Advertisements

 Interstage HTTP Server mod_imap Cross-Site Scripting Vulnerability

Thursday, 17 January 2008

Cross Site Scripting (XSS) problem in Interstage HTTP Server(CVE-2007-5000). January 17th, 2008


Notes on using this web page

1. Description

A cross-site scripting vulnerability has been confirmed in the Interstage HTTP Server image map function. This problem falls under CVE-2007-5000.

For details on how to avoid the problem please refer to section 3-3, below.

2. Impact

If this cross-site scripting is used, any script may be executed on the user's Web browser.

3. Affected systems and corresponding action

3-1. Affected systems:

GP7000F, PRIMEPOWER, PRIMERGY, GP5000, CELSIUS, FMV series, AT-compatible machine, PRIMEQUEST, SPARC Enterprise

3-2. Affected products and required patch

Note: The values set in "Workaround" below depend on the product. The symbol in square brackets in 'Products' corresponds to the contents set for iii of "Workaround".

Interstage Application Server
Products Target OS Package name Patch ID.
Interstage Application Server Enterprise Edition V5.0 for Windows [a] Windows F3FMihs Scheduled
Interstage Application Server Standard Edition V5.0 for Windows [a] Windows F3FMihs Scheduled
Interstage Application Server Web-J Edition V5.0 for Windows [a] Windows F3FMihs Scheduled
Interstage Application Server Plus V5.0.1 for Windows [a] Windows F3FMihs Scheduled
Interstage Application Server Plus Developer V5.0.1 for Windows [a] Windows F3FMihs Scheduled
Interstage Application Server Enterprise Edition V6.0 for Windows [a] Windows F3FMihs Scheduled
Interstage Application Server Plus V6.0 for Windows [a] Windows F3FMihs Scheduled
Interstage Application Server Plus Developer V6.0 for Windows [a] Windows F3FMihs Scheduled
Interstage Application Server Enterprise Edition V7.0 for Windows [a] Windows F3FMihs Scheduled
Interstage Application Server Plus V7.0 for Windows [a] Windows F3FMihs Scheduled
Interstage Application Server Plus Developer V7.0 for Windows [a] Windows F3FMihs Scheduled
Interstage Application Server Enterprise Edition V7.0.1 for Windows [a] Windows F3FMihs Scheduled
Interstage Application Server Plus V7.0.1 for Windows [a] Windows F3FMihs Scheduled
Interstage Application Server Enterprise Edition 8.0.0 for Windows [a] Windows F3FMihs Scheduled
Interstage Application Server Standard-J Edition 8.0.0 for Windows [a] Windows F3FMihs Scheduled
Interstage Application Server Enterprise Edition 8.0.1 for Windows [a] Windows F3FMihs Scheduled
Interstage Application Server Standard-J Edition 8.0.1 for Windows [a] Windows F3FMihs Scheduled
Interstage Application Server Enterprise Edition 8.0.2 for Windows [a] Windows F3FMihs Scheduled
Interstage Application Server Standard-J Edition 8.0.2 for Windows [a] Windows F3FMihs Scheduled
Interstage Application Server Enterprise Edition V9.0.0 for Windows [b] Windows F3FMihs Scheduled
Interstage Application Server Standard-J Edition V9.0.0 for Windows [b] Windows F3FMihs Scheduled
Interstage Application Server Enterprise Edition V9.0.0A for Windows [b] Windows F3FMihs Scheduled
Interstage Application Server Standard-J Edition V9.0.0A for Windows [b] Windows F3FMihs Scheduled
Interstage Application Server Enterprise Edition 5.0 [c] Solaris FJSVihs Scheduled
Interstage Application Server Standard Edition 5.0 [c] Solaris FJSVihs Scheduled
Interstage Application Server Web-J Edition 5.0 [c] Solaris FJSVihs Scheduled
Interstage Application Server Enterprise Edition 5.0.1 [c] Solaris FJSVihs Scheduled
Interstage Application Server Enterprise Edition 6.0 [c] Solaris FJSVihs Scheduled
Interstage Application Server Enterprise Edition 7.0 [c] Solaris FJSVihs Scheduled
Interstage Application Server Plus 7.0 [c] Solaris FJSVihs Scheduled
Interstage Application Server Enterprise Edition 7.0.1 [c] Solaris FJSVihs Scheduled
Interstage Application Server Plus 7.0.1 [c] Solaris FJSVihs Scheduled
Interstage Application Server Enterprise Edition 8.0.0 [c] Solaris FJSVihs Scheduled
Interstage Application Server Standard-J Edition 8.0.0 [c] Solaris FJSVihs Scheduled
