[Japanese]

JVNDB-2007-000814

Multiple Cybozu products vulnerable to HTTP header injection

Overview

Multiple Cybozu products are vulnerable to HTTP header injection.

Multiple Cybozu products are vulnerable to HTTP header injection because they do not properly process HTTP headers.
CVSS Severity (What is CVSS?)

Base Metrics: 4.3 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None

Affected Products


Cybozu, Inc.
  • Cybozu Office 6.6 (1.3) and earlier
  • Cybozu Gallon 1.5 (4.1)
  • Cybozu Gallon Workflow 1.0 (1.1) and earlier
  • Cybozu Gallon File Management Server 1.0 (0.7) and earlier
  • Cybozu Gallon Bulletin Board Server 1.0 (0.7) and earlier
  • Cybozu Gallon Facility Reservation Server 1.0 (0.7) and earlier

Impact

A remote attacker can conduct cache poisoning, send an arbitrary cookie, or execute an arbitrary script on the user's web browser.
Solution

[Update the Software]
For more information, refer to the vendor's website.
Vendor Information

Cybozu, Inc.
CWE (What is CWE?)

CVE (What is CVE?)

References

  1. JVN : JVN#77730435
Revision History

[2008/05/21]
  Web page published

Date Public2007/12/11
Date First Published2008/05/21
Date Last Updated2008/05/21