Interstage Application Server: 情報漏えいの脆弱性について(CVE-2008-2370/CVE-2008-5515) (2010年10月27日)


本セキュリティサイトについてのご注意

1.脆弱性の説明

Servletサービスにおいて、情報漏えいの脆弱性が確認されました。

富士通は、「3. 該当システム・対策情報」にセキュリティパッチ、回避方法を提供していますので、早急に適用する様にお願いします。

Interstage製品については以下のページを参照してください。
https://www.fujitsu.com/jp/products/software/middleware/business-middleware/interstage/

2. 脆弱性のもたらす脅威

Webアプリケーション配下のアクセス制限をつけて保護しているコンテンツまたは内部情報を、遠隔の第三者によって取得される可能性があります。

本脆弱性の深刻度に関しては、「4. 関連情報」に記載のJVNおよびIPAの公開情報内にある、JVN「JPCERT/CCによる脆弱性分析結果」、IPA「本脆弱性の深刻度」を参照願います。

3. 該当システム・対策情報

3-1.該当システム

GP7000F, PRIMEPOWER, GP-S, SPARC Enterprise, PRIMERGY, GP5000, CELSIUS, FMVシリーズ, AT互換機, PRIMEQUEST

3-2.該当製品・対策Patch

Interstage Application Framework Suite
Interstage Application Server
Interstage Apworks/Studio
Interstage Business Application Server
Interstage Job Workload Server
Interstage Web Server

