * |
Interstage Application Server Plus [e] | V6.0 | Windows NT4.0/ Windows 2000 Server/ Windows Server 2003 | GUI | SCHEDULED * |
Interstage Application Server Plus Developer [e] | V6.0 | Windows NT4.0/ Windows 2000 Server/ Windows Server 2003/ Windows XP | GUI | SCHEDULED * |
Interstage Application Server Enterprise Edition [g] | V7.0/ V7.0.1 | Windows 2000 Server/ Windows Server 2003 | GUI | SCHEDULED * |
Interstage Application Server Plus [g] | V7.0/ V7.0.1 | Windows 2000 Server/ Windows Server 2003 | GUI | SCHEDULED * |
Interstage Application Server Plus Developer [g] | V7.0 | Windows 2000 Server/ Windows Server 2003/ Windows XP | GUI | SCHEDULED * |
Interstage Application Server Enterprise Edition [g] | 8.0.0/ 8.0.1/ 8.0.2 | Windows 2000 Server/ Windows Server 2003 | GUI | SCHEDULED * |
Interstage Application Server Standard-J Edition [g] | 8.0.0/ 8.0.1/ 8.0.2 | Windows 2000 Server/ Windows Server 2003 | GUI | SCHEDULED * |
Interstage Application Server Enterprise Edition [h] | V9.0.0/ V9.0.0A | Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2 | GUI | SCHEDULED * |
Interstage Application Server Standard-J Edition [h] | V9.0.0/ V9.0.0A/ V9.0.0B | Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2 | GUI | SCHEDULED * |
Interstage Application Server Enterprise Edition [h] | V9.1.0/ V9.1.0B | Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008 | GUI | SCHEDULED * |
Interstage Application Server Standard-J Edition [h] | V9.1.0/ V9.1.0B | Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008 | GUI | SCHEDULED * |
Interstage Application Server Enterprise Edition [g] | 8.0.0 | Windows(IPF) Server 2003 | GUI | SCHEDULED * |
Interstage Application Server Enterprise Edition [h] | V9.0.0 | Windows(IPF) Server 2003/ Windows(IPF) Server 2003 R2 | GUI | SCHEDULED * |
Interstage Application Server Standard-J Edition [h] | V9.0.0 | Windows(IPF) Server 2003/ Windows(IPF) Server 2003 R2 | GUI | SCHEDULED * |
Interstage Application Server Enterprise Edition [h] | V9.1.0 | Windows(IPF) Server 2003/ Windows(IPF) Server 2003 R2/ Windows(IPF) Server 2008 | GUI | SCHEDULED * |
Interstage Application Server Standard-J Edition [h] | V9.1.0 | Windows(IPF) Server 2003/ Windows(IPF) Server 2003 R2/ Windows(IPF) Server 2008 | GUI | SCHEDULED * |
Products | Version | Target OS | Package name | Patch ID. |
---|---|---|---|---|
Interstage Apworks Modelers-J Edition [e] | V6.0/ V6.0A | Windows NT4.0/ Windows 2000 Server/ Windows Server 2003/ Windows XP | GUI | SCHEDULED * |
Interstage Apworks Modelers-J Edition [g] | V7.0 | Windows 2000 Server/ Windows Server 2003/ Windows XP | GUI | SCHEDULED * |
Products | Version | Target OS | Package name | Patch ID. |
---|---|---|---|---|
Interstage Business Application Server Enterprise Edition [c] | 8.0.0 | RHEL-AS4(IPF) | FJSVisgui | SCHEDULED * |
Products | Version | Target OS | Package name | Patch ID. |
---|---|---|---|---|
Interstage Studio Enterprise Edition [g] | 8.0.1 | Windows 2000 Server/ Windows Server 2003/ Windows XP | GUI | None |
Interstage Studio Standard-J Edition [g] | 8.0.1 | Windows 2000 Server/ Windows Server 2003/ Windows XP | GUI | None |
Interstage Studio Enterprise Edition [h] | V9.0.0 | Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows XP/ Windows Vista | GUI | SCHEDULED * |
Interstage Studio Standard-J Edition [h] | V9.0.0 | Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows XP/ Windows Vista | GUI | SCHEDULED * |
Interstage Studio Enterprise Edition [h] | V9.1.0/ V9.1.0B | Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows XP/ Windows Vista | GUI | SCHEDULED * |
Interstage Studio Standard-J Edition [h] | V9.1.0/ V9.1.0B | Windows 2000 Server/ Windows Server 2003/ Windows Server 2003 R2/ Windows Server 2008/ Windows XP/ Windows Vista | GUI | SCHEDULED * |
* For the Patches without ID nor link, please contact a Fujitsu system engineer or your partner(s).
