Published:2010/05/17  Last Updated:2010/05/17

JVN#90248889
Interstage Application Server vulnerable in request processing

Overview

The Servlet service provided by the Interstage Application Server from Fujitsu Limited, contains a vulnerability where certain requests are not processed properly.

Products Affected

  • Interstage Application Framework Suite
  • Interstage Application Server
  • Interstage Business Application Server
  • Interstage List Manager
For information about the affected editions and versions, refer to the information provided by the developer.

Description

The Servlet service provided by the Interstage Application Server from Fujitsu Limited, contains a vulnerability where certain requests may be handled improperly depending on the settings at the load balancing device.

Impact

Invalid requests may be processed or user information may be leaked.

According to the developer, the impact of this vulnerability depends on the implementation of the web application.

Solution

Update the Software
Update to the latest version according to the information provided by the developer.

Apply a Workaround
Until an update can be applied, the workaround below may reduce the impact of this vulnerability:

  • Adjust the settings at the load balancing device so that each server begins to receive sorted requests, in at least 5 minute intervals.

Vendor Status

Vendor Status Last Update Vendor Notes
FUJITSU LIMITED Vulnerable 2010/05/17

References

JPCERT/CC Addendum

Credit

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE CVE-2010-1942
JVN iPedia JVNDB-2010-000018

Update History