[Japanese]

JVNDB-2009-000015

Cross-site scripting vulnerability in Access Analyzer CGI Standard Version (Ver. 3.x)

Overview

Access Analyzer CGI Standard Version (Ver. 3.x) from futomi's CGI Cafe contains a cross-site scripting vulnerability.

Access Analyzer CGI Standard Version provided by futomi's CGI Cafe is a software to analyze web access logs. Access Analyzer CGI Standard Version (Ver. 3.x) contains a cross-site scripting vulnerability.

This vulnerability was fixed in version 4.0.0 released on November 23, 2007. The most recent version (4.0.2) was released on December 12, 2008.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


futomi Co.,Ltd.
  • Access Analyzer CGI Standard Version Ver 3.8.1 and earlier

Impact

An arbitrary script may be executed on the user's web browser.
Solution

[Update the software]
Update to Ver. 4.x according to the information provided by the vendor.
Vendor Information

futomi Co.,Ltd.
CWE (What is CWE?)

  1. Cross-site Scripting(CWE-79) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2009-0971
References

  1. JVN : JVN#23558374
  2. National Vulnerability Database (NVD) : CVE-2009-0971
  3. JVN iPedia (Japanese) : JVNDB-2009-000015
Revision History

  • [2009/03/16]
      Web page published

Date Public2009/03/16
Date First Published2009/03/16
Date Last Updated2009/03/16