[Japanese]

JVNDB-2007-000814

Multiple Cybozu products vulnerable to HTTP header injection

Overview

Multiple Cybozu products are vulnerable to HTTP header injection.

Multiple Cybozu products are vulnerable to HTTP header injection because they do not properly process HTTP headers.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


Cybozu, Inc.
  • Cybozu Office 6.6 (1.3) and earlier
  • Cybozu Garoon 1.5 (4.1)
  • Cybozu Garoon Workflow 1.0 (1.1) and earlier
  • Cybozu Garoon File Management Server 1.0 (0.7) and earlier
  • Cybozu Garoon Bulletin Board Server 1.0 (0.7) and earlier
  • Cybozu Garoon Facility Reservation Server 1.0 (0.7) and earlier

Impact

A remote attacker can conduct cache poisoning, send an arbitrary cookie, or execute an arbitrary script on the user's web browser.
Solution

[Update the Software]
For more information, refer to the vendor's website.
Vendor Information

Cybozu, Inc.
CWE (What is CWE?)

CVE (What is CVE?)

References

  1. JVN : JVN#77730435
Revision History

  • [2008/05/21]
      Web page published

Date Public2007/12/11
Date First Published2008/05/21
Date Last Updated2008/05/21