[Japanese]

JVNDB-2009-001545

Cosminexus Processing Kit for XML and Hitachi Developer's Kit for Java Possible Unauthorized Access through Zip File Scanning Utility

Overview

Cosminexus Processing Kit for XML and Hitachi Developer's Kit for Java
have a vulnerability that allows unauthorized access through a zip file
scanning API.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 10.0 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Complete
  • Integrity Impact: Complete
  • Availability Impact: Complete
Affected Products


Hitachi, Ltd
  • Cosminexus Application Server Enterprise Version 6
  • Cosminexus Application Server Standard Version 6
  • Cosminexus Application Server Version 5
  • Hitachi Developer's Kit for Java
  • Processing Kit for XML
  • uCosminexus Application Server Enterprise
  • uCosminexus Application Server Standard
  • Electronic Form Workflow Standard Set
  • Electronic Form Workflow Professional Library Set

Impact

Unauthorized access may be done when loading and scanning an external
zip file.
Solution

Please refer to the 'Vendor Information' section for the official
countermeasure and take appropriate action.
Vendor Information

Hitachi, Ltd
  • Hitachi Software Vulnerability Information : HS09-008
CWE (What is CWE?)

  1. No Mapping(CWE-noinfo) [IPA Evaluation]
CVE (What is CVE?)

References

Revision History

  • [2009/07/07]
      Web page published

Date Public2009/05/22
Date First Published2009/07/07
Date Last Updated2009/07/07