Interstage Application Server Enterprise Edition 8.0.2 [c] Solaris FJSVihs Scheduled
Interstage Application Server Standard-J Edition 8.0.2 [c] Solaris FJSVihs Scheduled
Interstage Application Server Enterprise Edition V9.0.0 [d] Solaris FJSVihs Scheduled
Interstage Application Server Standard-J Edition V9.0.0 [d] Solaris FJSVihs Scheduled
Interstage Application Server Enterprise Edition V5.0 [c] Turbolinux 7 Server FJSVihs Scheduled
Interstage Application Server Standard Edition V5.0 [c] Turbolinux 7 Server FJSVihs Scheduled
Interstage Application Server Web-J Edition V5.0 [c] Turbolinux 7 Server FJSVihs Scheduled
Interstage Application Server Enterprise Edition V6.0 [c] RHEL-AS3(x86)/ ES3(x86) FJSVihs Scheduled
Interstage Application Server Enterprise Edition V7.0 [c] RHEL-AS3(x86)/ ES3(x86) FJSVihs Scheduled
Interstage Application Server Plus V7.0 [c] RHEL-AS3(x86)/ ES3(x86) FJSVihs Scheduled
Interstage Application Server Enterprise Edition V7.0.1 [c] RHEL-AS3(x86)/ ES3(x86)/ AS4(x86) FJSVihs Scheduled
Interstage Application Server Plus V7.0.1 [c] RHEL-AS3(x86)/ ES3(x86)/ AS4(x86) FJSVihs Scheduled
Interstage Application Server Enterprise Edition 8.0.0 [c] RHEL-AS4(x86)/ AS4(EM64T) FJSVihs Scheduled
Interstage Application Server Standard-J Edition 8.0.0 [c] RHEL-AS4(x86)/ AS4(EM64T) FJSVihs Scheduled
Interstage Application Server Enterprise Edition 8.0.2 [c] RHEL-AS4(x86)/ AS4(EM64T) FJSVihs Scheduled
Interstage Application Server Standard-J Edition 8.0.2 [c] RHEL-AS4(x86)/ AS4(EM64T) FJSVihs Scheduled
Interstage Application Server Enterprise Edition V9.0.0 [d] RHEL-AS4(x86)/ AS4(EM64T) FJSVihs Scheduled
Interstage Application Server Enterprise Edition V9.0.0 [d] RHEL5(x86)/ RHEL5(Intel64) FJSVihs Scheduled
Interstage Application Server Standard-J Edition V9.0.0 [d] RHEL-AS4(x86)/ AS4(EM64T) FJSVihs Scheduled
Interstage Application Server Standard-J Edition V9.0.0 [d] RHEL5(x86)/ RHEL5(Intel64) FJSVihs Scheduled
Interstage Application Server Enterprise Edition V7.0 [c] RHEL-AS4(IPF) FJSVihs Scheduled
Interstage Application Server Enterprise Edition 8.0.0 [c] RHEL-AS4(IPF) FJSVihs Scheduled
Interstage Application Server Enterprise Edition 8.0.1 [c] RHEL-AS4(IPF) FJSVihs Scheduled
Interstage Application Server Enterprise Edition 8.0.2 [c] RHEL-AS4(IPF) FJSVihs Scheduled
Interstage Application Server Enterprise Edition V9.0.0 [d] RHEL-AS4(IPF) FJSVihs Scheduled
Interstage Application Server Enterprise Edition V9.0.0 [d] RHEL5(IPF) FJSVihs Scheduled
Interstage Application Server Standard-J Edition V9.0.0 [d] RHEL-AS4(IPF) FJSVihs Scheduled
Interstage Application Server Standard-J Edition V9.0.0 [d] RHEL5(IPF) FJSVihs Scheduled
Interstage Application Server Enterprise Edition 8.0.0 for Windows [a] Windows(IPF) F3FMihs Scheduled
Interstage Application Server Enterprise Edition V9.0.0 for Windows [b] Windows(IPF) F3FMihs Scheduled
Interstage Apworks
Products Target OS Package name Patch ID.
Interstage Apworks Modelers-J Edition V6.0 for Windows [a] Windows F3FMihs Scheduled
Interstage Apworks Modelers-J Edition V6.0A for Windows [a] Windows F3FMihs Scheduled
Interstage Apworks Modelers-J Edition V7.0 for Windows [a] Windows F3FMihs Scheduled
Interstage Apworks Enterprise Edition 8.0.0 for Windows [a] Windows F3FMihs Scheduled
Interstage Apworks Standard-J Edition 8.0.0 for Windows [a] Windows F3FMihs Scheduled
Interstage Studio
Products Target OS Package name Patch ID.
Interstage Studio Enterprise Edition 8.0.1 for Windows [a] Windows F3FMihs Scheduled
Interstage Studio Standard-J Edition 8.0.1 for Windows [a] Windows F3FMihs Scheduled
Interstage Studio Enterprise Edition V9.0.0 for Windows [b] Windows F3FMihs Scheduled
Interstage Studio Standard-J Edition V9.0.0 for Windows [b] Windows F3FMihs Scheduled
Interstage Business Application Server
Products Target OS Package name Patch ID.
Interstage Business Application Server Enterprise Edition 8.0.0 [c] RHEL-AS4(IPF) FJSVihs Scheduled
Interstage Job Workload Server
Products Target OS Package name Patch ID.
Interstage Job Workload Server 8.1.0 [c] RHEL-AS4(IPF) FJSVihs Scheduled