Interstage Application Framework Suite
製品名対象OSパッケージ名Patch ID
Interstage Application Framework Suite Enterprise Edition 6.0Solaris 7, 8, 9FJSVjs4T0114S-07
Interstage Application Framework Suite Enterprise Edition 6.0.1Solaris 7, 8, 9FJSVjs4T0163S-09
Interstage Application Framework Suite Enterprise Edition 6.0.2Solaris 7, 8, 9FJSVjs4T0315S-03
Interstage Application Framework Suite Enterprise Edition 7.0.1Solaris 8, 9, 10FJSVjs4T020LS-11
Interstage Application Framework Suite Standard Edition 6.0Solaris 7, 8, 9FJSVjs4T0114S-07
Interstage Application Framework Suite Standard Edition 6.0.1Solaris 7, 8, 9FJSVjs4T0163S-09
Interstage Application Framework Suite Standard Edition 6.0.2Solaris 7, 8, 9FJSVjs4T0315S-03
Interstage Application Framework Suite Standard Edition 7.0Solaris 8, 9FJSVjs4T020LS-11
Interstage Application Framework Suite Standard Edition 7.0.2Solaris 8, 9, 10FJSVjs4T020LS-11
Interstage Application Framework Suite Web Edition 6.0Solaris 7, 8, 9FJSVjs4T0114S-07
Interstage Application Framework Suite Web Edition 6.0.1Solaris 7, 8, 9FJSVjs4T0163S-09
Interstage Application Framework Suite Web Edition 6.0.2Solaris 7, 8, 9FJSVjs4T0315S-03
Interstage Application Framework Suite Web Edition 7.0Solaris 8, 9FJSVjs4T020LS-11
Interstage Application Framework Suite Web Edition 7.0.2Solaris 8, 9, 10FJSVjs4T020LS-11
Interstage Application Framework Suite Enterprise Edition V6.0L10Windows Server 2003/ Windows 2000 Server/ Windows NT Server 4.0F3FMjs4TK00543
Interstage Application Framework Suite Enterprise Edition V6.0L10BWindows Server 2003/ Windows 2000 Server/ Windows NT Server 4.0F3FMjs4TK00543
Interstage Application Framework Suite Enterprise Edition V6.0L10CWindows Server 2003/ Windows 2000 Server/ Windows NT Server 4.0F3FMjs4TK00543
Interstage Application Framework Suite Standard Edition V6.0L10Windows Server 2003/ Windows 2000 Server/ Windows NT Server 4.0F3FMjs4TK00543
Interstage Application Framework Suite Standard Edition V6.0L10BWindows Server 2003/ Windows 2000 Server/ Windows NT Server 4.0F3FMjs4TK00543
Interstage Application Framework Suite Standard Edition V6.0L10CWindows Server 2003/ Windows 2000 Server/ Windows NT Server 4.0F3FMjs4TK00543
Interstage Application Framework Suite Standard Edition V7.0L10Windows Server 2003/ Windows 2000 ServerF3FMjs4TK00544
Interstage Application Framework Suite Standard Edition V7.0L11Windows Server 2003/ Windows 2000 ServerF3FMjs4TK00544
Interstage Application Framework Suite Web Edition V6.0L10Windows Server 2003/ Windows 2000 Server/ Windows NT Server 4.0F3FMjs4TK00543
Interstage Application Framework Suite Web Edition V6.0L10AWindows Server 2003/ Windows 2000 Server/ Windows NT Server 4.0F3FMjs4TK00543
Interstage Application Framework Suite Web Edition V6.0L10BWindows Server 2003/ Windows 2000 Server/ Windows NT Server 4.0F3FMjs4TK00543
Interstage Application Framework Suite Web Edition V6.0L10CWindows Server 2003/ Windows 2000 Server/ Windows NT Server 4.0F3FMjs4TK00543
Interstage Application Framework Suite Web Edition V7.0L10Windows Server 2003/ Windows 2000 ServerF3FMjs4TK00544
Interstage Application Framework Suite Web Edition V7.0L11Windows Server 2003/ Windows 2000 ServerF3FMjs4TK00544
Interstage Application Framework Suite Enterprise Edition V6.0L10RHEL-AS3(x86)/ ES3(x86)FJSVjs4T00274-09
Interstage Application Framework Suite Standard Edition V6.0L10RHEL-AS3(x86)/ ES3(x86)FJSVjs4T00274-09
Interstage Application Framework Suite Standard Edition V7.0L10RHEL-AS3(x86)/ ES3(x86)FJSVjs4T00836-09
Interstage Application Framework Suite Standard Edition V7.0L11RHEL-AS3(x86)/ ES3(x86)/ AS4(x86)FJSVjs4T00836-09
Interstage Application Framework Suite Web Edition V6.0L10RHEL-AS2.1(x86)/ ES2.1(x86)FJSVjs4T00274-09
Interstage Application Framework Suite Web Edition V6.0L11RHEL-AS2.1(x86)/ ES2.1(x86)/ AS3(x86)/ ES3(x86)FJSVjs4T00274-09
Interstage Application Framework Suite Web Edition V7.0L10RHEL-AS3(x86)/ ES3(x86)FJSVjs4T00836-09
Interstage Application Framework Suite Web Edition V7.0L11RHEL-AS3(x86)/ ES3(x86)/ AS4(x86)FJSVjs4T00836-09
Interstage Application Server
製品名対象OSパッケージ名Patch ID
Interstage Application Server Enterprise Edition 6.0Solaris 7, 8, 9FJSVjs4T0114S-07
Interstage Application Server Enterprise Edition 6.0.1Solaris 7, 8, 9FJSVjs4T0163S-09
Interstage Application Server Enterprise Edition 6.0.2Solaris 7, 8, 9FJSVjs4T0315S-03
Interstage Application Server Enterprise Edition 7.0Solaris 8, 9FJSVjs4T020LS-11
Interstage Application Server Enterprise Edition 7.0.1Solaris 8, 9, 10FJSVjs4T020LS-11
Interstage Application Server Enterprise Edition 8.0.0Solaris 9, 10FJSVjs4T000572SP-12
Interstage Application Server Enterprise Edition 8.0.0Solaris 9, 10FJSVjs4T000574SP-12(*1)
Interstage Application Server Enterprise Edition 8.0.3Solaris 9, 10FJSVjs4T000572SP-12