Reference: Confirmation method for the relevant product
To check the software version, refer to the "software manual" supplied with the product.
3-3. Workaround
Please apply the procedure mentioned below that is corresponding your product.
- Product [a] (6.0 for Solaris/V6.0 for Linux)
- Add the directives shown below to the end of the environment definition file of the Web server being used by the Interstage Management Console (/etc/opt/FJSVisgui/httpd.conf).
LoadModule rewrite_module /opt/FJSVihs/libexec/od_rewrite.so
AddModule mod_rewrite.c
< Location /IsAdmin/download >
RewriteEngine On
RewriteCond %{QUERY_STRING} !dirname=/opt/FJSVisgui/isadmin/var/download [OR]
RewriteCond %{QUERY_STRING} &.*& [OR]
RewriteCond %{QUERY_STRING} \.\./ [OR]
RewriteCond %{QUERY_STRING} /\.\.
RewriteRule .* - [F]
< /Location >
< Location /IsAdmin/servlet >
RewriteEngine On
RewriteCond %{PATH_INFO} ^/download [OR]
RewriteCond %{PATH_INFO} ^/com\.fujitsu\.interstage\.isAdmin\.WorkUnit\.IJServerLogServlet
RewriteCond %{QUERY_STRING} !dirname=/opt/FJSVisgui/isadmin/var/download [OR]
RewriteCond %{QUERY_STRING} &.*& [OR]
RewriteCond %{QUERY_STRING} \.\./ [OR]
RewriteCond %{QUERY_STRING} /\.\.
RewriteRule .* - [F]
< /Location >
Note: In the above definition, it is assumed that the product is installed in '/opt'.
If the product is saved in a directory other than '/opt', replace all instances of '/opt' with the actual installation path of the product.
For example, if the product is installed in '/test/opt' as shown in the example below.
LoadModule rewrite_module /test/opt/FJSVihs/libexec/mod_rewrite.so
RewriteCond %{QUERY_STRING} !dirname=/test/opt/FJSVisgui/isadmin/var/download [OR] - After you have edited the definitions, restart the Web server being used by the Interstage Management Console.
ii-i) Use the kill command to stop the processes of the Web server.
# kill 'cat /var/opt/FJSVisgui/tmp/httpd.pid'
ii-ii) Start the Web server.
# /opt/FJSVihs/bin/httpd -f /etc/opt/FJSVisgui/httpd.conf
- Product [b] (6.0.2 for Solaris)
- Add the directives shown below to the end of the environment definition file of the Web server being used by the Interstage Management Console (/etc/opt/FJSVisgui/httpd.conf).
LoadModule rewrite_module /opt/FJSVihs/libexec/mod_rewrite.so
AddModule mod_rewrite.c
< Location /IsAdmin/download >
RewriteEngine On
RewriteCond %{QUERY_STRING} !dirname=/opt/FJSVisgui/isadmin/var/download [OR]
RewriteCond %{QUERY_STRING} &.*& [OR]
RewriteCond %{QUERY_STRING} \.\./ [OR]
RewriteCond %{QUERY_STRING} /\.\.
RewriteRule .* - [F]
< /Location >
< Location /IsAdmin/servlet/download >
RewriteEngine On
RewriteCond %{QUERY_STRING} !dirname=/opt/FJSVisgui/isadmin/var/download [OR]
RewriteCond %{QUERY_STRING} &.*& [OR]
RewriteCond %{QUERY_STRING} \.\./ [OR]
RewriteCond %{QUERY_STRING} /\.\.
RewriteRule .* - [F]
< /Location >
< Location /IsAdmin/servlet/com.fujitsu.interstage.isAdmin.WorkUnit.IJServerLogServlet >
RewriteEngine On
RewriteCond %{QUERY_STRING} !dirname=/opt/FJSVisgui/isadmin/var/download [OR]
RewriteCond %{QUERY_STRING} &.*& [OR]
RewriteCond %{QUERY_STRING} \.\./ [OR]
RewriteCond %{QUERY_STRING} /\.\.
RewriteRule .* - [F]
< /Location >
Note: In the above definition, it is assumed that the product is installed in '/opt'.
If the product is saved in a directory other than '/opt', replace all instances of '/opt' with the actual installation path of the product.
For example, if the product is installed in '/test/opt', as shown in the example below.
