[Japanese]

JVNDB-2011-001633

Header Customization by Hitachi Web Server RequetHeader Directive Could Allow Attacker to Access Data Deleted from Memory

Overview

When using the header customization function through the RequestHeader directive of Hitachi Web Server, if the RequestHeader directive is defined and the mod_headers module is being used through the LoadModule directive, it could allow an attacker to gain access to the data that have been deleted from the memory.
If the header customization function of the RequestHeader directive is not used, the vulnerability does not apply.
CVSS Severity (What is CVSS?)

CVSS V2 Severity:
Base Metrics 5.1 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
Affected Products


Hitachi, Ltd
  • Hitachi Web Server

Please refer to HS11-007 provided by Hitachi for more details.
Impact

An attacker may gain access to the data that have been deleted from the memory.
Solution

Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action.
Vendor Information

Hitachi, Ltd
  • Hitachi Software Vulnerability Information : HS11-007
CWE (What is CWE?)

  1. No Mapping(CWE-noinfo) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2010-0434
References

  1. National Vulnerability Database (NVD) : CVE-2010-0434
Revision History

  • [2011/06/29]
      Web page published
    [2014/05/21]
      CVE : CVE-ID was added
      References : Content was added