[Japanese]

JVNDB-2011-001632

Arbitrary Data Insertion Vulnerability in Hitachi Web Server SSL/TLS Protocol

Overview

When using SSL on the Hitachi Web Server, it could allow an attacker to insert arbitrary data on the top of communication data.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 4.3 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


Hewlett-Packard Development Company,L.P
  • HP Virtual Connect 8Gb 24-Port FC Module prior to version 3.00 (VC 4.40)
Hewlett Packard Enterprise Co.
  • HPE Matrix Operating Environment
  • HPE Systems Insight Manager
Hitachi, Ltd
  • Hitachi Web Server
  • Hitachi Web Server - Security Enhancement

Please refer to the 'Vendor Information' section for more details.
Impact

A remote attacker could insert arbitrary data on the top of communication data.
Solution

Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action.
Vendor Information

Hewlett-Packard Development Company,L.P Hewlett Packard Enterprise Co. Hitachi, Ltd
  • Hitachi Software Vulnerability Information : HS11-006
CWE (What is CWE?)

  1. No Mapping(CWE-noinfo) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2009-3555
References

  1. JVN iPedia : JVNDB-2009-002319 (in Japanese)
  2. National Vulnerability Database (NVD) : CVE-2009-3555
Revision History

  • [2011/06/29]
      Web page published
    [2014/05/21]
      CVE : CVE-ID was added
      References : Content was added
    [2015/06/26]
      Affected Products : Product was added
      Vendor Information : Content was added
      References : Content was added
    [2016/09/08]
      Affected Products : Product was added
      Vendor Information : Content was added