Interstage HTTP Server: サーバステータス監視機能におけるセキュリティ脆弱性問題(CVE-2007-6388) (2008年12月17日)

1.脆弱性の説明

Interstage HTTP Serverのサーバステータス監視機能において、クライアントの意図しないサイトに接続される問題が確認されました。本脆弱性問題は、CVE-2007-6388に該当します。

富士通は、3.に示すセキュリティパッチを提供していますので、早急に適用する様にお願いします。

Interstage製品については以下のページを参照してください。
https://www.fujitsu.com/jp/products/software/middleware/business-middleware/interstage/

2. 脆弱性のもたらす脅威

被害者に、悪意のある予期しないサイトを訪問するよう仕向けることで、攻撃者はフィッシングを行ったり、この被害者をクロスサイトスクリプティング(XSS)のあるサイトに導いて被害者のブラウザ上で任意のスクリプトの実行が可能です。

3. 該当システム・対策情報

3-1.該当システム

GP7000F, PRIMEPOWER, GP-S, PRIMERGY, GP5000, CELSIUS, FMVシリーズ, AT互換機, PRIMEQUEST, SPARC Enterprise

3-2.該当製品・対策Patch

注意）後述する回避方法は、製品ごとに設定内容が異なるものがあります。製品名末尾の括弧内記載記号は、回避方法の設定内容に対応しています。

・Interstage Application Server
・Interstage Web Server
・Interstage Application Framework Suite
・Interstage Apworks
・Interstage Studio
・Interstage Business Application Server
・Interstage Job Workload Server
・Systemwalker Resource Coordinator

