[Japanese]

JVNDB-2007-000701

Cosminexus, Processing Kit for XML and Hitachi Developer's Kit for Java Buffer Overflow Vulnerabilities

Overview

Cosminexus, Processing Kit for XML and Hitachi Developer's Kit for Java may suffer from buffer overflow when a Java application handles GIF images with the image-processing APIs.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 7.5 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
Affected Products


Hitachi, Ltd
  • Cosminexus Application Server Enterprise Version 6
  • Cosminexus Application Server Standard Version 6
  • Cosminexus Application Server Version 5
  • Cosminexus Client Version 6
  • Cosminexus Collaboration Server
  • Cosminexus Developer Standard Version 6
  • Cosminexus Developer Professional Version 6
  • Cosminexus Developer Light Version 6
  • Cosminexus Developer Version 5
  • Cosminexus Developer's Kit for Java(TM)
  • Cosminexus ERP Integrator
  • Cosminexus Server Web Edition Version 4
  • Cosminexus Server Standard Edition Version 4
  • Cosminexus Studio Version 5
  • Cosminexus Studio Web Edition Version 4
  • Cosminexus Studio Standard Edition Version 4
  • Cosminexus/OpenTP1 Web Front-end Set
  • Groupmax Collaboration Server
  • Hitachi Developer's Kit for Java
  • Processing Kit for XML
  • uCosminexus Application Server Enterprise
  • uCosminexus Application Server Standard
  • uCosminexus Client
  • uCosminexus Collaboration Server
  • uCosminexus Developer Standard
  • uCosminexus Developer Professional
  • uCosminexus Developer Light
  • uCosminexus ERP Integrator
  • uCosminexus Operator
  • uCosminexus Service Platform
  • uCosminexus Service Architect
  • uCosminexus/OpenTP1 Web Front-end Set
  • Electronic Form Workflow Standard Set
  • Electronic Form Workflow Professional Library Set
  • Electronic Form Workflow Developer Client Set

Impact

An attacker could execute arbitrary code.
Solution

Please refer to the 'Vendor Information' section for official remediation and take appropriate action.
Vendor Information

Hitachi, Ltd
  • Hitachi Software Vulnerability Information : HS07-018
CWE (What is CWE?)

CVE (What is CVE?)

  1. CVE-2007-3794
References

  1. JVN : JVNTA07-022A
  2. JVN Status Tracking Notes : TRTA07-022A
  3. National Vulnerability Database (NVD) : CVE-2007-3794
  4. US-CERT Cyber Security Alerts : SA07-022A
  5. US-CERT Technical Cyber Security Alert : TA07-022A
  6. Secunia Advisory : SA26025
  7. SecurityFocus : 24905
  8. ISS X-Force Database : 36022
  9. FrSIRT Advisories : FrSIRT/ADV-2007-2534
Revision History

  • [2008/05/21]
      Web page published