Interstage Application Server Enterprise Edition 8.0.3Solaris 9, 10FJSVjs4T000574SP-12(*1)
Interstage Application Server Enterprise Edition V9.0.0Solaris 9, 10FJSVjs5T001575SP-03
Interstage Application Server Enterprise Edition V9.0.0Solaris 9, 10FJSVjs4T001582SP-02
Interstage Application Server Enterprise Edition V9.1.0Solaris 9, 10FJSVjs5T003517SP-01
Interstage Application Server Enterprise Edition V9.1.0Solaris 9, 10FJSVjs4T003525SP-01
Interstage Application Server Enterprise Edition V9.1.0ASolaris 9, 10FJSVjs5T003517SP-01
Interstage Application Server Enterprise Edition V9.1.0ASolaris 9, 10FJSVjs4T003525SP-01
Interstage Application Server Enterprise Edition V9.1.0BSolaris 9, 10FJSVjs5T003517SP-01
Interstage Application Server Enterprise Edition V9.1.0BSolaris 9, 10FJSVjs4T003525SP-01
Interstage Application Server Standard Edition 6.0Solaris 7, 8, 9FJSVjs4T0114S-07
Interstage Application Server Standard Edition 6.0.1Solaris 7, 8, 9FJSVjs4T0163S-09
Interstage Application Server Standard Edition 6.0.2Solaris 7, 8, 9FJSVjs4T0315S-03
Interstage Application Server Standard Edition 7.0Solaris 8, 9FJSVjs4T020LS-11
Interstage Application Server Standard Edition 7.0.1Solaris 8, 9, 10FJSVjs4T020LS-11
Interstage Application Server Standard-J Edition 8.0.0Solaris 9, 10FJSVjs4T000573SP-12
Interstage Application Server Standard-J Edition 8.0.0Solaris 9, 10FJSVjs4T000574SP-12(*1)
Interstage Application Server Standard-J Edition 8.0.3Solaris 9, 10FJSVjs4T000573SP-12
Interstage Application Server Standard-J Edition 8.0.3Solaris 9, 10FJSVjs4T000574SP-12(*1)
Interstage Application Server Standard-J Edition V9.0.0Solaris 9, 10FJSVjs5T001575SP-03
Interstage Application Server Standard-J Edition V9.0.0Solaris 9, 10FJSVjs4T001582SP-02
Interstage Application Server Standard-J Edition V9.1.0Solaris 9, 10FJSVjs5T003517SP-01
Interstage Application Server Standard-J Edition V9.1.0Solaris 9, 10FJSVjs4T003525SP-01
Interstage Application Server Standard-J Edition V9.1.0ASolaris 9, 10FJSVjs5T003517SP-01
Interstage Application Server Standard-J Edition V9.1.0ASolaris 9, 10FJSVjs4T003525SP-01
Interstage Application Server Standard-J Edition V9.1.0BSolaris 9, 10FJSVjs5T003517SP-01
Interstage Application Server Standard-J Edition V9.1.0BSolaris 9, 10FJSVjs4T003525SP-01
Interstage Application Server Plus 6.0Solaris 7, 8, 9FJSVjs4T0114S-07
Interstage Application Server Plus 6.0.1Solaris 7, 8, 9FJSVjs4T0163S-09
Interstage Application Server Plus 6.0.2Solaris 7, 8, 9FJSVjs4T0315S-03
Interstage Application Server Plus 7.0Solaris 8, 9FJSVjs4T020LS-11
Interstage Application Server Plus 7.0.1Solaris 8, 9, 10FJSVjs4T020LS-11
Interstage Application Server Web-J Edition 6.0Solaris 7, 8, 9FJSVjs4T0114S-07
Interstage Application Server Web-J Edition 6.0.1Solaris 7, 8, 9FJSVjs4T0163S-09
Interstage Application Server Web-J Edition 6.0.2Solaris 7, 8, 9FJSVjs4T0315S-03
Interstage Application Server Web-J Edition 7.0Solaris 8, 9FJSVjs4T020LS-11
Interstage Application Server Web-J Edition 7.0.1Solaris 8, 9, 10FJSVjs4T020LS-11
Interstage Application Server Web-J Edition 8.0.0Solaris 9, 10FJSVjs4T000574SP-12
Interstage Application Server Web-J Edition 8.0.3Solaris 9, 10FJSVjs4T000574SP-12
Interstage Application Server Enterprise Edition V6.0L10Windows Server 2003/ Windows 2000 Server/ Windows NT Server 4.0F3FMjs4TK00543
Interstage Application Server Enterprise Edition V6.0L10BWindows Server 2003/ Windows 2000 Server/ Windows NT Server 4.0F3FMjs4TK00543
Interstage Application Server Enterprise Edition V6.0L10CWindows Server 2003/ Windows 2000 Server/ Windows NT Server 4.0F3FMjs4TK00543
Interstage Application Server Enterprise Edition V7.0L10Windows Server 2003/ Windows 2000 ServerF3FMjs4TK00544
Interstage Application Server Enterprise Edition V7.0L11Windows Server 2003/ Windows 2000 ServerF3FMjs4TK00544
Interstage Application Server Enterprise Edition 8.0.0Windows Server 2003/ Windows 2000 ServerF3FMjs4T000685WP-06
Interstage Application Server Enterprise Edition 8.0.0Windows Server 2003/ Windows 2000 ServerF3FMjs4T000687WP-06(*1)
Interstage Application Server Enterprise Edition 8.0.1Windows Server 2003/ Windows 2000 ServerF3FMjs4T000685WP-06
Interstage Application Server Enterprise Edition 8.0.1Windows Server 2003/ Windows 2000 ServerF3FMjs4T000687WP-06(*1)
Interstage Application Server Enterprise Edition 8.0.3Windows Server 2003/ Windows 2000 ServerF3FMjs4T000685WP-06
Interstage Application Server Enterprise Edition 8.0.3Windows Server 2003/ Windows 2000 ServerF3FMjs4T000687WP-06(*1)
Interstage Application Server Enterprise Edition V9.0.0Windows Server 2003/ Windows 2000 ServerF3FMjs5T001574WP-03
Interstage Application Server Enterprise Edition V9.0.0Windows Server 2003/ Windows 2000 ServerF3FMjs4T001581WP-01
Interstage Application Server Enterprise Edition V9.1.0Windows Server 2008/ Windows Server 2003/ Windows 2000 ServerF3FMjs5T003389WP-02
