[Japanese]
|
JVNDB-2006-000992
|
Multiple Vulnerabilities Concerning Hitachi Web Server
|
Hitachi Web Server has vulnerabilities listed below:
1. A vulnerability that allows to roll back the Open SSL version when using the SSL.
2. Cross-site scripting vulnerability in contents created automatically by the Hitachi Web Server.
3. Cross-site scripting vulnerability due to inadequate processing of the Expect header.
|
CVSS V2 Severity: Base Metrics 5.0 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: None
- Integrity Impact: Partial
- Availability Impact: None
|
|
Hitachi, Ltd
- Cosminexus Application Server Enterprise Version 6
- Cosminexus Application Server Standard Version 6
- Cosminexus Application Server Version 5
- Cosminexus Developer Light Version 6
- Cosminexus Developer Professional Version 6
- Cosminexus Developer Standard Version 6
- Cosminexus Developer Version 5
- Cosminexus Server - Enterprise Edition
- Cosminexus Server - Standard Edition
- Cosminexus Server - Standard Edition Version 4
- Cosminexus Server - Web Edition
- Cosminexus Server - Web Edition Version 4
- Hitachi Web Server
- Hitachi Web Server - Custom Edition
- Hitachi Web Server - Security Enhancement
- Hitachi Web Server for VOS3
- uCosminexus Application Server Enterprise
- uCosminexus Application Server Smart Edition
- uCosminexus Application Server Standard
- uCosminexus Developer Professional
- uCosminexus Developer Light
- uCosminexus Developer Standard
- uCosminexus Service Architect
- uCosminexus Service Platform
|
Please refer to HS06-022 provided by Hitachi for more details.
|
1. When using the SSL, there is the possibility an attacker could deceptively alter the protocol, forcing the use of SSL version 2.
2. and 3. An attacker could insert malicious script.
|
Please refer to the 'Vendor Information' section for official countermeasure and take appropriate action.
|
Hitachi, Ltd
- Hitachi Software Vulnerability Information : HS06-022
|
- Cross-site Scripting(CWE-79) [IPA Evaluation]
- No Mapping(CWE-noinfo) [IPA Evaluation]
|
- CVE-2005-2969
- CVE-2005-3352
- CVE-2006-3918
- CVE-2007-0514
|
- National Vulnerability Database (NVD) : CVE-2005-2969
- National Vulnerability Database (NVD) : CVE-2005-3352
- National Vulnerability Database (NVD) : CVE-2006-3918
- National Vulnerability Database (NVD) : CVE-2007-0514
- JVN iPedia (Japanese) : JVNDB-2006-000992
|
- [2009/02/04]
Web page published
[2014/05/22]
References : Contents were added
|