Interstage HTTP Serverにおけるサービス妨害(DoS)とクロスサイトスクリプティング(XSS)の問題 (2006年6月5日)
1.背景と問題点
Interstage Application Server、Interstage Application Framework Suite、Interstage Apworks、Interstage Business Application Server 及び、Systemwalker Resource Coordinatorが提供するInterstage HTTP Serverにおいて、下記3件のセキュリティに関する脆弱性の問題を抱えていることが確認されました。
1)SSLを使用した運用におけるサービス妨害(DoS)の問題
2)イメージマップ機能におけるクロスサイトスクリプティングの問題
本脆弱性問題はCVE-2005-3352に該当します。
3)オンライン照合機能におけるサービス妨害(DoS)及び、任意のコードが実行される問題
本脆弱性問題はCVE-2006-0150に該当します。
富士通は、3.に示すセキュリティパッチを提供していますので、早急に適用する様にお願いします。
Interstage製品については以下のページを参照してください。
https://www.fujitsu.com/jp/products/software/middleware/business-middleware/interstage/
2. 一時的な回避方法
ありません。
3. 該当システム・パッチ情報
該当システム
GP7000F, PRIMEPOWER, GP-S, PRIMERGY, GP5000, CELSIUS, FMV, PRIMEQUEST
・Interstage Application Framework Suite
・Interstage Application Server
・Interstage Apworks
・Interstage Business Application Server
・Systemwalker Resource Coordinator
製品名 | 対象OS | パッケージ名 | Patch ID |
---|---|---|---|
Interstage Application Framework Suite Enterprise Edition V6.0L10 | Windows | F3FMihs | TP28431 |
Interstage Application Framework Suite Standard Edition V6.0L10 | Windows | F3FMihs | TP28431 |
Interstage Application Framework Suite Web Edition V6.0L10 | Windows | F3FMihs | TP28431 |
Interstage Application Framework Suite Web Edition V6.0L10A | Windows | F3FMihs | TP28431 |
Interstage Application Framework Suite Enterprise Edition V6.0L10B | Windows | F3FMihs | TP28431 |
Interstage Application Framework Suite Standard Edition V6.0L10B | Windows | F3FMihs | TP28431 |
Interstage Application Framework Suite Web Edition V6.0L10B | Windows | F3FMihs | TP28431 |
Interstage Application Framework Suite Enterprise Edition V6.0L10C | Windows | F3FMihs | TP48431 |
Interstage Application Framework Suite Standard Edition V6.0L10C | Windows | F3FMihs | TP48431 |
Interstage Application Framework Suite Web Edition V6.0L10C | Windows | F3FMihs | TP48431 |
Interstage Application Framework Suite Standard Edition V7.0L10 | Windows | F3FMihs | TP38431 |
Interstage Application Framework Suite Web Edition V7.0L10 | Windows | F3FMihs | TP38431 |
Interstage Application Framework Suite Standard Edition V7.0L11 | Windows | F3FMihs | TP38431 |
Interstage Application Framework Suite Web Edition V7.0L11 | Windows | F3FMihs | TP38431 |
Interstage Application Framework Suite Enterprise Edition 6.0 | Solaris | FJSVihs | T0103S-04 |
Interstage Application Framework Suite Standard Edition 6.0 | Solaris | FJSVihs | T0103S-04 |
Interstage Application Framework Suite Web Edition 6.0 | Solaris | FJSVihs | T0103S-04 |
Interstage Application Framework Suite Enterprise Edition 6.0.1 | Solaris | FJSVihs | T0138S-03 |
Interstage Application Framework Suite Standard Edition 6.0.1 | Solaris | FJSVihs | T0138S-03 |
Interstage Application Framework Suite Web Edition 6.0.1 | Solaris | FJSVihs | T0138S-03 |
Interstage Application Framework Suite Enterprise Edition 6.0.2 | Solaris | FJSVihs | T016RS-02 |
Interstage Application Framework Suite Standard Edition 6.0.2 | Solaris | FJSVihs | T016RS-02 |
Interstage Application Framework Suite Web Edition 6.0.2 | Solaris | FJSVihs | T016RS-02 |