LoadModule rewrite_module /test/opt/FJSVihs/libexec/mod_rewrite.so
RewriteCond %{QUERY_STRING} !dirname=/test/opt/FJSVisgui/isadmin/var/download [OR] - After you have edited the definitions, restart the Web server being used by the Interstage Management Console.
ii-i) Use the kill command to stop the processes of the Web server.
# kill `cat /var/opt/FJSVisgui/tmp/httpd.pid`
ii-ii) Start the Web server.
# /opt/FJSVihs/bin/httpd -f /etc/opt/FJSVisgui/httpd.conf
- Product [c] (V7, V8 for Solaris/ V7, V8 for Linux)
- Add the directives shown below to the end of the environment definition file of the Web server being used by the Interstage Management Console (/etc/opt/FJSVisgui/httpd.conf).
LoadModule rewrite_module /opt/FJSVihs/libexec/mod_rewrite.so
AddModule mod_rewrite.c
< Location /IsAdmin/download >
RewriteEngine On
RewriteCond %{QUERY_STRING} !dirname=/opt/FJSVisgui/isadmin/var/download [OR]
RewriteCond %{QUERY_STRING} &.*& [OR]
RewriteCond %{QUERY_STRING} \.\./ [OR]
RewriteCond %{QUERY_STRING} /\.\.
RewriteRule .* - [F]
< /Location >
< Location /IsAdmin/servlet/download >
RewriteEngine On
RewriteCond %{QUERY_STRING} !dirname=/opt/FJSVisgui/isadmin/var/download [OR]
RewriteCond %{QUERY_STRING} &.*& [OR]
RewriteCond %{QUERY_STRING} \.\./ [OR]
RewriteCond %{QUERY_STRING} /\.\.
RewriteRule .* - [F]
< /Location >
< Location /IsAdmin/servlet/com.fujitsu.interstage.isAdmin.WorkUnit.IJServerLogServlet >
RewriteEngine On
RewriteCond %{QUERY_STRING} !dirname=/opt/FJSVisgui/isadmin/var/download [OR]
RewriteCond %{QUERY_STRING} &.*& [OR]
RewriteCond %{QUERY_STRING} \.\./ [OR]
RewriteCond %{QUERY_STRING} /\.\.
RewriteRule .* - [F]
< /Location >
< Location /IsAdmin/WUdownload >
RewriteEngine On
RewriteCond %{QUERY_STRING} !dirname=/opt/FJSVisgui/isadmin/var/webservice/download [OR]
RewriteCond %{QUERY_STRING} &.*& [OR]
RewriteCond %{QUERY_STRING} \.\./ [OR]
RewriteCond %{QUERY_STRING} /\.\.
RewriteRule .* - [F]
< /Location >
< Location /IsAdmin/servlet/WUdownload >
RewriteEngine On
RewriteCond %{QUERY_STRING} !dirname=/opt/FJSVisgui/isadmin/var/webservice/download [OR]
RewriteCond %{QUERY_STRING} &.*& [OR]
RewriteCond %{QUERY_STRING} \.\./ [OR]
RewriteCond %{QUERY_STRING} /\.\.
RewriteRule .* - [F]
< /Location >
< Location /IsAdmin/servlet/com.fujitsu.interstage.isAdmin.WorkUnit.WUDownloadServlet >
RewriteEngine On
RewriteCond %{QUERY_STRING} !dirname=/opt/FJSVisgui/isadmin/var/webservice/download [OR]
RewriteCond %{QUERY_STRING} &.*& [OR]
RewriteCond %{QUERY_STRING} \.\./ [OR]
RewriteCond %{QUERY_STRING} /\.\.
RewriteRule .* - [F]
< /Location >
< Location /IsAdmin/WWWdownload >
RewriteEngine On
RewriteCond %{QUERY_STRING} !dirname=/opt/FJSVisgui/isadmin/var/download [OR]
RewriteCond %{QUERY_STRING} &.*&.*& [OR]
RewriteCond %{QUERY_STRING} \.\./ [OR]
RewriteCond %{QUERY_STRING} /\.\.
RewriteRule .* - [F]
< /Location >
< Location /IsAdmin/servlet/WWWdownload >
RewriteEngine On
RewriteCond %{QUERY_STRING} !dirname=/opt/FJSVisgui/isadmin/var/download [OR]
RewriteCond %{QUERY_STRING} &.*&.*& [OR]
RewriteCond %{QUERY_STRING} \.\./ [OR]
RewriteCond %{QUERY_STRING} /\.\.
