|
[Japanese]
|
JVNDB-2008-001513
|
Cross-Site Scripting Vulnerability in Hitachi Web Server Status Information Display Function
|
|
A cross-site scripting vulnerability has been found with the Status Information Display function of Hitachi Web Server.
|
|
CVSS V2 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Medium
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: Partial
- Availability Impact: None
|
|
|
Hitachi, Ltd
- Cosminexus Application Server Enterprise Version 6
- Cosminexus Application Server Standard Version 6
- Cosminexus Application Server Version 5
- Cosminexus Developer Light Version 6
- Cosminexus Developer Professional Version 6
- Cosminexus Developer Standard Version 6
- Cosminexus Developer Version 5
- Cosminexus Server - Enterprise Edition
- Cosminexus Server - Standard Edition
- Cosminexus Server - Standard Edition Version 4
- Cosminexus Server - Web Edition
- Cosminexus Server - Web Edition Version 4
- Hitachi Web Server
- uCosminexus Application Server Enterprise
- uCosminexus Application Server Standard
- uCosminexus Developer Professional
- uCosminexus Developer Light
- uCosminexus Developer Standard
- uCosminexus Service Architect
- uCosminexus Service Platform
|
Please refer to HS08-016 provided by Hitachi for more details.
|
|
An attacker could execute a cross-site scripting attack by sending a request that contains malicious scripts.
The vulnerability does not affect the products if the Status Information Display function is being disabled.
|
|
Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action.
|
|
Hitachi, Ltd
- Hitachi Software Vulnerability Information : HS08-016
|
|
- Cross-site Scripting(CWE-79) [IPA Evaluation]
|
|
- CVE-2007-6388
|
|
- National Vulnerability Database (NVD) : CVE-2007-6388
- JVN iPedia (Japanese) : JVNDB-2008-001513
|
|
- [2008/07/30]
Web page published
[2014/05/21]
Affected Products : Product was added
References : Contents were added
|