Interstage Application Framework Suite Standard Edition 7.0 | Solaris | FJSVihs | T013RS-03 |
Interstage Application Framework Suite Web Edition 7.0 | Solaris | FJSVihs | T013RS-03 |
Interstage Application Framework Suite Enterprise Edition 7.0.1 | Solaris | FJSVihs | T013RS-03 |
Interstage Application Framework Suite Standard Edition 7.0.2 | Solaris | FJSVihs | T023AS-01 |
Interstage Application Framework Suite Web Edition 7.0.2 | Solaris | FJSVihs | T023AS-01 |
Interstage Application Framework Suite Enterprise Edition V6.0L10 | RHEL-AS3(x86)/ES3(x86) | FJSVihs | T00258-04 |
Interstage Application Framework Suite Standard Edition V6.0L10 | RHEL-AS3(x86)/ES3(x86) | FJSVihs | T00258-04 |
Interstage Application Framework Suite Web Edition V6.0L10 (注) | RHEL-AS2.1(x86)/ES2.1(x86) | FJSVihs | T00258-04 |
Interstage Application Framework Suite Web Edition V6.0L11 (注) | RHEL-AS2.1(x86)/ES2.1(x86)/AS3(x86)/ES3(x86) | FJSVihs | T00258-04 |
Interstage Application Framework Suite Standard Edition V7.0L10 | RHEL-AS3(x86)/ES3(x86) | FJSVihs | T00603-02 |
Interstage Application Framework Suite Web Edition V7.0L10 (注) | RHEL-AS3(x86)/ES3(x86) | FJSVihs | T00603-02 |
Interstage Application Framework Suite Standard Edition V7.0L11 | RHEL-AS3(x86)/ES3(x86)/AS4(x86) | FJSVihs | T00603-02 |
Interstage Application Framework Suite Web Edition V7.0L11 (注) | RHEL-AS3(x86)/ES3(x86)/AS4(x86) | FJSVihs | T00603-02 |
(注)で示した製品は、オンライン照合機能をサポートしていないため、3)の脆弱性問題は該当しません。
製品名 | 対象OS | パッケージ名 | Patch ID |
---|---|---|---|
Interstage Application Server Enterprise Edition V5.0L10 | Windows | F3FMihs | TP08431 |
Interstage Application Server Standard Edition V5.0L10 | Windows | F3FMihs | TP08431 |
Interstage Application Server Web-J Edition V5.0L10 | Windows | F3FMihs | TP08431 |
Interstage Application Server Enterprise Edition V5.0L10A | Windows | F3FMihs | TP08431 |
Interstage Application Server Standard Edition V5.0L10A | Windows | F3FMihs | TP08431 |
Interstage Application Server Web-J Edition V5.0L10A | Windows | F3FMihs | TP08431 |
Interstage Application Server Enterprise Edition V5.0L10B | Windows | F3FMihs | TP08431 |
Interstage Application Server Standard Edition V5.0L10B | Windows | F3FMihs | TP08431 |
Interstage Application Server Web-J Edition V5.0L10B | Windows | F3FMihs | TP08431 |
Interstage Application Server Enterprise Edition V5.0L20 | Windows | F3FMihs | TP18431 |
Interstage Application Server Standard Edition V5.0L20 | Windows | F3FMihs | TP18431 |
Interstage Application Server Web-J Edition V5.0L20 | Windows | F3FMihs | TP18431 |
Interstage Application Server Plus V5.0L20 | Windows | F3FMihs | TP18431 |
Interstage Application Server Plus Developer V5.0L20 | Windows | F3FMihs | TP18431 |
Interstage Application Server Enterprise Edition V5.0L20A | Windows | F3FMihs | TP18431 |
Interstage Application Server Standard Edition V5.0L20A | Windows | F3FMihs | TP18431 |
Interstage Application Server Web-J Edition V5.0L20A | Windows | F3FMihs | TP18431 |
Interstage Application Server Plus V5.0L20A | Windows | F3FMihs | TP18431 |