3-3. Workaround

To avoid the problem, edit the environment definition file (httpd.conf) in one of the following ways. After the file is edited, Interstage HTTP Server must be restarted.

  1. If "imap-file file extension" is set in the AddHandler directive, either delete the AddHandler directive, or add a hash sign (#) at the line head to make it a comment, which will disable the image map function.

    #AddHandler imap-file .map
  2. If i does not work, specify "none" in the ImapMenu directive, which will disable the menu display from the image map function.

    ImapMenu none
  3. If i and ii do not work, set the following expressions for the character encoding of the menu display page. This will reject the specification of inappropriate characters for the map file.
    • Product [a]
      LoadModule rewrite_module modules/mod_rewrite.so

      AddModule mod_rewrite.c
      AddModule mod_imap.c

      AddHandler imap-file .map
      <FilesMatch .*\.map$>
        AddDefaultCharset Shift_JIS
        RewriteEngine On
        RewriteCond %{REQUEST_URI} .*\.map/.*
        RewriteRule .* - [F]
      </FilesMatch>
    • Product [b]
      LoadModule imap_module "C:/Interstage/F3FMihs/modules/mod_imap.so"
      LoadModule rewrite_module "C:/Interstage/F3FMihs/modules/mod_rewrite.so"

      AddHandler imap-file .map
      <FilesMatch .*\.map$>
        AddDefaultCharset Shift_JIS
        RewriteEngine On
        RewriteCond %{REQUEST_URI} .*\.map/.*
        RewriteRule .* - [F]
      </FilesMatch>
    • Product [c]
      LoadModule rewrite_module    libexec/mod_rewrite.so
      LoadModule imap_module       libexec/mod_imap.so

      AddModule mod_rewrite.c
      AddModule mod_imap.c

      AddHandler imap-file .map
      <FilesMatch .*\.map$>
        AddDefaultCharset Shift_JIS
        RewriteEngine On
        RewriteCond %{REQUEST_URI} .*\.map/.*
        RewriteRule .* - [F]
      </FilesMatch>
    • Product [d]
      LoadModule imap_module "/opt/FJSVihs/modules/mod_imap.so"
      LoadModule rewrite_module "/opt/FJSVihs/modules/mod_rewrite.so"

      AddHandler imap-file .map
      <FilesMatch .*\.map$>
        AddDefaultCharset Shift_JIS
        RewriteEngine On
        RewriteCond %{REQUEST_URI} .*\.map/.*
        RewriteRule .* - [F]
      </FilesMatch>

Note:

  • Modify the mod_imap.so and mod_rewrite.so paths according to the installation path.
  • Specify the <FilesMatch> directive and RewriteCond directive regular expressions according to the file extension set that is actually used in the map file.
  • In the AddDefaultCharset directive, specify the char set that is actually used in the map file.

4. Related information

CVE-2007-5000
Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in the Apache HTTP Server 1.3.0 through 1.3.39 and 2.0.35 through 2.0.61 and the (2) mod_imagemap module in the Apache HTTP Server 2.2.0 through 2.2.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000

5. Revision history

  • January 17th, 2008 : Initial release
Original Advisory:
http://www.fujitsu.com/global/support/software/security/products-f/interstage-200801e.html



Share this content:
        
Advertisements
Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.