Interstage HTTP Serverにおけるクロスサイトスクリプティング(XSS)の問題(CVE-2007-5000) (2008年12月17日)


本セキュリティサイトについてのご注意

1.脆弱性の説明

Interstage HTTP Serverのイメージマップ機能において、クロスサイトスクリプティン グ(XSS)脆弱性の問題が確認されました。本脆弱性問題は、CVE-2007-5000に該当します。

富士通は、3.に示すセキュリティパッチを提供していますので、早急に適用する様に お願いします。

Interstage製品については以下のページを参照してください。
https://www.fujitsu.com/jp/products/software/middleware/business-middleware/interstage/

2. 脆弱性のもたらす脅威

クロスサイトスクリプティング(XSS)の脆弱性を利用すると、ユーザのWebブラウザ上で任意のスクリプトを実行される可能性があります。

3. 該当システム・対策情報

3-1.該当システム

GP7000F, PRIMEPOWER, GP-S, PRIMERGY, GP5000, CELSIUS, FMVシリーズ, AT互換機, PRIMEQUEST, SPARC Enterprise

3-2.該当製品・対策Patch

注意)後述する回避方法は、製品ごとに設定内容が異なるものがあります。製品名末尾の括弧内記載記号は、回避方法(3)の設定内容に対応しています。

Interstage Application Server
Interstage Web Server
Interstage Application Framework Suite
Interstage Apworks
Interstage Studio
Interstage Business Application Server
Interstage Job Workload Server
Systemwalker Resource Coordinator