Interstage Application Server
製品名	対象OS	パッケージ名	Patch ID
Interstage Application Server Enterprise Edition V5.0L10 [a]	Windows	F3FMihs	TP09823
Interstage Application Server Standard Edition V5.0L10 [a]	Windows	F3FMihs	TP09823
Interstage Application Server Web-J Edition V5.0L10 [a]	Windows	F3FMihs	TP09823
Interstage Application Server Enterprise Edition V5.0L10A [a]	Windows	F3FMihs	TP09823
Interstage Application Server Standard Edition V5.0L10A [a]	Windows	F3FMihs	TP09823
Interstage Application Server Web-J Edition V5.0L10A [a]	Windows	F3FMihs	TP09823
Interstage Application Server Enterprise Edition V5.0L10B [a]	Windows	F3FMihs	TP09823
Interstage Application Server Standard Edition V5.0L10B [a]	Windows	F3FMihs	TP09823
Interstage Application Server Web-J Edition V5.0L10B [a]	Windows	F3FMihs	TP09823
Interstage Application Server Enterprise Edition V5.0L20 [a]	Windows	F3FMihs	TP19823
Interstage Application Server Standard Edition V5.0L20 [a]	Windows	F3FMihs	TP19823
Interstage Application Server Web-J Edition V5.0L20 [a]	Windows	F3FMihs	TP19823
Interstage Application Server Plus V5.0L20 [a]	Windows	F3FMihs	TP19823
Interstage Application Server Plus Developer V5.0L20 [a]	Windows	F3FMihs	TP19823
Interstage Application Server Enterprise Edition V5.0L20A [a]	Windows	F3FMihs	TP19823
Interstage Application Server Standard Edition V5.0L20A [a]	Windows	F3FMihs	TP19823
Interstage Application Server Web-J Edition V5.0L20A [a]	Windows	F3FMihs	TP19823
Interstage Application Server Plus V5.0L20A [a]	Windows	F3FMihs	TP19823
Interstage Application Server Enterprise Edition V6.0L10 [a]	Windows	F3FMihs	TP29823
Interstage Application Server Standard Edition V6.0L10 [a]	Windows	F3FMihs	TP29823
Interstage Application Server Web-J Edition V6.0L10 [a]	Windows	F3FMihs	TP29823
Interstage Application Server Plus V6.0L10 [a]	Windows	F3FMihs	TP29823
Interstage Application Server Plus Developer V6.0L10 [a]	Windows	F3FMihs	TP29823
Interstage Application Server Web-J Edition V6.0L10A [a]	Windows	F3FMihs	TP29823
Interstage Application Server Plus V6.0L10A [a]	Windows	F3FMihs	TP29823
Interstage Application Server Enterprise Edition V6.0L10B [a]	Windows	F3FMihs	TP29823
Interstage Application Server Standard Edition V6.0L10B [a]	Windows	F3FMihs	TP29823
Interstage Application Server Web-J Edition V6.0L10B [a]	Windows	F3FMihs	TP29823
Interstage Application Server Plus V6.0L10B [a]	Windows	F3FMihs	TP29823
Interstage Application Server Enterprise Edition V6.0L10C [a]	Windows	F3FMihs	TP49823
Interstage Application Server Standard Edition V6.0L10C [a]	Windows	F3FMihs	TP49823
Interstage Application Server Web-J Edition V6.0L10C [a]	Windows	F3FMihs	TP49823
Interstage Application Server Plus V6.0L10C [a]	Windows	F3FMihs	TP49823
Interstage Application Server Enterprise Edition V7.0L10 [a]	Windows	F3FMihs	TP39823
Interstage Application Server Standard Edition V7.0L10 [a]	Windows	F3FMihs	TP39823
Interstage Application Server Web-J Edition V7.0L10 [a]	Windows	F3FMihs	TP39823
Interstage Application Server Plus V7.0L10 [a]	Windows	F3FMihs	TP39823
Interstage Application Server Plus Developer V7.0L10 [a]	Windows	F3FMihs	TP39823
Interstage Application Server Web-J Edition V7.0L10A [a]	Windows	F3FMihs	TP39823
Interstage Application Server Enterprise Edition V7.0L11 [a]	Windows	F3FMihs	TP39823
Interstage Application Server Standard Edition V7.0L11 [a]	Windows	F3FMihs	TP39823
Interstage Application Server Web-J Edition V7.0L11 [a]	Windows	F3FMihs	TP39823
Interstage Application Server Plus V7.0L11 [a]	Windows	F3FMihs	TP39823
Interstage Application Server Enterprise Edition 8.0.0 [a]	Windows	F3FMihs	T000106WP-04
Interstage Application Server Standard-J Edition 8.0.0 [a]	Windows	F3FMihs	T000106WP-04
Interstage Application Server Web-J Edition 8.0.0 [a]	Windows	F3FMihs	T000106WP-04
Interstage Application Server Enterprise Edition 8.0.1 [a]	Windows	F3FMihs	T000106WP-04
Interstage Application Server Standard-J Edition 8.0.1 [a]	Windows	F3FMihs	T000106WP-04
Interstage Application Server Web-J Edition 8.0.1 [a]	Windows	F3FMihs	T000106WP-04
Interstage Application Server Enterprise Edition 8.0.3 [a]	Windows	F3FMihs	T000106WP-04
Interstage Application Server Standard-J Edition 8.0.3 [a]	Windows	F3FMihs	T000106WP-04
Interstage Application Server Web-J Edition 8.0.3 [a]	Windows	F3FMihs	T000106WP-04
Interstage Application Server Enterprise Edition V9.0.0 [b]	Windows	F3FMihs	T001001WP-02