RewriteRule .* - [F]
< /Location >
< Location /IsAdmin/servlet/com.fujitsu.interstage.isAdmin.www.WWWLogServlet >
RewriteEngine On
RewriteCond %{QUERY_STRING} !dirname=/opt/FJSVisgui/isadmin/var/download [OR]
RewriteCond %{QUERY_STRING} &.*&.*& [OR]
RewriteCond %{QUERY_STRING} \.\./ [OR]
RewriteCond %{QUERY_STRING} /\.\.
RewriteRule .* - [F]
< /Location >
Note: In the above definition, it is assumed that the product is installed in '/opt'.
If the product is saved in a directory other than '/opt', replace all instances of '/opt' with the actual installation path of the product.
For example, if the product is installed in '/test/opt' as shown in the example below.
LoadModule rewrite_module /test/opt/FJSVihs/libexec/mod_rewrite.so
RewriteCond %{QUERY_STRING} !dirname=/test/opt/FJSVisgui/isadmin/var/download [OR]
RewriteCond %{QUERY_STRING} !dirname=/test/opt/FJSVisgui/isadmin/var/webservice/download [OR] - After you have edited the definitions, restart the services for the purpose of using the Interstage Management Console.
ii-i) Stop the services.
# ismngconsolestop
ii-ii) Start the services.
# ismngconsolestart
- Product [d] (V9 for Solaris/ V9 for Linux)
- Add the directives shown below to the end of the environment definition file of the Web server being used by the Interstage Management Console (/etc/opt/FJSVisgui/httpd.conf).
LoadModule rewrite_module /opt/FJSVihs/modules/mod_rewrite.so
< Location /IsAdmin/download >
RewriteEngine On
RewriteCond %{QUERY_STRING} !dirname=/opt/FJSVisgui/isadmin/var/download [OR]
RewriteCond %{QUERY_STRING} &.*& [OR]
RewriteCond %{QUERY_STRING} \.\./ [OR]
RewriteCond %{QUERY_STRING} /\.\.
RewriteRule .* - [F]
< /Location >
< Location /IsAdmin/servlet/download >
RewriteEngine On
RewriteCond %{QUERY_STRING} !dirname=/opt/FJSVisgui/isadmin/var/download [OR]
RewriteCond %{QUERY_STRING} &.*& [OR]
RewriteCond %{QUERY_STRING} \.\./ [OR]
RewriteCond %{QUERY_STRING} /\.\.
RewriteRule .* - [F]
< /Location >
< Location /IsAdmin/servlet/com.fujitsu.interstage.isAdmin.WorkUnit.IJServerLogServlet >
RewriteEngine On
RewriteCond %{QUERY_STRING} !dirname=/opt/FJSVisgui/isadmin/var/download [OR]
RewriteCond %{QUERY_STRING} &.*& [OR]
RewriteCond %{QUERY_STRING} \.\./ [OR]
RewriteCond %{QUERY_STRING} /\.\.
RewriteRule .* - [F]
< /Location >
< Location /IsAdmin/WUdownload >
RewriteEngine On
RewriteCond %{QUERY_STRING} !dirname=/opt/FJSVisgui/isadmin/var/webservice/download [OR]
RewriteCond %{QUERY_STRING} &.*& [OR]
RewriteCond %{QUERY_STRING} \.\./ [OR]
RewriteCond %{QUERY_STRING} /\.\.
RewriteRule .* - [F]
< /Location >
< Location /IsAdmin/servlet/WUdownload >
RewriteEngine On
RewriteCond %{QUERY_STRING} !dirname=/opt/FJSVisgui/isadmin/var/webservice/download [OR]
RewriteCond %{QUERY_STRING} &.*& [OR]
RewriteCond %{QUERY_STRING} \.\./ [OR]
RewriteCond %{QUERY_STRING} /\.\.
RewriteRule .* - [F]
< /Location >
< Location /IsAdmin/servlet/com.fujitsu.interstage.isAdmin.WorkUnit.WUDownloadServlet >
RewriteEngine On
RewriteCond %{QUERY_STRING} !dirname=/opt/FJSVisgui/isadmin/var/webservice/download [OR]
RewriteCond %{QUERY_STRING} &.*& [OR]
RewriteCond %{QUERY_STRING} \.\./ [OR]
RewriteCond %{QUERY_STRING} /\.\.
RewriteRule .* - [F]
< /Location >
< Location /IsAdmin/WWWdownload >
RewriteEngine On
RewriteCond %{QUERY_STRING} !dirname=/opt/FJSVisgui/isadmin/var/download [OR]
RewriteCond %{QUERY_STRING} &.*&.*& [OR]
RewriteCond %{QUERY_STRING} \.\./ [OR]
RewriteCond %{QUERY_STRING} /\.\.