Interstage Application Server
製品名対象OSパッケージ名Patch ID
Interstage Application Server Enterprise Edition V5.0L10 [a]WindowsF3FMihsTP09823
Interstage Application Server Standard Edition V5.0L10 [a]WindowsF3FMihsTP09823
Interstage Application Server Web-J Edition V5.0L10 [a]WindowsF3FMihsTP09823
Interstage Application Server Enterprise Edition V5.0L10A [a]WindowsF3FMihsTP09823
Interstage Application Server Standard Edition V5.0L10A [a]WindowsF3FMihsTP09823
Interstage Application Server Web-J Edition V5.0L10A [a]WindowsF3FMihsTP09823
Interstage Application Server Enterprise Edition V5.0L10B [a]WindowsF3FMihsTP09823
Interstage Application Server Standard Edition V5.0L10B [a]WindowsF3FMihsTP09823
Interstage Application Server Web-J Edition V5.0L10B [a]WindowsF3FMihsTP09823
Interstage Application Server Enterprise Edition V5.0L20 [a]WindowsF3FMihsTP19823
Interstage Application Server Standard Edition V5.0L20 [a]WindowsF3FMihsTP19823
Interstage Application Server Web-J Edition V5.0L20 [a]WindowsF3FMihsTP19823
Interstage Application Server Plus V5.0L20 [a]WindowsF3FMihsTP19823
Interstage Application Server Plus Developer V5.0L20 [a]WindowsF3FMihsTP19823
Interstage Application Server Enterprise Edition V5.0L20A [a]WindowsF3FMihsTP19823
Interstage Application Server Standard Edition V5.0L20A [a]WindowsF3FMihsTP19823
Interstage Application Server Web-J Edition V5.0L20A [a]WindowsF3FMihsTP19823
Interstage Application Server Plus V5.0L20A [a]WindowsF3FMihsTP19823
Interstage Application Server Enterprise Edition V6.0L10 [a]WindowsF3FMihsTP29823
Interstage Application Server Standard Edition V6.0L10 [a]WindowsF3FMihsTP29823
Interstage Application Server Web-J Edition V6.0L10 [a]WindowsF3FMihsTP29823
Interstage Application Server Plus V6.0L10 [a]WindowsF3FMihsTP29823
Interstage Application Server Plus Developer V6.0L10 [a]WindowsF3FMihsTP29823
Interstage Application Server Web-J Edition V6.0L10A [a]WindowsF3FMihsTP29823
Interstage Application Server Plus V6.0L10A [a]WindowsF3FMihsTP29823
Interstage Application Server Enterprise Edition V6.0L10B [a]WindowsF3FMihsTP29823
Interstage Application Server Standard Edition V6.0L10B [a]WindowsF3FMihsTP29823
Interstage Application Server Web-J Edition V6.0L10B [a]WindowsF3FMihsTP29823
Interstage Application Server Plus V6.0L10B [a]WindowsF3FMihsTP29823
Interstage Application Server Enterprise Edition V6.0L10C [a]WindowsF3FMihsTP49823
Interstage Application Server Standard Edition V6.0L10C [a]WindowsF3FMihsTP49823
Interstage Application Server Web-J Edition V6.0L10C [a]WindowsF3FMihsTP49823
Interstage Application Server Plus V6.0L10C [a]WindowsF3FMihsTP49823
Interstage Application Server Enterprise Edition V7.0L10 [a]WindowsF3FMihsTP39823
Interstage Application Server Standard Edition V7.0L10 [a]WindowsF3FMihsTP39823
Interstage Application Server Web-J Edition V7.0L10 [a]WindowsF3FMihsTP39823
Interstage Application Server Plus V7.0L10 [a]WindowsF3FMihsTP39823
Interstage Application Server Plus Developer V7.0L10 [a]WindowsF3FMihsTP39823
Interstage Application Server Web-J Edition V7.0L10A [a]WindowsF3FMihsTP39823
Interstage Application Server Enterprise Edition V7.0L11 [a]WindowsF3FMihsTP39823
Interstage Application Server Standard Edition V7.0L11 [a]WindowsF3FMihsTP39823
Interstage Application Server Web-J Edition V7.0L11 [a]WindowsF3FMihsTP39823