Interstage Application Server Standard-J Edition V9.0.0 [b]	Windows	F3FMihs	T001001WP-02
Interstage Application Server Enterprise Edition 5.0 [c]	Solaris	FJSVihs	912327-11
Interstage Application Server Standard Edition 5.0 [c]	Solaris	FJSVihs	912327-11
Interstage Application Server Web-J Edition 5.0 [c]	Solaris	FJSVihs	912327-11
Interstage Application Server Enterprise Edition 5.0.1 [c]	Solaris	FJSVihs	912499-09
Interstage Application Server Standard Edition 5.0.1 [c]	Solaris	FJSVihs	912499-09
Interstage Application Server Web-J Edition 5.0.1 [c]	Solaris	FJSVihs	912499-09
Interstage Application Server Enterprise Edition 5.1 [c]	Solaris	FJSVihs	913075-11
Interstage Application Server Standard Edition 5.1 [c]	Solaris	FJSVihs	913075-11
Interstage Application Server Web-J Edition 5.1 [c]	Solaris	FJSVihs	913075-11
Interstage Application Server Plus 5.1 [c]	Solaris	FJSVihs	913075-11
Interstage Application Server Enterprise Edition 5.1.1 [c]	Solaris	FJSVihs	913075-11
Interstage Application Server Standard Edition 5.1.1 [c]	Solaris	FJSVihs	913075-11
Interstage Application Server Web-J Edition 5.1.1 [c]	Solaris	FJSVihs	913075-11
Interstage Application Server Plus 5.1.1 [c]	Solaris	FJSVihs	913075-11
Interstage Application Server Enterprise Edition 6.0 [c]	Solaris	FJSVihs	T0103S-07
Interstage Application Server Standard Edition 6.0 [c]	Solaris	FJSVihs	T0103S-07
Interstage Application Server Web-J Edition 6.0 [c]	Solaris	FJSVihs	T0103S-07
Interstage Application Server Plus 6.0 [c]	Solaris	FJSVihs	T0103S-07
Interstage Application Server Enterprise Edition 6.0.1 [c]	Solaris	FJSVihs	T0138S-06
Interstage Application Server Standard Edition 6.0.1 [c]	Solaris	FJSVihs	T0138S-06
Interstage Application Server Web-J Edition 6.0.1 [c]	Solaris	FJSVihs	T0138S-06
Interstage Application Server Plus 6.0.1 [c]	Solaris	FJSVihs	T0138S-06
Interstage Application Server Enterprise Edition 6.0.2 [c]	Solaris	FJSVihs	T016RS-05
Interstage Application Server Standard Edition 6.0.2 [c]	Solaris	FJSVihs	T016RS-05
Interstage Application Server Web-J Edition 6.0.2 [c]	Solaris	FJSVihs	T016RS-05
Interstage Application Server Plus 6.0.2 [c]	Solaris	FJSVihs	T016RS-05
Interstage Application Server Enterprise Edition 7.0 [c]	Solaris	FJSVihs	T013RS-06
Interstage Application Server Standard Edition 7.0 [c]	Solaris	FJSVihs	T013RS-06
Interstage Application Server Web-J Edition 7.0 [c]	Solaris	FJSVihs	T013RS-06
Interstage Application Server Plus 7.0 [c]	Solaris	FJSVihs	T013RS-06
Interstage Application Server Enterprise Edition 7.0.1 [c]	Solaris	FJSVihs	T023AS-05
Interstage Application Server Standard Edition 7.0.1 [c]	Solaris	FJSVihs	T023AS-05
Interstage Application Server Web-J Edition 7.0.1 [c]	Solaris	FJSVihs	T023AS-05
Interstage Application Server Plus 7.0.1 [c]	Solaris	FJSVihs	T023AS-05
Interstage Application Server Enterprise Edition 8.0.0 [c]	Solaris	FJSVihs	T000180SP-04
Interstage Application Server Standard-J Edition 8.0.0 [c]	Solaris	FJSVihs	T000180SP-04
Interstage Application Server Web-J Edition 8.0.0 [c]	Solaris	FJSVihs	T000180SP-04
Interstage Application Server Enterprise Edition 8.0.3 [c]	Solaris	FJSVihs	T000180SP-04
Interstage Application Server Standard-J Edition 8.0.3 [c]	Solaris	FJSVihs	T000180SP-04
Interstage Application Server Web-J Edition 8.0.3 [c]	Solaris	FJSVihs	T000180SP-04
Interstage Application Server Enterprise Edition V9.0.0 [d]	Solaris	FJSVihs	T001004SP-04
Interstage Application Server Standard-J Edition V9.0.0 [d]	Solaris	FJSVihs	T001004SP-04
Interstage Application Server Enterprise Edition V5.0L10 [c]	Turbolinux 7 Server	FJSVihs	T00019-10
Interstage Application Server Standard Edition V5.0L10 [c]	Turbolinux 7 Server	FJSVihs	T00019-10
Interstage Application Server Web-J Edition V5.0L10 [c]	Turbolinux 7 Server	FJSVihs	T00019-10
Interstage Application Server Enterprise Edition V5.0L11 [c]	Turbolinux 7 Server/ RHEL-AS2.1(x86)/ ES2.1(x86)	FJSVihs	T00034-09
Interstage Application Server Standard Edition V5.0L11 [c]	Turbolinux 7 Server/ RHEL-AS2.1(x86)/ ES2.1(x86)	FJSVihs	T00034-09
Interstage Application Server Web-J Edition V5.0L11 [c]	Turbolinux 7 Server/ RHEL-AS2.1(x86)/ ES2.1(x86)	FJSVihs	T00034-09
Interstage Application Server Enterprise Edition V5.0L20 [c]	Turbolinux 7 Server/ RHEL-AS2.1(x86)/ ES2.1(x86)	FJSVihs	T00091-08
Interstage Application Server Standard Edition V5.0L20 [c]	Turbolinux 7 Server/ RHEL-AS2.1(x86)/ ES2.1(x86)	FJSVihs	T00091-08
