[Japanese]
|
JVNDB-2009-001741
|
Hitachi Web Server Vulnerability in SSL Client Authentication
|
Hitachi Web Server contains a vulnerability in handling SSL client
certificates, which could allow an attacker to manipulate environment
variables and/or spoof the client to access Web servers.
|
CVSS V2 Severity: Base Metrics 4.0 (Medium) [IPA Score]
- Access Vector: Network
- Access Complexity: High
- Authentication: None
- Confidentiality Impact: Partial
- Integrity Impact: Partial
- Availability Impact: None
|
|
Hitachi, Ltd
- Cosminexus Application Server Enterprise Version 6
- Cosminexus Application Server Standard Version 6
- Cosminexus Application Server Version 5
- Cosminexus Developer Light Version 6
- Cosminexus Developer Professional Version 6
- Cosminexus Developer Standard Version 6
- Cosminexus Developer Version 5
- Cosminexus Server - Standard Edition Version 4
- Cosminexus Server - Web Edition Version 4
- Hitachi Web Server
- Hitachi Web Server - Security Enhancement
- uCosminexus Application Server Enterprise
- uCosminexus Application Server Standard
- uCosminexus Developer Professional
- uCosminexus Developer Light
- uCosminexus Developer Standard
- uCosminexus Service Architect
- uCosminexus Service Platform
|
Please refer to HS09-010 provided by Hitachi for more details.
|
An attacker could manipulate environment variables and/or spoof the
client to access Web servers by sending a fraudulent client certificate.
|
Please refer to the 'Vendor Information' section for the official
countermeasure and take appropriate action.
|
Hitachi, Ltd
- Hitachi Software Vulnerability Information : HS09-010
|
- No Mapping(CWE-noinfo) [IPA Evaluation]
|
- CVE-2008-0555
|
- National Vulnerability Database (NVD) : CVE-2008-0555
|
- [2009/07/14]
Web page published
[2011/06/10]
Affected Products : Modified Hitachi, Ltd (HS09-010).
[2014/05/21]
References : Contents were added
|