Interstage Application Server Plus V7.0L11 [a]WindowsF3FMihsTP39823
Interstage Application Server Enterprise Edition 8.0.0 [a]WindowsF3FMihsT000106WP-04
Interstage Application Server Standard-J Edition 8.0.0 [a]WindowsF3FMihsT000106WP-04
Interstage Application Server Web-J Edition 8.0.0 [a]WindowsF3FMihsT000106WP-04
Interstage Application Server Enterprise Edition 8.0.1 [a]WindowsF3FMihsT000106WP-04
Interstage Application Server Standard-J Edition 8.0.1 [a]WindowsF3FMihsT000106WP-04
Interstage Application Server Web-J Edition 8.0.1 [a]WindowsF3FMihsT000106WP-04
Interstage Application Server Enterprise Edition 8.0.3 [a]WindowsF3FMihsT000106WP-04
Interstage Application Server Standard-J Edition 8.0.3 [a]WindowsF3FMihsT000106WP-04
Interstage Application Server Web-J Edition 8.0.3 [a]WindowsF3FMihsT000106WP-04
Interstage Application Server Enterprise Edition V9.0.0 [b]WindowsF3FMihsT001001WP-02
Interstage Application Server Standard-J Edition V9.0.0 [b]WindowsF3FMihsT001001WP-02
Interstage Application Server Enterprise Edition 5.0 [c]SolarisFJSVihs912327-11
Interstage Application Server Standard Edition 5.0 [c]SolarisFJSVihs912327-11
Interstage Application Server Web-J Edition 5.0 [c]SolarisFJSVihs912327-11
Interstage Application Server Enterprise Edition 5.0.1 [c]SolarisFJSVihs912499-09
Interstage Application Server Standard Edition 5.0.1 [c]SolarisFJSVihs912499-09
Interstage Application Server Web-J Edition 5.0.1 [c]SolarisFJSVihs912499-09
Interstage Application Server Enterprise Edition 5.1 [c]SolarisFJSVihs913075
Interstage Application Server Standard Edition 5.1 [c]SolarisFJSVihs913075
Interstage Application Server Web-J Edition 5.1 [c]SolarisFJSVihs913075
Interstage Application Server Plus 5.1 [c]SolarisFJSVihs913075
Interstage Application Server Enterprise Edition 5.1.1 [c]SolarisFJSVihs913075
Interstage Application Server Standard Edition 5.1.1 [c]SolarisFJSVihs913075
Interstage Application Server Web-J Edition 5.1.1 [c]SolarisFJSVihs913075
Interstage Application Server Plus 5.1.1 [c]SolarisFJSVihs913075
Interstage Application Server Enterprise Edition 6.0 [c]SolarisFJSVihsT0103S-07
Interstage Application Server Standard Edition 6.0 [c]SolarisFJSVihsT0103S-07
Interstage Application Server Web-J Edition 6.0 [c]SolarisFJSVihsT0103S-07
Interstage Application Server Plus 6.0 [c]SolarisFJSVihsT0103S-07
Interstage Application Server Enterprise Edition 6.0.1 [c]SolarisFJSVihsT0138S-06
Interstage Application Server Standard Edition 6.0.1 [c]SolarisFJSVihsT0138S-06
Interstage Application Server Web-J Edition 6.0.1 [c]SolarisFJSVihsT0138S-06
Interstage Application Server Plus 6.0.1 [c]SolarisFJSVihsT0138S-06
Interstage Application Server Enterprise Edition 6.0.2 [c]SolarisFJSVihsT016RS-05
Interstage Application Server Standard Edition 6.0.2 [c]SolarisFJSVihsT016RS-05
Interstage Application Server Web-J Edition 6.0.2 [c]SolarisFJSVihsT016RS-05
Interstage Application Server Plus 6.0.2 [c]SolarisFJSVihsT016RS-05
Interstage Application Server Enterprise Edition 7.0 [c]SolarisFJSVihsT013RS-06
Interstage Application Server Standard Edition 7.0 [c]SolarisFJSVihsT013RS-06
Interstage Application Server Web-J Edition 7.0 [c]SolarisFJSVihsT013RS-06
Interstage Application Server Plus 7.0 [c]SolarisFJSVihsT013RS-06
Interstage Application Server Enterprise Edition 7.0.1 [c]SolarisFJSVihsT023AS-05