Interstage Application Server Web-J Edition V5.0L20 [c]	Turbolinux 7 Server/ Turbolinux 8 Server/ RHEL-AS2.1(x86)/ ES2.1(x86)	FJSVihs	T00091-08
Interstage Application Server Plus V5.0L20 [c]	Turbolinux 7 Server/ RHEL-AS2.1(x86)/ ES2.1(x86)	FJSVihs	T00091-08
Interstage Application Server Enterprise Edition V6.0L10 [c]	RHEL-AS3(x86)/ ES3(x86)	FJSVihs	T00258-07
Interstage Application Server Standard Edition V6.0L10 [c]	RHEL-AS3(x86)/ ES3(x86)	FJSVihs	T00258-07
Interstage Application Server Web-J Edition V6.0L10 [c]	RHEL-AS2.1(x86)/ ES2.1(x86)	FJSVihs	T00258-07
Interstage Application Server Plus V6.0L10 [c]	RHEL-AS2.1(x86)/ ES2.1(x86)	FJSVihs	T00258-07
Interstage Application Server Web-J Edition V6.0L11 [c]	RHEL-AS2.1(x86)/ ES2.1(x86)/ AS3(x86)/ ES3(x86)	FJSVihs	T00258-07
Interstage Application Server Plus V6.0L11 [c]	RHEL-AS2.1(x86)/ ES2.1(x86)/ AS3(x86)/ ES3(x86)	FJSVihs	T00258-07
Interstage Application Server Enterprise Edition V7.0L10 [c]	RHEL-AS3(x86)/ ES3(x86)	FJSVihs	T00603-05
Interstage Application Server Standard Edition V7.0L10 [c]	RHEL-AS3(x86)/ ES3(x86)	FJSVihs	T00603-05
Interstage Application Server Web-J Edition V7.0L10 [c]	RHEL-AS3(x86)/ ES3(x86)	FJSVihs	T00603-05
Interstage Application Server Plus V7.0L10 [c]	RHEL-AS3(x86)/ ES3(x86)	FJSVihs	T00603-05
Interstage Application Server Enterprise Edition V7.0L11 [c]	RHEL-AS3(x86)/ ES3(x86)/ AS4(x86)	FJSVihs	T00603-05
Interstage Application Server Standard Edition V7.0L11 [c]	RHEL-AS3(x86)/ ES3(x86)/ AS4(x86)	FJSVihs	T00603-05
Interstage Application Server Web-J Edition V7.0L11 [c]	RHEL-AS3(x86)/ ES3(x86)/ AS4(x86)	FJSVihs	T00603-05
Interstage Application Server Plus V7.0L11 [c]	RHEL-AS3(x86)/ ES3(x86)/ AS4(x86)	FJSVihs	T00603-05
Interstage Application Server Enterprise Edition 8.0.0 [c]	RHEL-AS4(x86)/ AS4(EM64T)	FJSVihs	T000181LP-03
Interstage Application Server Standard-J Edition 8.0.0 [c]	RHEL-AS4(x86)/ AS4(EM64T)	FJSVihs	T000181LP-03
Interstage Application Server Web-J Edition 8.0.0 [c]	RHEL-AS4(x86)/ AS4(EM64T)	FJSVihs	T000181LP-03
Interstage Application Server Enterprise Edition 8.0.3 [c]	RHEL-AS4(x86)/ AS4(EM64T)	FJSVihs	T000181LP-03
Interstage Application Server Standard-J Edition 8.0.3 [c]	RHEL-AS4(x86)/ AS4(EM64T)	FJSVihs	T000181LP-03
Interstage Application Server Web-J Edition 8.0.3 [c]	RHEL-AS4(x86)/ AS4(EM64T)	FJSVihs	T000181LP-03
Interstage Application Server Enterprise Edition V9.0.0 [d]	RHEL-AS4(x86)/ AS4(EM64T)	FJSVihs	T001003LP-02
Interstage Application Server Enterprise Edition V9.0.0 [d]	RHEL5(x86)/ RHEL5(Intel64)	FJSVihs	T001044LP-02
Interstage Application Server Standard-J Edition V9.0.0 [d]	RHEL-AS4(x86)/ AS4(EM64T)	FJSVihs	T001003LP-02
Interstage Application Server Standard-J Edition V9.0.0 [d]	RHEL5(x86)/ RHEL5(Intel64)	FJSVihs	T001044LP-02
Interstage Application Server Enterprise Edition V9.0.1 [d]	RHEL-AS4(x86)/ AS4(EM64T)	FJSVihs	T001003LP-02
Interstage Application Server Enterprise Edition V9.0.1 [d]	RHEL5(x86)/ RHEL5(Intel64)	FJSVihs	T001044LP-02
Interstage Application Server Standard-J Edition V9.0.1 [d]	RHEL-AS4(x86)/ AS4(EM64T)	FJSVihs	T001003LP-02
Interstage Application Server Standard-J Edition V9.0.1 [d]	RHEL5(x86)/ RHEL5(Intel64)	FJSVihs	T001044LP-02
Interstage Application Server Enterprise Edition V7.0L10 [c]	RHEL-AS4(IPF)	FJSVihs	T000178QP-03
Interstage Application Server Enterprise Edition 8.0.0 [c]	RHEL-AS4(IPF)	FJSVihs	T000179QP-03
Interstage Application Server Enterprise Edition 8.0.1 [c]	RHEL-AS4(IPF)	FJSVihs	T000179QP-03
Interstage Application Server Enterprise Edition 8.0.3 [c]	RHEL-AS4(IPF)	FJSVihs	T000179QP-03
Interstage Application Server Enterprise Edition V9.0.0 [d]	RHEL-AS4(IPF)	FJSVihs	T001002QP-02
Interstage Application Server Enterprise Edition V9.0.0 [d]	RHEL5(IPF)	FJSVihs	T001043QP-02
Interstage Application Server Standard-J Edition V9.0.0 [d]	RHEL-AS4(IPF)	FJSVihs	T001002QP-02
Interstage Application Server Standard-J Edition V9.0.0 [d]	RHEL5(IPF)	FJSVihs	T001043QP-02
Interstage Application Server Enterprise Edition 8.0.0 [a]	Windows(IPF)	F3FMihs	T001000IP-02
Interstage Application Server Enterprise Edition 8.0.3 [a]	Windows(IPF)	F3FMihs	T001000IP-02
Interstage Application Server Enterprise Edition V9.0.0 [b]	Windows(IPF)	F3FMihs	T001005IP-02
Interstage Application Server Standard-J Edition V9.0.0 [b]	Windows(IPF)	F3FMihs	T001005IP-02

