[Japanese]

JVNDB-2009-002475

Buffer Overflow Vulnerability in Cosminexus, Processing Kit for XML and Hitachi Developer's Kit for Java

Overview

Cosminexus, Processing Kit for XML and Hitachi Developer's Kit for Java have a buffer overflow vulnerability when processing image files in Java applications.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 7.5 (High) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Low
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
Affected Products


Hitachi, Ltd
  • Cosminexus Application Server Version 5
  • Cosminexus Application Server Standard Version 6
  • Cosminexus Application Server Enterprise Version 6
  • Cosminexus Client Version 6
  • Cosminexus Developer Version 5
  • Cosminexus Developer Standard Version 6
  • Cosminexus Developer Professional Version 6
  • Cosminexus Developer Light Version 6
  • Cosminexus Server - Web Edition Version 4
  • Cosminexus Server - Standard Edition Version 4
  • Cosminexus Studio Version 5
  • Cosminexus Studio - Web Edition Version 4
  • Cosminexus Studio - Standard Edition Version 4
  • Cosminexus/OpenTP1 Web Front-end Set
  • Groupmax Collaboration - Server
  • Hitachi Developer's Kit for Java
  • Processing Kit for XML
  • uCosminexus Application Server Enterprise
  • uCosminexus Application Server Standard
  • uCosminexus Client
  • uCosminexus Collaboration - Server
  • uCosminexus Developer Standard
  • uCosminexus Developer Professional
  • uCosminexus Developer Light
  • uCosminexus Navigation Developer
  • uCosminexus Navigation Platform
  • uCosminexus Navigation Platform - Authoring License
  • uCosminexus Navigation Platform - User License
  • uCosminexus Operator
  • uCosminexus Service Platform
  • uCosminexus Service Architect
  • uCosminexus/OpenTP1 Web Front-end Set
  • Electronic Form Workflow Set
  • Electronic Form Workflow Professional Set
  • Electronic Form Workflow Professional Library Set
  • Electronic Form Workflow Developer Set
  • Electronic Form Workflow Developer Client Set
  • Electronic Form Workflow Standard Set

Impact

An attacker can execute arbitrary code on the target system.
Solution

Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action.
Vendor Information

Hitachi, Ltd
  • Hitachi Software Vulnerability Information : HS09-019
CWE (What is CWE?)

  1. Buffer Errors(CWE-119) [IPA Evaluation]
CVE (What is CVE?)

References

Revision History

  • [2010/02/09]
      Web page published

Date Public2009/12/22
Date First Published2010/02/09
Date Last Updated2010/02/09