JVNDB-2009-001741

Hitachi Web Server Vulnerability in SSL Client Authentication

Hitachi Web Server contains a vulnerability in handling SSL client
certificates, which could allow an attacker to manipulate environment
variables and/or spoof the client to access Web servers.

Hitachi, Ltd

• Cosminexus Application Server Enterprise Version 6
• Cosminexus Application Server Standard Version 6
• Cosminexus Application Server Version 5
• Cosminexus Developer Light Version 6
• Cosminexus Developer Professional Version 6
• Cosminexus Developer Standard Version 6
• Cosminexus Developer Version 5
• Cosminexus Server - Standard Edition Version 4
• Cosminexus Server - Web Edition Version 4
• Hitachi Web Server
• Hitachi Web Server - Security Enhancement
• uCosminexus Application Server Enterprise
• uCosminexus Application Server Standard
• uCosminexus Developer Professional
• uCosminexus Developer Light
• uCosminexus Developer Standard
• uCosminexus Service Architect
• uCosminexus Service Platform

Please refer to HS09-010 provided by Hitachi for more details.

An attacker could manipulate environment variables and/or spoof the
client to access Web servers by sending a fraudulent client certificate.

Please refer to the 'Vendor Information' section for the official
countermeasure and take appropriate action.

Hitachi, Ltd

• Hitachi Software Vulnerability Information : HS09-010

1. No Mapping(CWE-noinfo) [IPA Evaluation]

1. CVE-2008-0555

1. National Vulnerability Database (NVD) : CVE-2008-0555

• [2009/07/14]
    Web page published
  [2011/06/10]
    Affected Products : Modified Hitachi, Ltd (HS09-010).
  [2014/05/21]
    References : Contents were added