Interstage Application Server Enterprise Edition V6.0L10 | Windows | F3FMihs | TP28431 |
Interstage Application Server Standard Edition V6.0L10 | Windows | F3FMihs | TP28431 |
Interstage Application Server Web-J Edition V6.0L10 | Windows | F3FMihs | TP28431 |
Interstage Application Server Plus V6.0L10 | Windows | F3FMihs | TP28431 |
Interstage Application Server Plus Developer V6.0L10 | Windows | F3FMihs | TP28431 |
Interstage Application Server Web-J Edition V6.0L10A | Windows | F3FMihs | TP28431 |
Interstage Application Server Plus V6.0L10A | Windows | F3FMihs | TP28431 |
Interstage Application Server Enterprise Edition V6.0L10B | Windows | F3FMihs | TP28431 |
Interstage Application Server Standard Edition V6.0L10B | Windows | F3FMihs | TP28431 |
Interstage Application Server Web-J Edition V6.0L10B | Windows | F3FMihs | TP28431 |
Interstage Application Server Plus V6.0L10B | Windows | F3FMihs | TP28431 |
Interstage Application Server Enterprise Edition V6.0L10C | Windows | F3FMihs | TP48431 |
Interstage Application Server Standard Edition V6.0L10C | Windows | F3FMihs | TP48431 |
Interstage Application Server Web-J Edition V6.0L10C | Windows | F3FMihs | TP48431 |
Interstage Application Server Plus V6.0L10C | Windows | F3FMihs | TP48431 |
Interstage Application Server Enterprise Edition V7.0L10 | Windows | F3FMihs | TP38431 |
Interstage Application Server Standard Edition V7.0L10 | Windows | F3FMihs | TP38431 |
Interstage Application Server Web-J Edition V7.0L10 | Windows | F3FMihs | TP38431 |
Interstage Application Server Plus V7.0L10 | Windows | F3FMihs | TP38431 |
Interstage Application Server Plus Developer V7.0L10 | Windows | F3FMihs | TP38431 |
Interstage Application Server Web-J Edition V7.0L10A | Windows | F3FMihs | TP38431 |
Interstage Application Server Enterprise Edition V7.0L11 | Windows | F3FMihs | TP38431 |
Interstage Application Server Standard Edition V7.0L11 | Windows | F3FMihs | TP38431 |
Interstage Application Server Web-J Edition V7.0L11 | Windows | F3FMihs | TP38431 |
Interstage Application Server Plus V7.0L11 | Windows | F3FMihs | TP38431 |
Interstage Application Server Enterprise Edition 5.0 | Solaris | FJSVihs | 912327-08 |
Interstage Application Server Standard Edition 5.0 | Solaris | FJSVihs | 912327-08 |
Interstage Application Server Web-J Edition 5.0 | Solaris | FJSVihs | 912327-08 |
Interstage Application Server Enterprise Edition 5.0.1 | Solaris | FJSVihs | 912499-06 |
Interstage Application Server Standard Edition 5.0.1 | Solaris | FJSVihs | 912499-06 |
Interstage Application Server Web-J Edition 5.0.1 | Solaris | FJSVihs | 912499-06 |
Interstage Application Server Enterprise Edition 5.1 | Solaris | FJSVihs | 913075-08 |
Interstage Application Server Standard Edition 5.1 | Solaris | FJSVihs | 913075-08 |
Interstage Application Server Web-J Edition 5.1 | Solaris | FJSVihs | 913075-08 |
Interstage Application Server Plus 5.1 | Solaris | FJSVihs | 913075-08 |
Interstage Application Server Enterprise Edition 5.1.1 | Solaris | FJSVihs | 913075-08 |
Interstage Application Server Standard Edition 5.1.1 | Solaris | FJSVihs | 913075-08 |