RewriteRule .* - [F]
< /Location >
< Location /IsAdmin/servlet/WWWdownload >
RewriteEngine On
RewriteCond %{QUERY_STRING} !dirname=/opt/FJSVisgui/isadmin/var/download [OR]
RewriteCond %{QUERY_STRING} &.*&.*& [OR]
RewriteCond %{QUERY_STRING} \.\./ [OR]
RewriteCond %{QUERY_STRING} /\.\.
RewriteRule .* - [F]
< /Location >
< Location /IsAdmin/servlet/com.fujitsu.interstage.isAdmin.www.WWWLogServlet >
RewriteEngine On
RewriteCond %{QUERY_STRING} !dirname=/opt/FJSVisgui/isadmin/var/download [OR]
RewriteCond %{QUERY_STRING} &.*&.*& [OR]
RewriteCond %{QUERY_STRING} \.\./ [OR]
RewriteCond %{QUERY_STRING} /\.\.
RewriteRule .* - [F]
< /Location >
Note: In the above definition, it is assumed that the product is installed in '/opt'.
If the product is saved in a directory other than '/opt', replace all instances of '/opt' with the actual installation path of the product.
For example, if the product is installed in '/test/opt' as shown in the example below.
LoadModule rewrite_module /test/opt/FJSVihs/libexec/mod_rewrite.so
RewriteCond %{QUERY_STRING} !dirname=/test/opt/FJSVisgui/isadmin/var/download [OR]
RewriteCond %{QUERY_STRING} !dirname=/test/opt/FJSVisgui/isadmin/var/webservice/download [OR] - After you have edited the definitions, restart the services for the purpose of using the Interstage Management Console.
ii-i) Stop the services.
# ismngconsolestop
ii-ii) Start the services.
# ismngconsolestart
- Product [e] (V6.0 for Windows)
- Add the directives shown below to the end of the environment definition file of the Web server being used by the Interstage Management Console ([the folder this product is installed in]\gui\etc\httpd.conf).
LoadModule rewrite_module 'C:/Interstage/F3FMihs/modules/mod_rewrite.so'
AddModule mod_rewrite.c
< Location /IsAdmin/download >
RewriteEngine On
RewriteCond %{QUERY_STRING} !dirname=C:\\Interstage\\gui\\isAdmin\\var\\download [OR]
RewriteCond %{QUERY_STRING} &.*& [OR]
RewriteCond %{QUERY_STRING} \.\.(/|\\) [OR]
RewriteCond %{QUERY_STRING} (/|\\)\.\.
RewriteRule .* - [F]
< /Location >
< Location /IsAdmin/servlet >
RewriteEngine On
RewriteCond %{PATH_INFO} ^/download [OR]
RewriteCond %{PATH_INFO} ^/com\.fujitsu\.interstage\.isAdmin\.WorkUnit\.IJServerLogServlet
RewriteCond %{QUERY_STRING} !dirname=C:\\Interstage\\gui\\isAdmin\\var\\download [OR]
RewriteCond %{QUERY_STRING} &.*& [OR]
RewriteCond %{QUERY_STRING} \.\.(/|\\) [OR]
RewriteCond %{QUERY_STRING} (/|\\)\.\.
RewriteRule .* - [F]
< /Location >
Note: In the above definition, it is assumed that the product is installed in 'C:\Interstage'
If the product is saved in a directory other than 'C:\Interstage', replace all instances of 'C:\Interstage' with the actual installation path of the product.
For example, if the product is installed in 'C:\SOFT\Interstage' as shown in the example below.
LoadModule rewrite_module "C:/SOFT/Interstage/F3FMihs/modules/mod_rewrite.so"
RewriteCond %{QUERY_STRING} !dirname=C:\\SOFT\\Interstage\\gui\\isAdmin\\var\\download [OR] - After you have edited the definitions, restart the Web server being used by the Interstage Management Console.
ii-i)Restart the following service.
'Interstage Operation Tool(FJapache)'
- Product [f] (V6.0L10C for Windows)
- Add the directives shown below to the end of the environment definition file of the Web server being used by the Interstage Management Console ([the folder this product is installed in]\gui\etc\httpd.conf).