Interstage Application Server Standard Edition 7.0.1 [c]SolarisFJSVihsT023AS-05
Interstage Application Server Web-J Edition 7.0.1 [c]SolarisFJSVihsT023AS-05
Interstage Application Server Plus 7.0.1 [c]SolarisFJSVihsT023AS-05
Interstage Application Server Enterprise Edition 8.0.0 [c]SolarisFJSVihsT000180SP-04
Interstage Application Server Standard-J Edition 8.0.0 [c]SolarisFJSVihsT000180SP-04
Interstage Application Server Web-J Edition 8.0.0 [c]SolarisFJSVihsT000180SP-04
Interstage Application Server Enterprise Edition 8.0.3 [c]SolarisFJSVihsT000180SP-04
Interstage Application Server Standard-J Edition 8.0.3 [c]SolarisFJSVihsT000180SP-04
Interstage Application Server Web-J Edition 8.0.3 [c]SolarisFJSVihsT000180SP-04
Interstage Application Server Enterprise Edition V9.0.0 [d]SolarisFJSVihsT001004SP-04
Interstage Application Server Standard-J Edition V9.0.0 [d]SolarisFJSVihsT001004SP-04
Interstage Application Server Enterprise Edition V5.0L10 [c]Turbolinux 7 ServerFJSVihsT00019-10
Interstage Application Server Standard Edition V5.0L10 [c]Turbolinux 7 ServerFJSVihsT00019-10
Interstage Application Server Web-J Edition V5.0L10 [c]Turbolinux 7 ServerFJSVihsT00019-10
Interstage Application Server Enterprise Edition V5.0L11 [c]Turbolinux 7 Server/ RHEL-AS2.1(x86)/ ES2.1(x86)FJSVihsT00034-09
Interstage Application Server Standard Edition V5.0L11 [c]Turbolinux 7 Server/ RHEL-AS2.1(x86)/ ES2.1(x86)FJSVihsT00034-09
Interstage Application Server Web-J Edition V5.0L11 [c]Turbolinux 7 Server/ RHEL-AS2.1(x86)/ ES2.1(x86)FJSVihsT00034-09
Interstage Application Server Enterprise Edition V5.0L20 [c]Turbolinux 7 Server/ RHEL-AS2.1(x86)/ ES2.1(x86)FJSVihsT00091-08
Interstage Application Server Standard Edition V5.0L20 [c]Turbolinux 7 Server/ RHEL-AS2.1(x86)/ ES2.1(x86)FJSVihsT00091-08
Interstage Application Server Web-J Edition V5.0L20 [c]Turbolinux 7 Server/ Turbolinux 8 Server/ RHEL-AS2.1(x86)/ ES2.1(x86)FJSVihsT00091-08
Interstage Application Server Plus V5.0L20 [c]Turbolinux 7 Server/ RHEL-AS2.1(x86)/ ES2.1(x86)FJSVihsT00091-08
Interstage Application Server Enterprise Edition V6.0L10 [c]RHEL-AS3(x86)/ ES3(x86)FJSVihsT00258-07
Interstage Application Server Standard Edition V6.0L10 [c]RHEL-AS3(x86)/ ES3(x86)FJSVihsT00258-07
Interstage Application Server Web-J Edition V6.0L10 [c]RHEL-AS2.1(x86)/ ES2.1(x86)FJSVihsT00258-07
Interstage Application Server Plus V6.0L10 [c]RHEL-AS2.1(x86)/ ES2.1(x86)FJSVihsT00258-07
Interstage Application Server Web-J Edition V6.0L11 [c]RHEL-AS2.1(x86)/ ES2.1(x86)/ AS3(x86)/ ES3(x86)FJSVihsT00258-07
Interstage Application Server Plus V6.0L11 [c]RHEL-AS2.1(x86)/ ES2.1(x86)/ AS3(x86)/ ES3(x86)FJSVihsT00258-07
Interstage Application Server Enterprise Edition V7.0L10 [c]RHEL-AS3(x86)/ ES3(x86)FJSVihsT00603-05
Interstage Application Server Standard Edition V7.0L10 [c]RHEL-AS3(x86)/ ES3(x86)FJSVihsT00603-05
Interstage Application Server Web-J Edition V7.0L10 [c]RHEL-AS3(x86)/ ES3(x86)FJSVihsT00603-05
Interstage Application Server Plus V7.0L10 [c]RHEL-AS3(x86)/ ES3(x86)FJSVihsT00603-05
Interstage Application Server Enterprise Edition V7.0L11 [c]RHEL-AS3(x86)/ ES3(x86)/ AS4(x86)FJSVihsT00603-05
Interstage Application Server Standard Edition V7.0L11 [c]RHEL-AS3(x86)/ ES3(x86)/ AS4(x86)FJSVihsT00603-05
Interstage Application Server Web-J Edition V7.0L11 [c]RHEL-AS3(x86)/ ES3(x86)/ AS4(x86)FJSVihsT00603-05
