JVNDB-2007-000773

Hitachi Web Server Cross-Site Scripting Vulnerability with Server-Status Page

When Hitachi Web Server receives a request that contains malicious scripts, they are inserted into the server-satus page the Server automatically creates. This allows the inserted malicious scripts to be executed on the client machines.

The vulnerability does not affect the product if the server-status reporting feature is disabled.

Hitachi, Ltd

• Cosminexus Application Server Enterprise Version 6
• Cosminexus Application Server Standard Version 6
• Cosminexus Application Server Version 5
• Cosminexus Developer Light Version 6
• Cosminexus Developer Professional Version 6
• Cosminexus Developer Standard Version 6
• Cosminexus Developer Version 5
• Cosminexus Server - Enterprise Edition
• Cosminexus Server - Standard Edition
• Cosminexus Server - Standard Edition Version 4
• Cosminexus Server - Web Edition
• Cosminexus Server - Web Edition Version 4
• Hitachi Web Server
• uCosminexus Application Server Enterprise
• uCosminexus Application Server Standard
• uCosminexus Developer Professional
• uCosminexus Developer Light
• uCosminexus Developer Standard
• uCosminexus Service Architect
• uCosminexus Service Platform

Please refer to HS07-035 provided by Hitachi for more details.

An attacker could execute malicious scripts.

Please refer to the 'Vendor Information' section for official remediation and take appropriate action.

Hitachi, Ltd

• Hitachi Software Vulnerability Information : HS07-035

1. Cross-site Scripting(CWE-79) [NVD Evaluation]

1. CVE-2007-5809
2. CVE-2006-5752

1. National Vulnerability Database (NVD) : CVE-2007-5809
2. National Vulnerability Database (NVD) : CVE-2006-5752
3. Secunia Advisory : SA27421
4. FrSIRT Advisories : FrSIRT/ADV-2007-3666

• [2008/05/21]
    Web page published
  [2014/05/21]
    References : Contents were added