Interstage Application Server Enterprise Edition V9.1.0Windows Server 2008/ Windows Server 2003/ Windows 2000 ServerF3FMjs4T003524WP-01
Interstage Application Server Enterprise Edition V9.1.0BWindows Server 2008/ Windows Server 2003/ Windows 2000 ServerF3FMjs5T003389WP-02
Interstage Application Server Enterprise Edition V9.1.0BWindows Server 2008/ Windows Server 2003/ Windows 2000 ServerF3FMjs4T003524WP-01
Interstage Application Server Standard Edition V6.0L10Windows Server 2003/ Windows 2000 Server/ Windows NT Server 4.0F3FMjs4TK00543
Interstage Application Server Standard Edition V6.0L10BWindows Server 2003/ Windows 2000 Server/ Windows NT Server 4.0F3FMjs4TK00543
Interstage Application Server Standard Edition V6.0L10CWindows Server 2003/ Windows 2000 Server/ Windows NT Server 4.0F3FMjs4TK00543
Interstage Application Server Standard Edition V7.0L10Windows Server 2003/ Windows 2000 ServerF3FMjs4TK00544
Interstage Application Server Standard Edition V7.0L11Windows Server 2003/ Windows 2000 ServerF3FMjs4TK00544
Interstage Application Server Standard-J Edition 8.0.0Windows Server 2003/ Windows 2000 ServerF3FMjs4T000686WP-06
Interstage Application Server Standard-J Edition 8.0.0Windows Server 2003/ Windows 2000 ServerF3FMjs4T000687WP-06(*1)
Interstage Application Server Standard-J Edition 8.0.1Windows Server 2003/ Windows 2000 ServerF3FMjs4T000686WP-06
Interstage Application Server Standard-J Edition 8.0.1Windows Server 2003/ Windows 2000 ServerF3FMjs4T000687WP-06(*1)
Interstage Application Server Standard-J Edition 8.0.3Windows Server 2003/ Windows 2000 ServerF3FMjs4T000686WP-06
Interstage Application Server Standard-J Edition 8.0.3Windows Server 2003/ Windows 2000 ServerF3FMjs4T000687WP-06(*1)
Interstage Application Server Standard-J Edition V9.0.0Windows Server 2003/ Windows 2000 ServerF3FMjs5T001574WP-03
Interstage Application Server Standard-J Edition V9.0.0Windows Server 2003/ Windows 2000 ServerF3FMjs4T001581WP-01
Interstage Application Server Standard-J Edition V9.1.0Windows Server 2008/ Windows Server 2003/ Windows 2000 ServerF3FMjs5T003389WP-02
Interstage Application Server Standard-J Edition V9.1.0Windows Server 2008/ Windows Server 2003/ Windows 2000 ServerF3FMjs4T003524WP-01
Interstage Application Server Standard-J Edition V9.1.0BWindows Server 2008/ Windows Server 2003/ Windows 2000 ServerF3FMjs5T003389WP-02
Interstage Application Server Standard-J Edition V9.1.0BWindows Server 2008/ Windows Server 2003/ Windows 2000 ServerF3FMjs4T003524WP-01
Interstage Application Server Plus V6.0L10Windows Server 2003/ Windows 2000 Server/ Windows NT Server 4.0F3FMjs4TK00543
Interstage Application Server Plus V6.0L10AWindows Server 2003/ Windows 2000 Server/ Windows NT Server 4.0F3FMjs4TK00543
Interstage Application Server Plus V6.0L10BWindows Server 2003/ Windows 2000 Server/ Windows NT Server 4.0F3FMjs4TK00543
Interstage Application Server Plus V6.0L10CWindows Server 2003/ Windows 2000 Server/ Windows NT Server 4.0F3FMjs4TK00543
Interstage Application Server Plus V7.0L10Windows Server 2003/ Windows 2000 ServerF3FMjs4TK00544
Interstage Application Server Plus V7.0L11Windows Server 2003/ Windows 2000 ServerF3FMjs4TK00544
Interstage Application Server Plus Developer V6.0L10Windows Server 2003/ Windows 2000 Server/ Windows NT Server 4.0/ Windows XPF3FMjs4TK00543
Interstage Application Server Plus Developer V7.0L10Windows Server 2003/ Windows 2000 Server/ Windows XPF3FMjs4TK00544
Interstage Application Server Web-J Edition V6.0L10Windows Server 2003/ Windows 2000 Server/ Windows NT Server 4.0F3FMjs4TK00543
Interstage Application Server Web-J Edition V6.0L10AWindows Server 2003/ Windows 2000 Server/ Windows NT Server 4.0F3FMjs4TK00543
Interstage Application Server Web-J Edition V6.0L10BWindows Server 2003/ Windows 2000 Server/ Windows NT Server 4.0F3FMjs4TK00543
Interstage Application Server Web-J Edition V6.0L10CWindows Server 2003/ Windows 2000 Server/ Windows NT Server 4.0F3FMjs4TK00543
Interstage Application Server Web-J Edition V7.0L10Windows Server 2003/ Windows 2000 ServerF3FMjs4TK00544
Interstage Application Server Web-J Edition V7.0L10AWindows Server 2003/ Windows 2000 ServerF3FMjs4TK00544
Interstage Application Server Web-J Edition V7.0L11Windows Server 2003/ Windows 2000 ServerF3FMjs4TK00544
Interstage Application Server Web-J Edition 8.0.0Windows Server 2003/ Windows 2000 ServerF3FMjs4T000687WP-06
Interstage Application Server Web-J Edition 8.0.1Windows Server 2003/ Windows 2000 ServerF3FMjs4T000687WP-06
Interstage Application Server Web-J Edition 8.0.3Windows Server 2003/ Windows 2000 ServerF3FMjs4T000687WP-06
Interstage Application Server Enterprise Edition 8.0.0Windows Server 2003(IPF)F3FMjs4後日提供
Interstage Application Server Enterprise Edition 8.0.3Windows Server 2003(IPF)F3FMjs4後日提供