Interstage Application Server Web-J Edition 5.1.1 | Solaris | FJSVihs | 913075-08 |
Interstage Application Server Plus 5.1.1 | Solaris | FJSVihs | 913075-08 |
Interstage Application Server Enterprise Edition 6.0 | Solaris | FJSVihs | T0103S-04 |
Interstage Application Server Standard Edition 6.0 | Solaris | FJSVihs | T0103S-04 |
Interstage Application Server Web-J Edition 6.0 | Solaris | FJSVihs | T0103S-04 |
Interstage Application Server Plus 6.0 | Solaris | FJSVihs | T0103S-04 |
Interstage Application Server Enterprise Edition 6.0.1 | Solaris | FJSVihs | T0138S-03 |
Interstage Application Server Standard Edition 6.0.1 | Solaris | FJSVihs | T0138S-03 |
Interstage Application Server Web-J Edition 6.0.1 | Solaris | FJSVihs | T0138S-03 |
Interstage Application Server Plus 6.0.1 | Solaris | FJSVihs | T0138S-03 |
Interstage Application Server Enterprise Edition 6.0.2 | Solaris | FJSVihs | T016RS-02 |
Interstage Application Server Standard Edition 6.0.2 | Solaris | FJSVihs | T016RS-02 |
Interstage Application Server Web-J Edition 6.0.2 | Solaris | FJSVihs | T016RS-02 |
Interstage Application Server Plus 6.0.2 | Solaris | FJSVihs | T016RS-02 |
Interstage Application Server Enterprise Edition 7.0 | Solaris | FJSVihs | T013RS-03 |
Interstage Application Server Standard Edition 7.0 | Solaris | FJSVihs | T013RS-03 |
Interstage Application Server Web-J Edition 7.0 | Solaris | FJSVihs | T013RS-03 |
Interstage Application Server Plus 7.0 | Solaris | FJSVihs | T013RS-03 |
Interstage Application Server Enterprise Edition 7.0.1 | Solaris | FJSVihs | T023AS-01 |
Interstage Application Server Standard Edition 7.0.1 | Solaris | FJSVihs | T023AS-01 |
Interstage Application Server Web-J Edition 7.0.1 | Solaris | FJSVihs | T023AS-01 |
Interstage Application Server Plus 7.0.1 | Solaris | FJSVihs | T023AS-01 |
Interstage Application Server Enterprise Edition V5.0L10 (注) | Turbolinux 7 Server | FJSVihs | T00019-07 |
Interstage Application Server Standard Edition V5.0L10 (注) | Turbolinux 7 Server | FJSVihs | T00019-07 |
Interstage Application Server Web-J Edition V5.0L10 (注) | Turbolinux 7 Server | FJSVihs | T00019-07 |
Interstage Application Server Enterprise Edition V5.0L11 (注) | Turbolinux 7 Server
RHEL-AS2.1(x86)/ES2.1(x86) | FJSVihs | T00034-06 |
Interstage Application Server Standard Edition V5.0L11 (注) | Turbolinux 7 Server
RHEL-AS2.1(x86)/ES2.1(x86) | FJSVihs | T00034-06 |
Interstage Application Server Web-J Edition V5.0L11 (注) | Turbolinux 7 Server
RHEL-AS2.1(x86)/ES2.1(x86) | FJSVihs | T00034-06 |
Interstage Application Server Enterprise Edition V5.0L20 | Turbolinux 7 Server
RHEL-AS2.1(x86)/ES2.1(x86) | FJSVihs | T00091-05 |
Interstage Application Server Standard Edition V5.0L20 | Turbolinux 7 Server
RHEL-AS2.1(x86)/ES2.1(x86) | FJSVihs | T00091-05 |
Interstage Application Server Web-J Edition V5.0L20 (注) | Turbolinux 7 Server
Turbolinux 8 Server RHEL-AS2.1(x86)/ES2.1(x86) | FJSVihs | T00091-05 |
Interstage Application Server Plus V5.0L20 | Turbolinux 7 Server
RHEL-AS2.1(x86)/ES2.1(x86) | FJSVihs | T00091-05 |
Interstage Application Server Enterprise Edition V6.0L10 | RHEL-AS3(x86)/ES3(x86) | FJSVihs | T00258-04 |
