[Japanese]

JVNDB-2009-001544

Cosminexus Processing Kit for XML and Hitachi Developer's Kit for Java Possible Unauthorized Access through Vulnerability in Encoding Process

Overview

Cosminexus Processing Kit for XML and Hitachi Developer's Kit for Java have a vulnerability where UTF-8 output is not properly judged due to deficiency in encoding processing, which may lead to unauthorized access.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 10.0 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Complete
  • Integrity Impact: Complete
  • Availability Impact: Complete
Affected Products


Hitachi, Ltd
  • Cosminexus Application Server Version 5
  • Cosminexus Application Server Standard Version 6
  • Cosminexus Application Server Enterprise Version 6
  • Cosminexus Client Version 6
  • Cosminexus Developer Version 5
  • Cosminexus Developer Standard Version 6
  • Cosminexus Developer Professional Version 6
  • Cosminexus Developer Light Version 6
  • Cosminexus Server - Web Edition Version 4
  • Cosminexus Server - Standard Edition Version 4
  • Cosminexus Studio Version 5
  • Cosminexus Studio - Web Edition Version 4
  • Cosminexus Studio - Standard Edition Version 4
  • Cosminexus/OpenTP1 Web Front-end Set
  • Groupmax Collaboration - Server
  • Hitachi Developer's Kit for Java
  • Processing Kit for XML
  • uCosminexus Application Server Enterprise
  • uCosminexus Application Server Standard
  • uCosminexus Client
  • uCosminexus Collaboration - Server
  • uCosminexus Developer Standard
  • uCosminexus Developer Professional
  • uCosminexus Developer Light
  • uCosminexus Operator
  • uCosminexus Service Platform
  • uCosminexus Service Architect
  • uCosminexus/OpenTP1 Web Front-end Set
  • Electronic Form Workflow Set
  • Electronic Form Workflow Professional Set
  • Electronic Form Workflow Professional Library Set
  • Electronic Form Workflow Developer Set
  • Electronic Form Workflow Developer Client Set
  • Electronic Form Workflow Standard Set

Impact

Unauthorized access may be done exploiting a deficiency in encoding
processing.
Solution

Please refer to the 'Vendor Information' section for the official
countermeasure and take appropriate action.
Vendor Information

Hitachi, Ltd
  • Hitachi Software Vulnerability Information : HS09-007
CWE (What is CWE?)

  1. No Mapping(CWE-noinfo) [IPA Evaluation]
CVE (What is CVE?)

References

Revision History

  • [2009/07/07]
      Web page published