Interstage Application Server Enterprise Edition V9.0.0Windows Server 2003(IPF)F3FMjs5T001580IP-02
Interstage Application Server Enterprise Edition V9.0.0Windows Server 2003(IPF)F3FMjs4T001585IP-01
Interstage Application Server Enterprise Edition V9.1.0Windows Server 2008(IPF)/ Windows Server 2003(IPF)F3FMjs5T003523IP-01
Interstage Application Server Enterprise Edition V9.1.0Windows Server 2008(IPF)/ Windows Server 2003(IPF)F3FMjs4T003528IP-01
Interstage Application Server Standard-J Edition V9.0.0Windows Server 2003(IPF)F3FMjs5T001580IP-02
Interstage Application Server Standard-J Edition V9.0.0Windows Server 2003(IPF)F3FMjs4T001585IP-01
Interstage Application Server Standard-J Edition V9.1.0Windows Server 2008(IPF)/ Windows Server 2003(IPF)F3FMjs5T003523IP-01
Interstage Application Server Standard-J Edition V9.1.0Windows Server 2008(IPF)/ Windows Server 2003(IPF)F3FMjs4T003528IP-01
Interstage Application Server Enterprise Edition V6.0L10RHEL-AS3(x86)/ ES3(x86)FJSVjs4T00274-09
Interstage Application Server Enterprise Edition V7.0L10RHEL-AS3(x86)/ ES3(x86)FJSVjs4T00836-09
Interstage Application Server Enterprise Edition V7.0L11RHEL-AS3(x86)/ ES3(x86)/ AS4(x86)FJSVjs4T00836-09
Interstage Application Server Enterprise Edition 8.0.0RHEL-AS4(x86)/ AS4(EM64T)FJSVjs4T000682LP-08
Interstage Application Server Enterprise Edition 8.0.0RHEL-AS4(x86)/ AS4(EM64T)FJSVjs4T000684LP-08(*1)
Interstage Application Server Enterprise Edition 8.0.3RHEL-AS4(x86)/ AS4(EM64T)FJSVjs4T000682LP-08
Interstage Application Server Enterprise Edition 8.0.3RHEL-AS4(x86)/ AS4(EM64T)FJSVjs4T000684LP-08(*1)
Interstage Application Server Enterprise Edition V9.0.0RHEL-AS4(x86)/ AS4(EM64T)FJSVjs5T001576LP-03
Interstage Application Server Enterprise Edition V9.0.0RHEL5(x86)/ RHEL5(Intel64)FJSVjs5T001577LP-03
Interstage Application Server Enterprise Edition V9.0.0RHEL-AS4(x86)/ AS4(EM64T)FJSVjs4T001583LP-01
Interstage Application Server Enterprise Edition V9.0.1RHEL-AS4(x86)/ AS4(EM64T)FJSVjs5T001284LP-03
Interstage Application Server Enterprise Edition V9.0.1RHEL5(x86)/ RHEL5(Intel64)FJSVjs5T001285LP-03
Interstage Application Server Enterprise Edition V9.0.1RHEL-AS4(x86)/ AS4(EM64T)FJSVjs4T001586LP-01
Interstage Application Server Enterprise Edition V9.0.1BRHEL5(x86)/ RHEL5(Intel64)FJSVjs5T001285LP-03
Interstage Application Server Enterprise Edition V9.1.0RHEL-AS4(x86)/ AS4(EM64T)FJSVjs5T003518LP-01
Interstage Application Server Enterprise Edition V9.1.0RHEL5(x86)/ RHEL5(Intel64)FJSVjs5T003520LP-01
Interstage Application Server Enterprise Edition V9.1.0RHEL-AS4(x86)/ AS4(EM64T)FJSVjs4T003526LP-01
Interstage Application Server Enterprise Edition V9.1.0BRHEL-AS4(x86)/ AS4(EM64T)FJSVjs5T003518LP-01
Interstage Application Server Enterprise Edition V9.1.0BRHEL5(x86)/ RHEL5(Intel64)FJSVjs5T003520LP-01
Interstage Application Server Enterprise Edition V9.1.0BRHEL-AS4(x86)/ AS4(EM64T)FJSVjs4T003526LP-01
Interstage Application Server Standard Edition V6.0L10RHEL-AS3(x86)/ ES3(x86)FJSVjs4T00274-09
Interstage Application Server Standard Edition V7.0L10RHEL-AS3(x86)/ ES3(x86)FJSVjs4T00836-09
Interstage Application Server Standard Edition V7.0L11RHEL-AS3(x86)/ ES3(x86)/ AS4(x86)FJSVjs4T00836-09
Interstage Application Server Standard-J Edition 8.0.0RHEL-AS4(x86)/ AS4(EM64T)FJSVjs4T000683LP-08
Interstage Application Server Standard-J Edition 8.0.0RHEL-AS4(x86)/ AS4(EM64T)FJSVjs4T000684LP-08(*1)
Interstage Application Server Standard-J Edition 8.0.3RHEL-AS4(x86)/ AS4(EM64T)FJSVjs4T000683LP-08
Interstage Application Server Standard-J Edition 8.0.3RHEL-AS4(x86)/ AS4(EM64T)FJSVjs4T000684LP-08(*1)
Interstage Application Server Standard-J Edition V9.0.0RHEL-AS4(x86)/ AS4(EM64T)FJSVjs5T001576LP-03
Interstage Application Server Standard-J Edition V9.0.0RHEL5(x86)/ RHEL5(Intel64)FJSVjs5T001577LP-03
Interstage Application Server Standard-J Edition V9.0.0RHEL-AS4(x86)/ AS4(EM64T)FJSVjs4T001583LP-01
Interstage Application Server Standard-J Edition V9.0.1RHEL-AS4(x86)/ AS4(EM64T)FJSVjs5T001284LP-03
Interstage Application Server Standard-J Edition V9.0.1RHEL5(x86)/ RHEL5(Intel64)FJSVjs5T001285LP-03
Interstage Application Server Standard-J Edition V9.0.1RHEL-AS4(x86)/ AS4(EM64T)FJSVjs4T001586LP-01
Interstage Application Server Standard-J Edition V9.0.1BRHEL5(x86)/ RHEL5(Intel64)FJSVjs5T001285LP-03
Interstage Application Server Standard-J Edition V9.1.0RHEL-AS4(x86)/ AS4(EM64T)FJSVjs5T003518LP-01
Interstage Application Server Standard-J Edition V9.1.0RHEL5(x86)/ RHEL5(Intel64)FJSVjs5T003520LP-01
Interstage Application Server Standard-J Edition V9.1.0RHEL-AS4(x86)/ AS4(EM64T)FJSVjs4T003526LP-01
Interstage Application Server Standard-J Edition V9.1.0BRHEL-AS4(x86)/ AS4(EM64T)FJSVjs5T003518LP-01
Interstage Application Server Standard-J Edition V9.1.0BRHEL5(x86)/ RHEL5(Intel64)FJSVjs5T003520LP-01