LoadModule rewrite_module 'C:/Interstage/F3FMihs/modules/mod_rewrite.so'
AddModule mod_rewrite.c
< Location /IsAdmin/download >
RewriteEngine On
RewriteCond %{QUERY_STRING} !dirname=C:\\Interstage\\gui\\isAdmin\\var\\download [OR]
RewriteCond %{QUERY_STRING} &.*& [OR]
RewriteCond %{QUERY_STRING} \.\.(/|\\) [OR]
RewriteCond %{QUERY_STRING} (/|\\)\.\.
RewriteRule .* - [F]
< /Location >
< Location /IsAdmin/servlet/download >
RewriteEngine On
RewriteCond %{QUERY_STRING} !dirname=C:\\Interstage\\gui\\isAdmin\\var\\download [OR]
RewriteCond %{QUERY_STRING} &.*& [OR]
RewriteCond %{QUERY_STRING} \.\.(/|\\) [OR]
RewriteCond %{QUERY_STRING} (/|\\)\.\.
RewriteRule .* - [F]
< /Location >
< Location /IsAdmin/servlet/com.fujitsu.interstage.isAdmin.WorkUnit.IJServerLogServlet >
RewriteEngine On
RewriteCond %{QUERY_STRING} !dirname=C:\\Interstage\\gui\\isAdmin\\var\\download [OR]
RewriteCond %{QUERY_STRING} &.*& [OR]
RewriteCond %{QUERY_STRING} \.\.(/|\\) [OR]
RewriteCond %{QUERY_STRING} (/|\\)\.\.
RewriteRule .* - [F]
< /Location >
Note: In the above definition, it is assumed that the product is installed in 'C:\Interstage'
If the product is saved in a directory other than 'C:\Interstage', replace all instances of 'C:\Interstage' with the actual installation path of the product.
For example, if the product is installed in'C:\SOFT\Interstage' as shown in the example below.
LoadModule rewrite_module "C:/SOFT/Interstage/F3FMihs/modules/mod_rewrite.so"
RewriteCond %{QUERY_STRING} !dirname=C:\\SOFT\\Interstage\\gui\\isAdmin\\var\\download [OR] - After you have edited the definitions, restart the Web server being used by the Interstage Management Console.
ii-i)Restart the following service.
'Interstage Operation Tool(FJapache)'
- Product [g] (V7, V8 for Windows)
- Add the directives shown below to the end of the environment definition file of the Web server being used by the Interstage Management Console ([the folder this product is installed in] \gui\etc\httpd.conf).
LoadModule rewrite_module 'C:/Interstage/F3FMihs/modules/mod_rewrite.so'
AddModule mod_rewrite.c
< Location /IsAdmin/download >
RewriteEngine On
RewriteCond %{QUERY_STRING} !dirname=C:\\Interstage\\gui\\isAdmin\\var\\download [OR]
RewriteCond %{QUERY_STRING} &.*& [OR]
RewriteCond %{QUERY_STRING} \.\.(/|\\) [OR]
RewriteCond %{QUERY_STRING} (/|\\)\.\.
RewriteRule .* - [F]
< /Location >
< Location /IsAdmin/servlet/download >
RewriteEngine On
RewriteCond %{QUERY_STRING} !dirname=C:\\Interstage\\gui\\isAdmin\\var\\download [OR]
RewriteCond %{QUERY_STRING} &.*& [OR]
RewriteCond %{QUERY_STRING} \.\.(/|\\) [OR]
RewriteCond %{QUERY_STRING} (/|\\)\.\.
RewriteRule .* - [F]
< /Location >
< Location /IsAdmin/servlet/com.fujitsu.interstage.isAdmin.WorkUnit.IJServerLogServlet >
RewriteEngine On
RewriteCond %{QUERY_STRING} !dirname=C:\\Interstage\\gui\\isAdmin\\var\\download [OR]
RewriteCond %{QUERY_STRING} &.*& [OR]
RewriteCond %{QUERY_STRING} \.\.(/|\\) [OR]
RewriteCond %{QUERY_STRING} (/|\\)\.\.
RewriteRule .* - [F]
< /Location >
< Location /IsAdmin/WUdownload >
RewriteEngine On
RewriteCond %{QUERY_STRING} !dirname=C:\\Interstage\\gui\\isAdmin\\var\\webservice\\download [OR]
RewriteCond %{QUERY_STRING} &.*& [OR]
RewriteCond %{QUERY_STRING} \.\.(/|\\) [OR]
RewriteCond %{QUERY_STRING} (/|\\)\.\.