Interstage Application Server Plus V7.0L11 [c]RHEL-AS3(x86)/ ES3(x86)/ AS4(x86)FJSVihsT00603-05
Interstage Application Server Enterprise Edition 8.0.0 [c]RHEL-AS4(x86)/ AS4(EM64T)FJSVihsT000181LP-03
Interstage Application Server Standard-J Edition 8.0.0 [c]RHEL-AS4(x86)/ AS4(EM64T)FJSVihsT000181LP-03
Interstage Application Server Web-J Edition 8.0.0 [c]RHEL-AS4(x86)/ AS4(EM64T)FJSVihsT000181LP-03
Interstage Application Server Enterprise Edition 8.0.3 [c]RHEL-AS4(x86)/ AS4(EM64T)FJSVihsT000181LP-03
Interstage Application Server Standard-J Edition 8.0.3 [c]RHEL-AS4(x86)/ AS4(EM64T)FJSVihsT000181LP-03
Interstage Application Server Web-J Edition 8.0.3 [c]RHEL-AS4(x86)/ AS4(EM64T)FJSVihsT000181LP-03
Interstage Application Server Enterprise Edition V9.0.0 [d]RHEL-AS4(x86)/ AS4(EM64T)FJSVihsT001003LP-02
Interstage Application Server Enterprise Edition V9.0.0 [d]RHEL5(x86)/ RHEL5(Intel64)FJSVihsT001044LP-02
Interstage Application Server Standard-J Edition V9.0.0 [d]RHEL-AS4(x86)/ AS4(EM64T)FJSVihsT001003LP-02
Interstage Application Server Standard-J Edition V9.0.0 [d]RHEL5(x86)/ RHEL5(Intel64)FJSVihsT001044LP-02
Interstage Application Server Enterprise Edition V9.0.1 [d]RHEL-AS4(x86)/ AS4(EM64T)FJSVihsT001003LP-02
Interstage Application Server Enterprise Edition V9.0.1 [d]RHEL5(x86)/ RHEL5(Intel64)FJSVihsT001044LP-02
Interstage Application Server Standard-J Edition V9.0.1 [d]RHEL-AS4(x86)/ AS4(EM64T)FJSVihsT001003LP-02
Interstage Application Server Standard-J Edition V9.0.1 [d]RHEL5(x86)/ RHEL5(Intel64)FJSVihsT001044LP-02
Interstage Application Server Enterprise Edition V7.0L10 [c]RHEL-AS4(IPF)FJSVihsT000178QP-03
Interstage Application Server Enterprise Edition 8.0.0 [c]RHEL-AS4(IPF)FJSVihsT000179QP-03
Interstage Application Server Enterprise Edition 8.0.1 [c]RHEL-AS4(IPF)FJSVihsT000179QP-03
Interstage Application Server Enterprise Edition 8.0.3 [c]RHEL-AS4(IPF)FJSVihsT000179QP-03
Interstage Application Server Enterprise Edition V9.0.0 [d]RHEL-AS4(IPF)FJSVihsT001002QP-02
Interstage Application Server Enterprise Edition V9.0.0 [d]RHEL5(IPF)FJSVihsT001043QP-02
Interstage Application Server Standard-J Edition V9.0.0 [d]RHEL-AS4(IPF)FJSVihsT001002QP-02
Interstage Application Server Standard-J Edition V9.0.0 [d]RHEL5(IPF)FJSVihsT001043QP-02
Interstage Application Server Enterprise Edition 8.0.0 [a]Windows(IPF)F3FMihsT001000IP-02
Interstage Application Server Enterprise Edition 8.0.3 [a]Windows(IPF)F3FMihsT001000IP-02
Interstage Application Server Enterprise Edition V9.0.0 [b]Windows(IPF)F3FMihsT001005IP-02
Interstage Application Server Standard-J Edition V9.0.0 [b]Windows(IPF)F3FMihsT001005IP-02
Interstage Web Server
製品名対象OSパッケージ名Patch ID
Interstage Web Server V9.0.0 [b]WindowsF3FMihsT001001WP-02
Interstage Web Server V9.0.0 [d]SolarisFJSVihsT001004SP-04
Interstage Web Server V9.0.0 [d]RHEL-AS4(x86)/ AS4(EM64T)FJSVihsT001003LP-02
Interstage Web Server V9.0.0 [d]RHEL5(x86)/ RHEL5(Intel64)FJSVihsT001044LP-02
Interstage Web Server V9.0.1 [d]RHEL-AS4(x86)/ AS4(EM64T)FJSVihsT001003LP-02
Interstage Web Server V9.0.1 [d]RHEL5(x86)/ RHEL5(Intel64)FJSVihsT001044LP-02
Interstage Application Framework Suite
製品名対象OSパッケージ名Patch ID
Interstage Application Framework Suite Enterprise Edition V6.0L10 [a]WindowsF3FMihsTP29823
Interstage Application Framework Suite Standard Edition V6.0L10 [a]WindowsF3FMihsTP29823