Interstage Application Server Standard-J Edition V9.1.0BRHEL-AS4(x86)/ AS4(EM64T)FJSVjs4T003526LP-01
Interstage Application Server Plus V6.0L10RHEL-AS2.1(x86)/ ES2.1(x86)FJSVjs4T00274-09
Interstage Application Server Plus V6.0L11RHEL-AS2.1(x86)/ ES2.1(x86)/ AS3(x86)/ ES3(x86)FJSVjs4T00274-09
Interstage Application Server Plus V7.0L10RHEL-AS3(x86)/ ES3(x86)FJSVjs4T00836-09
Interstage Application Server Plus V7.0L11RHEL-AS3(x86)/ ES3(x86)/ AS4(x86)FJSVjs4T00836-09
Interstage Application Server Web-J Edition V6.0L10RHEL-AS2.1(x86)/ ES2.1(x86)FJSVjs4T00274-09
Interstage Application Server Web-J Edition V6.0L11RHEL-AS2.1(x86)/ ES2.1(x86)/ AS3(x86)/ ES3(x86)FJSVjs4T00274-09
Interstage Application Server Web-J Edition V7.0L10RHEL-AS3(x86)/ ES3(x86)FJSVjs4T00836-09
Interstage Application Server Web-J Edition V7.0L11RHEL-AS3(x86)/ ES3(x86)/ AS4(x86)FJSVjs4T00836-09
Interstage Application Server Web-J Edition 8.0.0RHEL-AS4(x86)/ AS4(EM64T)FJSVjs4T000684LP-08
Interstage Application Server Web-J Edition 8.0.3RHEL-AS4(x86)/ AS4(EM64T)FJSVjs4T000684LP-08
Interstage Application Server Enterprise Edition V7.0L10RHEL-AS4(IPF)FJSVjs4T001343QP-03
Interstage Application Server Enterprise Edition 8.0.0RHEL-AS4(IPF)FJSVjs4T000109QP-07
Interstage Application Server Enterprise Edition 8.0.1RHEL-AS4(IPF)FJSVjs4T000681QP-05
Interstage Application Server Enterprise Edition 8.0.3RHEL-AS4(IPF)FJSVjs4T000681QP-05
Interstage Application Server Enterprise Edition V9.0.0RHEL-AS4(IPF)FJSVjs5T001578QP-02
Interstage Application Server Enterprise Edition V9.0.0RHEL5(IPF)FJSVjs5T001579QP-02
Interstage Application Server Enterprise Edition V9.0.0RHEL-AS4(IPF)FJSVjs4T001584QP-01
Interstage Application Server Enterprise Edition V9.1.0RHEL-AS4(IPF)FJSVjs5T003521QP-01
Interstage Application Server Enterprise Edition V9.1.0RHEL5(IPF)FJSVjs5T003522QP-01
Interstage Application Server Enterprise Edition V9.1.0RHEL-AS4(IPF)FJSVjs4T003527QP-01
Interstage Application Server Standard-J Edition V9.0.0RHEL-AS4(IPF)FJSVjs5T001578QP-02
Interstage Application Server Standard-J Edition V9.0.0RHEL5(IPF)FJSVjs5T001579QP-02
Interstage Application Server Standard-J Edition V9.0.0RHEL-AS4(IPF)FJSVjs4T001584QP-01
Interstage Application Server Standard-J Edition V9.1.0RHEL-AS4(IPF)FJSVjs5T003521QP-01
Interstage Application Server Standard-J Edition V9.1.0RHEL5(IPF)FJSVjs5T003522QP-01
Interstage Application Server Standard-J Edition V9.1.0RHEL-AS4(IPF)FJSVjs4T003527QP-01
Interstage Apworks/Studio
製品名対象OSパッケージ名Patch ID
Interstage Apworks Enterprise Edition V6.0L10Windows Server 2003/ Windows 2000 Server/ Windows NT Server 4.0/ Windows XPF3FMjs4TK00543
Interstage Apworks Enterprise Edition V6.0L10AWindows Server 2003/ Windows 2000 Server/ Windows NT Server 4.0/ Windows XPF3FMjs4TK00543
Interstage Apworks Enterprise Edition V6.0L10BWindows Server 2003/ Windows 2000 Server/ Windows NT Server 4.0/ Windows XPF3FMjs4TK00543
Interstage Apworks Enterprise Edition V7.0L10Windows Server 2003/ Windows 2000 Server/ Windows XPF3FMjs4TK00544
Interstage Apworks Enterprise Edition 8.0.0Windows Server 2003/ Windows 2000 Server/ Windows XPF3FMjs4T000685WP-06
Interstage Apworks Enterprise Edition 8.1.0Windows Server 2003/ Windows 2000 Server/ Windows XPF3FMjs4T000685WP-06
Interstage Apworks Standard Edition V6.0L10Windows Server 2003/ Windows 2000 Server/ Windows NT Server 4.0/ Windows XPF3FMjs4TK00543
Interstage Apworks Standard Edition V6.0L10AWindows Server 2003/ Windows 2000 Server/ Windows NT Server 4.0/ Windows XPF3FMjs4TK00543
Interstage Apworks Standard Edition V7.0L10Windows Server 2003/ Windows 2000 Server/ Windows XPF3FMjs4TK00544
Interstage Apworks Standard-J Edition 8.0.1Windows Server 2003/ Windows 2000 Server/ Windows XPF3FMjs4T000686WP-06
Interstage Apworks Modelers-J Edition V6.0L10Windows 2000 Server/ Windows XPF3FMjs4TK00543
Interstage Apworks Modelers-J Edition V6.0L10AWindows 2000 Server/ Windows XPF3FMjs4TK00543
Interstage Apworks Modelers-J Edition V7.0L10Windows Server 2003/ Windows 2000 Server/ Windows XPF3FMjs4TK00544
Interstage Studio Enterprise Edition V9.0.0Windows Server 2003/ Windows 2000 Server/ Windows XP/ Windows VistaF3FMjs5T001574WP-03
Interstage Studio Enterprise Edition V9.0.0AWindows Server 2003/ Windows 2000 Server/ Windows XP/ Windows VistaF3FMjs5T001574WP-03
Interstage Studio Enterprise Edition V9.0.1Windows Server 2003/ Windows 2000 Server/ Windows XP/ Windows VistaF3FMjs5T001574WP-03
Interstage Studio Enterprise Edition V9.1.0Windows Server 2008/ Windows Server 2003/ Windows 2000 Server/ Windows XP/ Windows VistaF3FMjs5T003389WP-02
Interstage Studio Enterprise Edition V9.1.0BWindows Server 2008/ Windows Server 2003/ Windows 2000 Server/ Windows XP/ Windows VistaF3FMjs5T003389WP-02
Interstage Studio Standard-J Edition V9.0.0Windows Server 2003/ Windows 2000 Server/ Windows XP/ Windows VistaF3FMjs5T001574WP-03