Interstage Web Server
製品名	対象OS	パッケージ名	Patch ID
Interstage Web Server V9.0.0 [b]	Windows	F3FMihs	T001001WP-02
Interstage Web Server V9.0.0 [d]	Solaris	FJSVihs	T001004SP-04
Interstage Web Server V9.0.0 [d]	RHEL-AS4(x86)/ AS4(EM64T)	FJSVihs	T001003LP-02
Interstage Web Server V9.0.0 [d]	RHEL5(x86)/ RHEL5(Intel64)	FJSVihs	T001044LP-02
Interstage Web Server V9.0.1 [d]	RHEL-AS4(x86)/ AS4(EM64T)	FJSVihs	T001003LP-02
Interstage Web Server V9.0.1 [d]	RHEL5(x86)/ RHEL5(Intel64)	FJSVihs	T001044LP-02

Interstage Application Framework Suite
製品名	対象OS	パッケージ名	Patch ID
Interstage Application Framework Suite Enterprise Edition V6.0L10 [a]	Windows	F3FMihs	TP29823
Interstage Application Framework Suite Standard Edition V6.0L10 [a]	Windows	F3FMihs	TP29823
Interstage Application Framework Suite Web Edition V6.0L10 [a]	Windows	F3FMihs	TP29823
Interstage Application Framework Suite Web Edition V6.0L10A [a]	Windows	F3FMihs	TP29823
Interstage Application Framework Suite Enterprise Edition V6.0L10B [a]	Windows	F3FMihs	TP29823
Interstage Application Framework Suite Standard Edition V6.0L10B [a]	Windows	F3FMihs	TP29823
Interstage Application Framework Suite Web Edition V6.0L10B [a]	Windows	F3FMihs	TP29823
Interstage Application Framework Suite Enterprise Edition V6.0L10C [a]	Windows	F3FMihs	TP49823
Interstage Application Framework Suite Standard Edition V6.0L10C [a]	Windows	F3FMihs	TP49823
Interstage Application Framework Suite Web Edition V6.0L10C [a]	Windows	F3FMihs	TP49823
Interstage Application Framework Suite Standard Edition V7.0L10 [a]	Windows	F3FMihs	TP39823
Interstage Application Framework Suite Web Edition V7.0L10 [a]	Windows	F3FMihs	TP39823
Interstage Application Framework Suite Standard Edition V7.0L11 [a]	Windows	F3FMihs	TP39823
Interstage Application Framework Suite Web Edition V7.0L11 [a]	Windows	F3FMihs	TP39823
Interstage Application Framework Suite Enterprise Edition 6.0 [c]	Solaris	FJSVihs	T0103S-07
Interstage Application Framework Suite Standard Edition 6.0 [c]	Solaris	FJSVihs	T0103S-07
Interstage Application Framework Suite Web Edition 6.0 [c]	Solaris	FJSVihs	T0103S-07
Interstage Application Framework Suite Enterprise Edition 6.0.1 [c]	Solaris	FJSVihs	T0138S-06
Interstage Application Framework Suite Standard Edition 6.0.1 [c]	Solaris	FJSVihs	T0138S-06
Interstage Application Framework Suite Web Edition 6.0.1 [c]	Solaris	FJSVihs	T0138S-06
Interstage Application Framework Suite Enterprise Edition 6.0.2 [c]	Solaris	FJSVihs	T016RS-05
Interstage Application Framework Suite Standard Edition 6.0.2 [c]	Solaris	FJSVihs	T016RS-05
Interstage Application Framework Suite Web Edition 6.0.2 [c]	Solaris	FJSVihs	T016RS-05
Interstage Application Framework Suite Standard Edition 7.0 [c]	Solaris	FJSVihs	T013RS-06
Interstage Application Framework Suite Web Edition 7.0 [c]	Solaris	FJSVihs	T013RS-06
Interstage Application Framework Suite Enterprise Edition 7.0.1 [c]	Solaris	FJSVihs	T013RS-06
Interstage Application Framework Suite Standard Edition 7.0.2 [c]	Solaris	FJSVihs	T023AS-05
Interstage Application Framework Suite Web Edition 7.0.2 [c]	Solaris	FJSVihs	T023AS-05
Interstage Application Framework Suite Enterprise Edition V6.0L10 [c]	RHEL-AS3(x86)/ ES3(x86)	FJSVihs	T00258-07
Interstage Application Framework Suite Standard Edition V6.0L10 [c]	RHEL-AS3(x86)/ ES3(x86)	FJSVihs	T00258-07
Interstage Application Framework Suite Web Edition V6.0L10 [c]	RHEL-AS2.1(x86)/ ES2.1(x86)	FJSVihs	T00258-07
Interstage Application Framework Suite Web Edition V6.0L11 [c]	RHEL-AS2.1(x86)/ ES2.1(x86)/ AS3(x86)/ ES3(x86)	FJSVihs	T00258-07
Interstage Application Framework Suite Standard Edition V7.0L10 [c]	RHEL-AS3(x86)/ ES3(x86)	FJSVihs	T00603-05
Interstage Application Framework Suite Web Edition V7.0L10 [c]	RHEL-AS3(x86)/ ES3(x86)	FJSVihs	T00603-05
Interstage Application Framework Suite Standard Edition V7.0L11 [c]	RHEL-AS3(x86)/ ES3(x86)/ AS4(x86)	FJSVihs	T00603-05
Interstage Application Framework Suite Web Edition V7.0L11 [c]	RHEL-AS3(x86)/ ES3(x86)/ AS4(x86)	FJSVihs	T00603-05

