[Japanese]

JVNDB-2007-000712

Cosminexus Agent Process Crash Vulnerability

Overview

Cosminexus Agent process may crash when Cosminexus Agent receives specially crafted data from a process other than Cosminexus Manager. The crash doesn't affect the running applications launched by Cosminexux Agent.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 5.0 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: Partial
Affected Products


Hitachi, Ltd
  • Cosminexus Agent
  • Cosminexus Library Web Edition
  • Cosminexus Library Standard Edition

Impact

An attacker could crash Cosminexus Agent process.
Solution

Please refer to the 'Vendor Information' section for official remediation and take appropriate action.
Vendor Information

Hitachi, Ltd
  • Hitachi Software Vulnerability Information : HS07-033
CWE (What is CWE?)

  1. No Mapping(CWE-DesignError) [NVD Evaluation]
  2. Improper Input Validation(CWE-20) [NVD Evaluation]
CVE (What is CVE?)

  1. CVE-2007-5282
References

  1. National Vulnerability Database (NVD) : CVE-2007-5282
  2. Secunia Advisory : SA27074
  3. SecurityFocus : 25937
  4. ISS X-Force Database : 36966
  5. FrSIRT Advisories : FrSIRT/ADV-2007-3377
Revision History

  • [2008/05/21]
      Web page published

Date Public2007/09/07
Date First Published2008/05/21
Date Last Updated2008/05/21