RewriteRule .* - [F]
< /Location >
< Location /IsAdmin/servlet/WUdownload >
RewriteEngine On
RewriteCond %{QUERY_STRING} !dirname=C:\\Interstage\\gui\\isAdmin\\var\\webservice\\download [OR]
RewriteCond %{QUERY_STRING} &.*& [OR]
RewriteCond %{QUERY_STRING} \.\.(/|\\) [OR]
RewriteCond %{QUERY_STRING} (/|\\)\.\.
RewriteRule .* - [F]
< /Location >
< Location /IsAdmin/servlet/com.fujitsu.interstage.isAdmin.WorkUnit.WUDownloadServlet >
RewriteEngine On
RewriteCond %{QUERY_STRING} !dirname=C:\\Interstage\\gui\\isAdmin\\var\\webservice\\download [OR]
RewriteCond %{QUERY_STRING} &.*& [OR]
RewriteCond %{QUERY_STRING} \.\.(/|\\) [OR]
RewriteCond %{QUERY_STRING} (/|\\)\.\.
RewriteRule .* - [F]
< /Location >
< Location /IsAdmin/WWWdownload >
RewriteEngine On
RewriteCond %{QUERY_STRING} !dirname=C:\\Interstage\\gui\\isAdmin\\var\\download [OR]
RewriteCond %{QUERY_STRING} &.*&.*& [OR]
RewriteCond %{QUERY_STRING} \.\.(/|\\) [OR]
RewriteCond %{QUERY_STRING} (/|\\)\.\.
RewriteRule .* - [F]
< /Location >
< Location /IsAdmin/servlet/WWWdownload >
RewriteEngine On
RewriteCond %{QUERY_STRING} !dirname=C:\\Interstage\\gui\\isAdmin\\var\\download [OR]
RewriteCond %{QUERY_STRING} &.*&.*& [OR]
RewriteCond %{QUERY_STRING} \.\.(/|\\) [OR]
RewriteCond %{QUERY_STRING} (/|\\)\.\.
RewriteRule .* - [F]
< /Location >
< Location /IsAdmin/servlet/com.fujitsu.interstage.isAdmin.www.WWWLogServlet >
RewriteEngine On
RewriteCond %{QUERY_STRING} !dirname=C:\\Interstage\\gui\\isAdmin\\var\\download [OR]
RewriteCond %{QUERY_STRING} &.*&.*& [OR]
RewriteCond %{QUERY_STRING} \.\.(/|\\) [OR]
RewriteCond %{QUERY_STRING} (/|\\)\.\.
RewriteRule .* - [F]
< /Location >
Note: In the above definition, it is assumed that the product is installed in 'C:\Interstage'
If the product is saved in a directory other than 「C:\Interstage」, replace all instances of 'C:\Interstage' with the actual installation path of the product.
For example, if the product is installed in 'C:\SOFT\Interstage' as shown in the example below.
LoadModule rewrite_module "C:/SOFT/Interstage/F3FMihs/modules/mod_rewrite.so"
RewriteCond %{QUERY_STRING} !dirname=C:\\SOFT\\Interstage\\gui\\isAdmin\\var\\download [OR]
RewriteCond %{QUERY_STRING} !dirname=C:\\SOFT\\Interstage\\gui\\isAdmin\\var\\webservice\\download [OR] - After you have edited the definitions, restart the Web server being used by the Interstage Management Console.
ii-i)Restart the following service
'Interstage Operation Tool(FJapache)'
- Product [h] (V9 for Windows)
- Add the directives shown below to the end of the environment definition file of the Web server being used by the Interstage Management Console ([the folder this product is installed in]\gui\etc\httpd.conf).
LoadModule rewrite_module 'C:/Interstage/F3FMihs/modules/mod_rewrite.so'
< Location /IsAdmin/download >
RewriteEngine On
RewriteCond %{QUERY_STRING} !dirname=C:\\Interstage\\gui\\isAdmin\\var\\download [OR]
RewriteCond %{QUERY_STRING} &.*& [OR]
RewriteCond %{QUERY_STRING} \.\.(/|\\) [OR]
RewriteCond %{QUERY_STRING} (/|\\)\.\.
RewriteRule .* - [F]
< /Location >
< Location /IsAdmin/servlet/download >
RewriteEngine On
RewriteCond %{QUERY_STRING} !dirname=C:\\Interstage\\gui\\isAdmin\\var\\download [OR]
RewriteCond %{QUERY_STRING} &.*& [OR]
RewriteCond %{QUERY_STRING} \.\.(/|\\) [OR]
RewriteCond %{QUERY_STRING} (/|\\)\.\.