Interstage Studio Standard-J Edition V9.0.0AWindows Server 2003/ Windows 2000 Server/ Windows XP/ Windows VistaF3FMjs5T001574WP-03
Interstage Studio Standard-J Edition V9.0.1Windows Server 2003/ Windows 2000 Server/ Windows XP/ Windows VistaF3FMjs5T001574WP-03
Interstage Studio Standard-J Edition V9.1.0Windows Server 2008/ Windows Server 2003/ Windows 2000 Server/ Windows XP/ Windows VistaF3FMjs5T003389WP-02
Interstage Studio Standard-J Edition V9.1.0BWindows Server 2008/ Windows Server 2003/ Windows 2000 Server/ Windows XP/ Windows VistaF3FMjs5T003389WP-02
Interstage Studio with UML Modeling Tool V9.0.0Windows Server 2003/ Windows 2000 Server/ Windows XP/ Windows VistaF3FMjs5T001574WP-03
Interstage Studio with UML Modeling Tool V9.1.0Windows Server 2008/ Windows Server 2003/ Windows 2000 Server/ Windows XP/ Windows VistaF3FMjs5T003389WP-02
Interstage Studio with UML Modeling Tool V9.1.0BWindows Server 2008/ Windows Server 2003/ Windows 2000 Server/ Windows XP/ Windows VistaF3FMjs5T003389WP-02
Interstage Business Application Server
製品名対象OSパッケージ名Patch ID
Interstage Business Application Server Enterprise Edition 7.0Solaris 8, 9FJSVjs4T020LS-11
Interstage Business Application Server Enterprise Edition 7.0.1Solaris 8, 9FJSVjs4T020LS-11
Interstage Business Application Server Enterprise Edition 8.0.0Solaris 9, 10FJSVjs4T000572SP-12
Interstage Business Application Server Enterprise Edition 8.0.0Solaris 9, 10FJSVjs4T000574SP-12(*1)
Interstage Business Application Server Enterprise Edition 8.0.1Solaris 9, 10FJSVjs4T000572SP-12
Interstage Business Application Server Enterprise Edition 8.0.1Solaris 9, 10FJSVjs4T000574SP-12(*1)
Interstage Business Application Server Standard Edition 8.0.0Solaris 9, 10FJSVjs4T000572SP-12
Interstage Business Application Server Standard Edition 8.0.0Solaris 9, 10FJSVjs4T000574SP-12(*1)
Interstage Business Application Server Standard Edition 8.0.0Windows Server 2003/ Windows 2000 ServerF3FMjs4T000685WP-06
Interstage Business Application Server Standard Edition 8.0.0Windows Server 2003/ Windows 2000 ServerF3FMjs4T000687WP-06(*1)
Interstage Business Application Server Standard Edition 8.0.1Windows Server 2003/ Windows 2000 ServerF3FMjs4T000685WP-06
Interstage Business Application Server Standard Edition 8.0.1Windows Server 2003/ Windows 2000 ServerF3FMjs4T000687WP-06(*1)
Interstage Business Application Server Standard Edition 8.0.0RHEL-AS4(x86)FJSVjs4T000682LP-08
Interstage Business Application Server Standard Edition 8.0.0RHEL-AS4(x86)FJSVjs4T000684LP-08(*1)
Interstage Business Application Server Enterprise Edition 8.0.0RHEL-AS4(IPF)FJSVjs4T000109QP-07
Interstage Business Application Server Enterprise Edition 8.0.1RHEL-AS4(IPF)FJSVjs4T000681QP-05
Interstage Business Application Server Standard Edition 8.0.0RHEL-AS4(IPF)FJSVjs4T000109QP-07
Interstage Business Application Server Standard Edition 8.0.1RHEL-AS4(IPF)FJSVjs4T000109QP-07
Interstage Job Workload Server
製品名対象OSパッケージ名Patch ID
Interstage Job Workload Server 8.1.1Solaris 10FJSVjs4T000572SP-12
Interstage Job Workload Server 8.0.0RHEL-AS4(IPF)FJSVjs4T000109QP-07
Interstage Job Workload Server 8.0.1RHEL-AS4(IPF)FJSVjs4T000109QP-07
Interstage Job Workload Server 8.1.0RHEL-AS4(IPF)FJSVjs4T000109QP-07
Interstage Job Workload Server 8.1.1RHEL-AS4(IPF)FJSVjs4T000681QP-05
Interstage Web Server
製品名対象OSパッケージ名Patch ID
Interstage Web Server V9.0.0Solaris 9, 10FJSVjs5T001575SP-03
Interstage Web Server V9.0.0Solaris 9, 10FJSVjs4T001582SP-02
Interstage Web Server V9.1.0Solaris 9, 10FJSVjs5T003517SP-01
Interstage Web Server V9.1.0Solaris 9, 10FJSVjs4T003525SP-01
Interstage Web Server V9.1.0ASolaris 9, 10FJSVjs5T003517SP-01
Interstage Web Server V9.1.0ASolaris 9, 10FJSVjs4T003525SP-01
Interstage Web Server V9.0.0Windows Server 2003/ Windows 2000 ServerF3FMjs5T001574WP-03
Interstage Web Server V9.0.0Windows Server 2003/ Windows 2000 ServerF3FMjs4T001581WP-01
Interstage Web Server V9.1.0Windows Server 2008/ Windows Server 2003/ Windows 2000 ServerF3FMjs5T003389WP-02
Interstage Web Server V9.1.0Windows Server 2008/ Windows Server 2003/ Windows 2000 ServerF3FMjs4T003524WP-01
Interstage Web Server V9.0.0RHEL-AS4(x86)/ AS4(EM64T)FJSVjs5T001576LP-03
Interstage Web Server V9.0.0RHEL5(x86)/ RHEL5(Intel64)FJSVjs5T001577LP-03
Interstage Web Server V9.0.0RHEL-AS4(x86)/ AS4(EM64T)FJSVjs4T001583LP-01
Interstage Web Server V9.0.1RHEL-AS4(x86)/ AS4(EM64T)FJSVjs5T001284LP-03
Interstage Web Server V9.0.1RHEL5(x86)/ RHEL5(Intel64)FJSVjs5T001285LP-03
Interstage Web Server V9.0.1RHEL-AS4(x86)/ AS4(EM64T)FJSVjs4T001586LP-01
Interstage Web Server V9.1.0RHEL-AS4(x86)/ AS4(EM64T)FJSVjs5T003518LP-01
Interstage Web Server V9.1.0RHEL5(x86)/ RHEL5(Intel64)FJSVjs5T003520LP-01
Interstage Web Server V9.1.0RHEL-AS4(x86)/ AS4(EM64T)FJSVjs4T003526LP-01