Interstage Application Framework Suite Web Edition V6.0L10 [a]WindowsF3FMihsTP29823
Interstage Application Framework Suite Web Edition V6.0L10A [a]WindowsF3FMihsTP29823
Interstage Application Framework Suite Enterprise Edition V6.0L10B [a]WindowsF3FMihsTP29823
Interstage Application Framework Suite Standard Edition V6.0L10B [a]WindowsF3FMihsTP29823
Interstage Application Framework Suite Web Edition V6.0L10B [a]WindowsF3FMihsTP29823
Interstage Application Framework Suite Enterprise Edition V6.0L10C [a]WindowsF3FMihsTP49823
Interstage Application Framework Suite Standard Edition V6.0L10C [a]WindowsF3FMihsTP49823
Interstage Application Framework Suite Web Edition V6.0L10C [a]WindowsF3FMihsTP49823
Interstage Application Framework Suite Standard Edition V7.0L10 [a]WindowsF3FMihsTP39823
Interstage Application Framework Suite Web Edition V7.0L10 [a]WindowsF3FMihsTP39823
Interstage Application Framework Suite Standard Edition V7.0L11 [a]WindowsF3FMihsTP39823
Interstage Application Framework Suite Web Edition V7.0L11 [a]WindowsF3FMihsTP39823
Interstage Application Framework Suite Enterprise Edition 6.0 [c]SolarisFJSVihsT0103S-07
Interstage Application Framework Suite Standard Edition 6.0 [c]SolarisFJSVihsT0103S-07
Interstage Application Framework Suite Web Edition 6.0 [c]SolarisFJSVihsT0103S-07
Interstage Application Framework Suite Enterprise Edition 6.0.1 [c]SolarisFJSVihsT0138S-06
Interstage Application Framework Suite Standard Edition 6.0.1 [c]SolarisFJSVihsT0138S-06
Interstage Application Framework Suite Web Edition 6.0.1 [c]SolarisFJSVihsT0138S-06
Interstage Application Framework Suite Enterprise Edition 6.0.2 [c]SolarisFJSVihsT016RS-05
Interstage Application Framework Suite Standard Edition 6.0.2 [c]SolarisFJSVihsT016RS-05
Interstage Application Framework Suite Web Edition 6.0.2 [c]SolarisFJSVihsT016RS-05
Interstage Application Framework Suite Standard Edition 7.0 [c]SolarisFJSVihsT013RS-06
Interstage Application Framework Suite Web Edition 7.0 [c]SolarisFJSVihsT013RS-06
Interstage Application Framework Suite Enterprise Edition 7.0.1 [c]SolarisFJSVihsT013RS-06
Interstage Application Framework Suite Standard Edition 7.0.2 [c]SolarisFJSVihsT023AS-05
Interstage Application Framework Suite Web Edition 7.0.2 [c]SolarisFJSVihsT023AS-05
Interstage Application Framework Suite Enterprise Edition V6.0L10 [c]RHEL-AS3(x86)/ ES3(x86)FJSVihsT00258-07
Interstage Application Framework Suite Standard Edition V6.0L10 [c]RHEL-AS3(x86)/ ES3(x86)FJSVihsT00258-07
Interstage Application Framework Suite Web Edition V6.0L10 [c]RHEL-AS2.1(x86)/ ES2.1(x86)FJSVihsT00258-07
Interstage Application Framework Suite Web Edition V6.0L11 [c]RHEL-AS2.1(x86)/ ES2.1(x86)/ AS3(x86)/ ES3(x86)FJSVihsT00258-07
Interstage Application Framework Suite Standard Edition V7.0L10 [c]RHEL-AS3(x86)/ ES3(x86)FJSVihsT00603-05
Interstage Application Framework Suite Web Edition V7.0L10 [c]RHEL-AS3(x86)/ ES3(x86)FJSVihsT00603-05
Interstage Application Framework Suite Standard Edition V7.0L11 [c]RHEL-AS3(x86)/ ES3(x86)/ AS4(x86)FJSVihsT00603-05
Interstage Application Framework Suite Web Edition V7.0L11 [c]RHEL-AS3(x86)/ ES3(x86)/ AS4(x86)FJSVihsT00603-05
Interstage Apworks
製品名対象OSパッケージ名Patch ID
Interstage Apworks Enterprise Edition V6.0L10 [a]WindowsF3FMihsTP29823
Interstage Apworks Standard Edition V6.0L10 [a]WindowsF3FMihsTP29823