Interstage Application Server Standard Edition V6.0L10 | RHEL-AS3(x86)/ES3(x86) | FJSVihs | T00258-04 |
Interstage Application Server Web-J Edition V6.0L10 (注) | RHEL-AS2.1(x86)/ES2.1(x86) | FJSVihs | T00258-04 |
Interstage Application Server Plus V6.0L10 | RHEL-AS2.1(x86)/ES2.1(x86) | FJSVihs | T00258-04 |
Interstage Application Server Web-J Edition V6.0L11 (注) | RHEL-AS2.1(x86)/ES2.1(x86)/AS3(x86)/ES3(x86) | FJSVihs | T00258-04 |
Interstage Application Server Plus V6.0L11 | RHEL-AS2.1(x86)/ES2.1(x86)/AS3(x86)/ES3(x86) | FJSVihs | T00258-04 |
Interstage Application Server Enterprise Edition V7.0L10 | RHEL-AS4(IPF) | FJSVihs | - |
Interstage Application Server Enterprise Edition V7.0L10 | RHEL-AS3(x86)/ES3(x86) | FJSVihs | T00603-02 |
Interstage Application Server Standard Edition V7.0L10 | RHEL-AS3(x86)/ES3(x86) | FJSVihs | T00603-02 |
Interstage Application Server Web-J Edition V7.0L10 (注) | RHEL-AS3(x86)/ES3(x86) | FJSVihs | T00603-02 |
Interstage Application Server Plus V7.0L10 | RHEL-AS3(x86)/ES3(x86) | FJSVihs | T00603-02 |
Interstage Application Server Enterprise Edition V7.0L11 | RHEL-AS3(x86)/ES3(x86)/AS4(x86) | FJSVihs | T00603-02 |
Interstage Application Server Standard Edition V7.0L11 | RHEL-AS3(x86)/ES3(x86)/AS4(x86) | FJSVihs | T00603-02 |
Interstage Application Server Web-J Edition V7.0L11 (注) | RHEL-AS3(x86)/ES3(x86)/AS4(x86) | FJSVihs | T00603-02 |
Interstage Application Server Plus V7.0L11 | RHEL-AS3(x86)/ES3(x86)/AS4(x86) | FJSVihs | T00603-02 |
(注)で示した製品は、オンライン照合機能をサポートしていないため、3)の脆弱性問題は該当しません。
製品名 | 対象OS | パッケージ名 | Patch ID |
---|---|---|---|
Interstage Apworks Enterprise Edition V6.0L10 | Windows | F3FMihs | TP28431 |
Interstage Apworks Standard Edition V6.0L10 | Windows | F3FMihs | TP28431 |
Interstage Apworks Modelers-J Edition V6.0L10 | Windows | F3FMihs | TP28431 |
Interstage Apworks Enterprise Edition V6.0L10A | Windows | F3FMihs | TP28431 |
Interstage Apworks Standard Edition V6.0L10A | Windows | F3FMihs | TP28431 |
Interstage Apworks Modelers-J Edition V6.0L10A | Windows | F3FMihs | TP28431 |
Interstage Apworks Enterprise Edition V6.0L10B | Windows | F3FMihs | TP28431 |
Interstage Apworks Enterprise Edition V7.0L10 | Windows | F3FMihs | TP38431 |
Interstage Apworks Standard Edition V7.0L10 | Windows | F3FMihs | TP38431 |
Interstage Apworks Modelers-J Edition V7.0L10 | Windows | F3FMihs | TP38431 |
製品名 | 対象OS | パッケージ名 | Patch ID |
---|---|---|---|
Interstage Business Application Server Enterprise Edition 7.0 | Solaris | FJSVihs | T013RS-03 |
Interstage Business Application Server Enterprise Edition 7.0.1 | Solaris | FJSVihs | T013RS-03 |
製品名 | 対象OS | パッケージ名 | Patch ID |
---|---|---|---|
Systemwalker Resource Coordinator 12.1 | Solaris | FJSVihs | T013RS-03 |
Systemwalker Resource Coordinator 12.2 | Solaris | FJSVihs | T023AS-01 |
Systemwalker Resource Coordinator V12.0L20 | RHEL-AS3(x86)/ES3(x86) | FJSVihs | T00603-02 |
Systemwalker Resource Coordinator V12.0L30 | RHEL-AS3(x86)/ES3(x86) | FJSVihs | T00603-02 |
上記Linux向けのパッチに関しては、お手数ですがLinuxのサポート窓口(有償)にご連絡ください。
お手数ですが、本修正の入手方法など詳細に関しましては、当社サポート窓口にお問い合わせください。
4. 改版履歴
- 2006年6月5日 新規掲載