Interstage Apworks
製品名	対象OS	パッケージ名	Patch ID
Interstage Apworks Enterprise Edition V6.0L10 [a]	Windows	F3FMihs	TP29823
Interstage Apworks Standard Edition V6.0L10 [a]	Windows	F3FMihs	TP29823
Interstage Apworks Modelers-J Edition V6.0L10 [a]	Windows	F3FMihs	TP29823
Interstage Apworks Enterprise Edition V6.0L10A [a]	Windows	F3FMihs	TP29823
Interstage Apworks Standard Edition V6.0L10A [a]	Windows	F3FMihs	TP29823
Interstage Apworks Modelers-J Edition V6.0L10A [a]	Windows	F3FMihs	TP29823
Interstage Apworks Enterprise Edition V6.0L10B [a]	Windows	F3FMihs	TP29823
Interstage Apworks Enterprise Edition V7.0L10 [a]	Windows	F3FMihs	TP39823
Interstage Apworks Standard Edition V7.0L10 [a]	Windows	F3FMihs	TP39823
Interstage Apworks Modelers-J Edition V7.0L10 [a]	Windows	F3FMihs	TP39823
Interstage Apworks Enterprise Edition 8.0.0 [a]	Windows	F3FMihs	T000106WP-04
Interstage Apworks Standard-J Edition 8.0.1 [a]	Windows	F3FMihs	T000106WP-04
Interstage Apworks Enterprise Edition 8.1.0 [a]	Windows	F3FMihs	T000106WP-04

