Header Customization by Hitachi Web Server RequetHeader Directive Could Allow Attacker to Access Data Deleted from Memory


When using the header customization function through the RequestHeader directive of Hitachi Web Server, if the RequestHeader directive is defined and the mod_headers module is being used through the LoadModule directive, it could allow an attacker to gain access to the data that have been deleted from the memory.
If the header customization function of the RequestHeader directive is not used, the vulnerability does not apply.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 5.1 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
Affected Products

Hitachi, Ltd
  • Hitachi Web Server

Please refer to HS11-007 provided by Hitachi for more details.

An attacker may gain access to the data that have been deleted from the memory.

Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action.
Vendor Information

Hitachi, Ltd
  • Hitachi Software Vulnerability Information : HS11-007
CWE (What is CWE?)

  1. No Mapping(CWE-noinfo) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2010-0434

  1. National Vulnerability Database (NVD) : CVE-2010-0434
Revision History

  • [2011/06/29]
      Web page published
      CVE : CVE-ID was added
      References : Content was added