Interstage Apworks Modelers-J Edition V6.0L10 [a]WindowsF3FMihsTP29823
Interstage Apworks Enterprise Edition V6.0L10A [a]WindowsF3FMihsTP29823
Interstage Apworks Standard Edition V6.0L10A [a]WindowsF3FMihsTP29823
Interstage Apworks Modelers-J Edition V6.0L10A [a]WindowsF3FMihsTP29823
Interstage Apworks Enterprise Edition V6.0L10B [a]WindowsF3FMihsTP29823
Interstage Apworks Enterprise Edition V7.0L10 [a]WindowsF3FMihsTP39823
Interstage Apworks Standard Edition V7.0L10 [a]WindowsF3FMihsTP39823
Interstage Apworks Modelers-J Edition V7.0L10 [a]WindowsF3FMihsTP39823
Interstage Apworks Enterprise Edition 8.0.0 [a]WindowsF3FMihsT000106WP-04
Interstage Apworks Standard-J Edition 8.0.1 [a]WindowsF3FMihsT000106WP-04
Interstage Apworks Enterprise Edition 8.1.0 [a]WindowsF3FMihsT000106WP-04
Interstage Studio
製品名対象OSパッケージ名Patch ID
Interstage Studio Enterprise Edition V9.0.0 [b]WindowsF3FMihsT001001WP-02
Interstage Studio Standard-J Edition V9.0.0 [b]WindowsF3FMihsT001001WP-02
Interstage Studio with UML Modeling Tool V9.0.0 [b]WindowsF3FMihsT001001WP-02
Interstage Studio Enterprise Edition V9.0.0A [b]WindowsF3FMihsT001001WP-02
Interstage Studio Standard-J Edition V9.0.0A [b]WindowsF3FMihsT001001WP-02
Interstage Studio Enterprise Edition V9.0.1 [b]WindowsF3FMihsT001001WP-02
Interstage Studio Standard-J Edition V9.0.1 [b]WindowsF3FMihsT001001WP-02
Interstage Business Application Server
製品名対象OSパッケージ名Patch ID
Interstage Business Application Server Standard Edition 8.0.0 [a]WindowsF3FMihsT000106WP-04
Interstage Business Application Server Standard Edition 8.0.1 [a]WindowsF3FMihsT000106WP-04
Interstage Business Application Server Enterprise Edition 7.0 [c]SolarisFJSVihsT013RS-06
Interstage Business Application Server Enterprise Edition 7.0.1 [c]SolarisFJSVihsT013RS-06
Interstage Business Application Server Enterprise Edition 8.0.0 [c]SolarisFJSVihsT000180SP-04
Interstage Business Application Server Standard Edition 8.0.0 [c]SolarisFJSVihsT000180SP-04
Interstage Business Application Server Enterprise Edition 8.0.1 [c]SolarisFJSVihsT000180SP-04
Interstage Business Application Server Standard Edition 8.0.0 [c]RHEL-AS4(x86)/ AS4(EM64T)FJSVihsT000181LP-03
Interstage Business Application Server Enterprise Edition 8.0.0 [c]RHEL-AS4(IPF)FJSVihsT000179QP-03
Interstage Business Application Server Standard Edition 8.0.0 [c]RHEL-AS4(IPF)FJSVihsT000179QP-03
Interstage Business Application Server Enterprise Edition 8.0.1 [c]RHEL-AS4(IPF)FJSVihsT000179QP-03
Interstage Business Application Server Standard Edition 8.0.1 [c]RHEL-AS4(IPF)FJSVihsT000179QP-03
Interstage Job Workload Server
製品名対象OSパッケージ名Patch ID
Interstage Job Workload Server 8.1.1 [c]SolarisFJSVihsT000180SP-04
Interstage Job Workload Server 8.0.0 [c]RHEL-AS4(IPF)FJSVihsT000179QP-03
Interstage Job Workload Server 8.0.1 [c]RHEL-AS4(IPF)FJSVihsT000179QP-03
Interstage Job Workload Server 8.1.0 [c]RHEL-AS4(IPF)FJSVihsT000179QP-03
Interstage Job Workload Server 8.1.1 [c]RHEL-AS4(IPF)FJSVihsT000179QP-03
Systemwalker Resource Coordinator
製品名対象OSパッケージ名Patch ID
Systemwalker Resource Coordinator 12.1 [c]SolarisFJSVihsT013RS-06
Systemwalker Resource Coordinator 12.2 [c]SolarisFJSVihsT023AS-05
Systemwalker Resource Coordinator V12.0L20 [c]RHEL-AS3(x86)/ ES3(x86)FJSVihsT00603-05
Systemwalker Resource Coordinator V12.0L30 [c]RHEL-AS3(x86)/ ES3(x86)FJSVihsT00603-05

