[Japanese]
|
JVNDB-2007-000772
|
Hitachi Web Server SSL Client Authentication Vulnerability
|
Hitachi Web Server accepts an SSL certificate sent by a clinet trying to connect to the Server even if the certificate is fraudulent.
The vulnerability does not affect the product if the SSL authenticaton client feature is disabled.
|
CVSS V2 Severity: Base Metrics 5.0 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: Low
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: None
- Availability Impact: None
|
|
Hitachi, Ltd
- Cosminexus Application Server Enterprise Version 6
- Cosminexus Application Server Standard Version 6
- Cosminexus Application Server Version 5
- Cosminexus Developer Light Version 6
- Cosminexus Developer Professional Version 6
- Cosminexus Developer Standard Version 6
- Cosminexus Developer Version 5
- Cosminexus Server - Enterprise Edition
- Cosminexus Server - Standard Edition
- Cosminexus Server - Standard Edition Version 4
- Cosminexus Server - Web Edition
- Cosminexus Server - Web Edition Version 4
- Hitachi Web Server
- uCosminexus Application Server Enterprise
- uCosminexus Application Server Standard
- uCosminexus Developer Professional
- uCosminexus Developer Light
- uCosminexus Developer Standard
- uCosminexus Service Architect
- uCosminexus Service Platform
|
Please refer to HS07-034 provided by Hitachi for more details.
|
An attacker could gain access with a fraudulent certificate.
|
Please refer to the 'Vendor Information' section for official remediation and take appropriate action.
|
Hitachi, Ltd
- Hitachi Software Vulnerability Information : HS07-034
|
- Improper Input Validation(CWE-20) [NVD Evaluation]
|
- CVE-2007-5810
- CVE-2006-4339
|
- National Vulnerability Database (NVD) : CVE-2007-5810
- National Vulnerability Database (NVD) : CVE-2006-4339
- Secunia Advisory : SA27421
- ISS X-Force Database : 28755
- FrSIRT Advisories : FrSIRT/ADV-2007-3666
|
- [2008/05/21]
Web page published
[2014/05/23]
References : Contents were added
|