Interstage Studio
製品名	対象OS	パッケージ名	Patch ID
Interstage Studio Enterprise Edition V9.0.0 [b]	Windows	F3FMihs	T001001WP-02
Interstage Studio Standard-J Edition V9.0.0 [b]	Windows	F3FMihs	T001001WP-02
Interstage Studio with UML Modeling Tool V9.0.0 [b]	Windows	F3FMihs	T001001WP-02
Interstage Studio Enterprise Edition V9.0.0A [b]	Windows	F3FMihs	T001001WP-02
Interstage Studio Standard-J Edition V9.0.0A [b]	Windows	F3FMihs	T001001WP-02
Interstage Studio Enterprise Edition V9.0.1 [b]	Windows	F3FMihs	T001001WP-02
Interstage Studio Standard-J Edition V9.0.1 [b]	Windows	F3FMihs	T001001WP-02

Interstage Business Application Server
製品名	対象OS	パッケージ名	Patch ID
Interstage Business Application Server Standard Edition 8.0.0 [a]	Windows	F3FMihs	T000106WP-04
Interstage Business Application Server Standard Edition 8.0.1 [a]	Windows	F3FMihs	T000106WP-04
Interstage Business Application Server Enterprise Edition 7.0 [c]	Solaris	FJSVihs	T013RS-06
Interstage Business Application Server Enterprise Edition 7.0.1 [c]	Solaris	FJSVihs	T013RS-06
Interstage Business Application Server Enterprise Edition 8.0.0 [c]	Solaris	FJSVihs	T000180SP-04
Interstage Business Application Server Standard Edition 8.0.0 [c]	Solaris	FJSVihs	T000180SP-04
Interstage Business Application Server Enterprise Edition 8.0.1 [c]	Solaris	FJSVihs	T000180SP-04
Interstage Business Application Server Standard Edition 8.0.0 [c]	RHEL-AS4(x86)/ AS4(EM64T)	FJSVihs	T000181LP-03
Interstage Business Application Server Enterprise Edition 8.0.0 [c]	RHEL-AS4(IPF)	FJSVihs	T000179QP-03
Interstage Business Application Server Standard Edition 8.0.0 [c]	RHEL-AS4(IPF)	FJSVihs	T000179QP-03
Interstage Business Application Server Enterprise Edition 8.0.1 [c]	RHEL-AS4(IPF)	FJSVihs	T000179QP-03
Interstage Business Application Server Standard Edition 8.0.1 [c]	RHEL-AS4(IPF)	FJSVihs	T000179QP-03