RewriteRule .* - [F]
< /Location >
< Location /IsAdmin/servlet/com.fujitsu.interstage.isAdmin.WorkUnit.IJServerLogServlet >
RewriteEngine On
RewriteCond %{QUERY_STRING} !dirname=C:\\Interstage\\gui\\isAdmin\\var\\download [OR]
RewriteCond %{QUERY_STRING} &.*& [OR]
RewriteCond %{QUERY_STRING} \.\.(/|\\) [OR]
RewriteCond %{QUERY_STRING} (/|\\)\.\.
RewriteRule .* - [F]
< /Location >
< Location /IsAdmin/WUdownload >
RewriteEngine On
RewriteCond %{QUERY_STRING} !dirname=C:\\Interstage\\gui\\isAdmin\\var\\webservice\\download [OR]
RewriteCond %{QUERY_STRING} &.*& [OR]
RewriteCond %{QUERY_STRING} \.\.(/|\\) [OR]
RewriteCond %{QUERY_STRING} (/|\\)\.\.
RewriteRule .* - [F]
< /Location >
< Location /IsAdmin/servlet/WUdownload >
RewriteEngine On
RewriteCond %{QUERY_STRING} !dirname=C:\\Interstage\\gui\\isAdmin\\var\\webservice\\download [OR]
RewriteCond %{QUERY_STRING} &.*& [OR]
RewriteCond %{QUERY_STRING} \.\.(/|\\) [OR]
RewriteCond %{QUERY_STRING} (/|\\)\.\.
RewriteRule .* - [F]
< /Location >
< Location /IsAdmin/servlet/com.fujitsu.interstage.isAdmin.WorkUnit.WUDownloadServlet >
RewriteEngine On
RewriteCond %{QUERY_STRING} !dirname=C:\\Interstage\\gui\\isAdmin\\var\\webservice\\download [OR]
RewriteCond %{QUERY_STRING} &.*& [OR]
RewriteCond %{QUERY_STRING} \.\.(/|\\) [OR]
RewriteCond %{QUERY_STRING} (/|\\)\.\.
RewriteRule .* - [F]
< /Location >
< Location /IsAdmin/WWWdownload >
RewriteEngine On
RewriteCond %{QUERY_STRING} !dirname=C:\\Interstage\\gui\\isAdmin\\var\\download [OR]
RewriteCond %{QUERY_STRING} &.*&.*& [OR]
RewriteCond %{QUERY_STRING} \.\.(/|\\) [OR]
RewriteCond %{QUERY_STRING} (/|\\)\.\.
RewriteRule .* - [F]
< /Location >
< Location /IsAdmin/servlet/WWWdownload >
RewriteEngine On
RewriteCond %{QUERY_STRING} !dirname=C:\\Interstage\\gui\\isAdmin\\var\\download [OR]
RewriteCond %{QUERY_STRING} &.*&.*& [OR]
RewriteCond %{QUERY_STRING} \.\.(/|\\) [OR]
RewriteCond %{QUERY_STRING} (/|\\)\.\.
RewriteRule .* - [F]
< /Location >
< Location /IsAdmin/servlet/com.fujitsu.interstage.isAdmin.www.WWWLogServlet >
RewriteEngine On
RewriteCond %{QUERY_STRING} !dirname=C:\\Interstage\\gui\\isAdmin\\var\\download [OR]
RewriteCond %{QUERY_STRING} &.*&.*& [OR]
RewriteCond %{QUERY_STRING} \.\.(/|\\) [OR]
RewriteCond %{QUERY_STRING} (/|\\)\.\.
RewriteRule .* - [F]
< /Location >
Note: In the above definition, it is assumed that the product is installed in 'C:\Interstage'
If the product is saved in a directory other than 'C:\Interstage', replace all instances of 'C:\Interstage' with the actual installation path of the product.
For example, if the product is installed in 'C:\SOFT\Interstage' as shown in the example below.
LoadModule rewrite_module 'C:/SOFT/Interstage/F3FMihs/modules/mod_rewrite.so'
RewriteCond %{QUERY_STRING} !dirname=C:\\SOFT\\Interstage\\gui\\isAdmin\\var\\download [OR]
RewriteCond %{QUERY_STRING} !dirname=C:\\SOFT\\Interstage\\gui\\isAdmin\\var\\webservice\\download [OR] - After you have edited the definitions, restart the Web server being used by the Interstage Management Console.
ii-i)Restart the following service
'Interstage Operation Tool(FJapache)'
4. Revision history
- February 13th, 2012 :2nd release
- Add some products to "3-2. Affected products and required patch".
- June 10th, 2008 : Initial release