Patch IDの表記のみ、あるいはIDの記載のない製品に関しては、当社サポートセンターにお問い合わせください。
(*1) Web Packageをご利用の場合に適用して頂くパッチです。

参考: 該当製品の確認方法

I. 製品バージョンレベルの確認方法
  • V6系の場合
    • Solaris版の場合
      FJSVisasパッケージのパッケージ情報を確認します。
        pkginfo -l FJSVisas
    • Windows版の場合
      [ソフトウェア説明書]の表題を確認します。
        [スタートボタン]
          →[プログラム]
            →[Interstage]
              →[Application Server | Application Framework Suite | Apworks]
                →[ソフトウェア説明書]
    • Linux版の場合
      FJSVisasパッケージのパッケージ情報を確認します。
        rpm -q FJSVisas
  • V7系以降の場合
    isprintvlコマンドで確認します。
      isprintvl

II. 該当Webアプリケーションの確認方法

本脆弱性の影響を受けるか否かは、Webアプリケーションの設定に依存します。
ご利用のWebアプリケーションが以下の条件を満たすかを確認してください。

条件1を満たさない場合は本脆弱性の影響を受けません。
条件1のみ、あるいは条件1, 2をともに満たす場合は、お手数ですが、回避方法について当社サポート窓口までお問い合わせください。

  • 条件1:
    • 1) Webアプリケーションが、以下のいずれかの Servlet API、または JSP アクションを呼び出している。かつ、
      • javax.servlet.ServletContext#getRequestDispatcher(path)で取得したオブジェクトの forward または include メソッド
      • javax.servlet.ServletRequest#getRequestDispatcher(path)で取得したオブジェクトの forward または include メソッド
      • JSP の <jsp:forward page="path"> アクション
      • JSP の <jsp:include page="path"> アクション
    • 2) 1) の引数 path が '?' で始まるクエリ文字列を含む。かつ、
    • 3) クライアントから送信されたデータを2)のクエリ文字列に含めている。
  • 条件2:
    Webアプリケーション内の特定のコンテンツに対してのみ、アクセス制限を行っている。
    以下1)~3)のいずれかまたは複数の場合が該当します。
    Webアプリケーション内の全てのコンテンツに対して等しくアクセス制限を設定している場合は該当しません。
    • 1) Webアプリケーションで、サーブレットの仕様に沿ってアクセス制限機能を使用している。
      Webアプリケーション環境定義ファイル(deployment descriptor: web.xml)に<security-constraint>タグが記載されている場合が該当します。

      【該当する例】<security-constraint>タグでHelloにのみアクセス制限

       <security-constraint>
        <web-resource-collection>
         <web-resource-name>Hello</web-resource-name>
         <url-pattern>/Hello.jsp</url-pattern>
        </web-resource-collection>
        <auth-constraint>
         <role-name>Administrator</role-name>
        </auth-constraint>
       </security-constraint>

      【該当しない例】<security-constraint>タグですべてのコンテンツにアクセス制限

       <security-constraint>
        <web-resource-collection>
         <web-resource-name>all</web-resource-name>
         <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
         <role-name>Administrator</role-name>
        </auth-constraint>
       </security-constraint>
    • 2) Webサーバで、ServletサービスのアプリケーションのURLに対するアクセス制御機能を使用している

      【該当する例】WebサーバがInterstage HTTP Serverの場合の環境定義ファイル(httpd.conf)
      (Hello.jspにだけアクセス制限)

       <Location /j2eesample/Hello.jsp>
        Order deny,allow
        Deny from all
       Allow from 192.168.1.1
       </Location>

      【該当しない例】すべてのコンテンツにアクセス制限

       <Location /j2eesample>
        Order deny,allow
        Deny from all
        Allow from 192.168.1.1
       </Location>
    • 3) その他、以下a)またはb)のようななんらかの方法で、Webアプリケーション内の特定のコンテンツに対してのみアクセス制限を行っている。
      • a) Webアプリケーション独自でアクセス制限機能を実装している
      • b) Webサーバ以外のネットワーク上の何らかのハードウェアまたはソフトウェアでアクセス制限を行っている

3-3. 回避方法

富士通では、本件に関する回避方法を、サポート窓口を通じて該当製品のお客様にご提供いたしますので、お手数ですが、当社サポート窓口までお問い合わせください。

4. 関連情報

本問題は、以下のApache Tomcatの脆弱性に該当します。

5. 改版履歴

  • 2010年10月27日 第2版: 「3. 該当システム・パッチ情報」にて、以下の内容を更新
    • 注記(*1)を追加
    • 一部製品のパッチを追加
    • 下記製品を追加
      • Interstage Application Server Enterprise Edition V9.0.1B
      • Interstage Application Server Enterprise Edition V9.1.0B
      • Interstage Application Server Standard-J Edition V9.1.0B
      • Interstage Studio Enterprise Edition V9.1.0B
      • Interstage Studio Standard-J Edition V9.1.0B
      • Interstage Studio with UML Modeling Tool V9.1.0B
    • 一部製品の対象OSを追加/ 削除
  • 2009年6月9日 新規掲載

ページの先頭へ