Interstage Job Workload Server
製品名	対象OS	パッケージ名	Patch ID
Interstage Job Workload Server 8.1.1 [c]	Solaris	FJSVihs	T000180SP-04
Interstage Job Workload Server 8.0.0 [c]	RHEL-AS4(IPF)	FJSVihs	T000179QP-03
Interstage Job Workload Server 8.0.1 [c]	RHEL-AS4(IPF)	FJSVihs	T000179QP-03
Interstage Job Workload Server 8.1.0 [c]	RHEL-AS4(IPF)	FJSVihs	T000179QP-03
Interstage Job Workload Server 8.1.1 [c]	RHEL-AS4(IPF)	FJSVihs	T000179QP-03

Systemwalker Resource Coordinator
製品名	対象OS	パッケージ名	Patch ID
Systemwalker Resource Coordinator 12.1 [c]	Solaris	FJSVihs	T013RS-06
Systemwalker Resource Coordinator 12.2 [c]	Solaris	FJSVihs	T023AS-05
Systemwalker Resource Coordinator V12.0L20 [c]	RHEL-AS3(x86)/ ES3(x86)	FJSVihs	T00603-05
Systemwalker Resource Coordinator V12.0L30 [c]	RHEL-AS3(x86)/ ES3(x86)	FJSVihs	T00603-05

参考: 該当製品の確認方法

製品のバージョンを確認するには、製品に添付の「ソフトウェア説明書」を参照してください。

3-3. 回避方法

環境定義ファイル(httpd.conf)において、下記ディレクティブを削除するか、または先頭にハッシュマーク(#)を追加してコメント行にすることで、サーバステータス監視機能を無効にしてください。定義編集後はWebサーバを再起動してください。

製品[a]の場合
#LoadModule status_module modules/mod_status.so
#AddModule mod_status.c
#ExtendedStatus On
#<Location /server-status>
#    SetHandler server-status
#    ・
#    ・
#    ・
#</Location>
製品[b]の場合
#LoadModule status_module "C:/Interstage/F3FMihs/modules/mod_status.so"
#ExtendedStatus On
#<Location /server-status>
#    SetHandler server-status
#    ・
#    ・
#    ・
#</Location>
製品[c]の場合
#LoadModule status_module libexec/mod_status.so
#AddModule mod_status.c
#ExtendedStatus On
#<Location /server-status>
#    SetHandler server-status
#    ・
#    ・
#    ・
#</Location>
製品[d]の場合
#LoadModule status_module "/opt/FJSVihs/modules/mod_status.so"
#ExtendedStatus On
#<Location /server-status>
#    SetHandler server-status
#    ・
#    ・
#    ・
#</Location>

4. 関連情報

CVE-2007-6388
Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388

5. 改版履歴

2008年12月17日新規掲載