参考: 該当製品の確認方法

製品のバージョンを確認するには、製品に添付の「ソフトウェア説明書」を参照してください。

3-3. 回避方法

以下のいずれかの方法で、環境定義ファイル(httpd.conf)を編集し、回避してください。編集後は、Interstage HTTP Serverを再起動する必要があります。

      (1) AddHandlerディレクティブに"imap-file 拡張子"が設定されている場合は、 AddHandlerディレクティブを削除するか、または先頭にハッシュマーク(#)を追加してコメント行にすることで、イメージマップ機能を無効にします。

#AddHandler imap-file .map

      (2) (1)が不可の場合、ImapMenuディレクティブに"none"を指定して、イメージマップ機能によるメニュー表示を無効にします。

ImapMenu none

      (3) (1) (2) いずれも不可の場合、以下を設定することで、メニュー表示ページの文字エンコードを明示し、またマップファイルに対する不適切な指定を拒否します。

  • 製品[a]の場合
    LoadModule rewrite_module modules/mod_rewrite.so

    AddModule mod_rewrite.c
    AddModule mod_imap.c

    AddHandler imap-file .map
    <FilesMatch .*\.map$>
      AddDefaultCharset Shift_JIS
      RewriteEngine On
      RewriteCond %{REQUEST_URI} .*\.map/.*
      RewriteRule .* - [F]
    </FilesMatch>
  • 製品[b]の場合
    LoadModule imap_module "C:/Interstage/F3FMihs/modules/mod_imap.so"
    LoadModule rewrite_module "C:/Interstage/F3FMihs/modules/mod_rewrite.so"

    AddHandler imap-file .map
    <FilesMatch .*\.map$>
      AddDefaultCharset Shift_JIS
      RewriteEngine On
      RewriteCond %{REQUEST_URI} .*\.map/.*
      RewriteRule .* - [F]
    </FilesMatch>
  • 製品[c]の場合
    LoadModule rewrite_module     libexec/mod_rewrite.so
    LoadModule imap_module        libexec/mod_imap.so

    AddModule mod_rewrite.c
    AddModule mod_imap.c

    AddHandler imap-file .map
    <FilesMatch .*\.map$>
      AddDefaultCharset Shift_JIS
      RewriteEngine On
      RewriteCond %{REQUEST_URI} .*\.map/.*
      RewriteRule .* - [F]
    </FilesMatch>
  • 製品[d]の場合
    LoadModule imap_module "/opt/FJSVihs/modules/mod_imap.so"
    LoadModule rewrite_module "/opt/FJSVihs/modules/mod_rewrite.so"

    AddHandler imap-file .map
    <FilesMatch .*\.map$>
      AddDefaultCharset Shift_JIS
      RewriteEngine On
      RewriteCond %{REQUEST_URI} .*\.map/.*
      RewriteRule .* - [F]
    </FilesMatch>
(注意)
  • mod_imap.so、およびmod_rewrite.soのパスは、インストールパスにあわせて変更してください。
  • <FilesMatch>ディレクティブ、およびRewriteCondディレクティブの正規表現は実際にマップファイルに使用する拡張子にあわせて指定してください。
  • AddDefaultCharsetディレクティブには実際にマップファイルに使用している文字セットを指定してください。

4. 関連情報

  • CVE-2007-5000
    Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000
  • JVN#80057925
    「Apache HTTP Server の mod_imap および mod_imagemap におけるクロスサイトスク リプティングの脆弱性」
    http://jvn.jp/jp/JVN80057925/index.html

5. 改版履歴

  • 2008年12月17日
    • 「3. 該当システム・パッチ情報」に Patch 情報 を追加
    • 「参考: 該当製品の確認方法」を記載
  • 2008年1月17日 新規掲載

ページの先頭へ