[Japanese]

JVNDB-2016-008607

Vulnerability in Cosminexus HTTP Server and Hitachi Web Server

Overview

A vulnerability (CVE-2016-8743) exists in Cosminexus HTTP Server and Hitachi Web Server.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 4.0 (Medium) [Vendor Score]
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Changed
  • Confidentiality Impact: None
  • Integrity Impact: Low
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics 4.3 (Medium) [Vendor Score]
  • Access Vector: Network
  • Access Complexity: Medium
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: Partial
  • Availability Impact: None
Affected Products


Apache Software Foundation
  • Apache HTTP Server prior to 2.2.32
  • Apache HTTP Server prior to 2.4.25
Hitachi, Ltd
  • Cosminexus HTTP Server
  • Hitachi Application Server
  • Hitachi Application Server for Developers
  • Hitachi IT Operations Director
  • Hitachi Web Server
  • Hitachi Web Server - Custom Edition
  • Hitachi Web Server - Security Enhancement
  • Job Management Partner 1/Integrated Management - Service Support
  • Job Management Partner 1/Integrated Management - Service Support Advanced Edition
  • Job Management Partner 1/IT Desktop Management 2 - Manager
  • Job Management Partner 1/IT Desktop Management 2 - Smart Device Manager
  • Job Management Partner 1/IT Desktop Management - Manager
  • Job Management Partner 1/Performance Management - Web Console
  • JP1/Automatic Job Management System 3 - Manager [Web Console]
  • JP1/Automatic Operation
  • JP1/Integrated Management - Service Support
  • JP1/Integrated Management - Service Support Advanced Edition
  • JP1/Integrated Management - Service Support Starter Edition
  • JP1/IT Desktop Management 2 - Manager
  • JP1/IT Desktop Management 2 - Operations Director
  • JP1/IT Desktop Management 2 - Smart Device Manager
  • JP1/IT Desktop Management - Manager
  • JP1/Operations Analytics
  • JP1/Performance Management - Manager
  • JP1/Performance Management - Manager [Web Console]
  • JP1/Performance Management - Web Console
  • JP1/Service Support
  • JP1/Service Support Starter Edition
  • uCosminexus Application Server
  • uCosminexus Application Server (64)
  • uCosminexus Application Server Express
  • uCosminexus Application Server -R
  • uCosminexus Application Server Standard-R
  • uCosminexus Application Server Enterprise
  • uCosminexus Application Server Smart Edition
  • uCosminexus Application Server Standard
  • uCosminexus Developer
  • uCosminexus Developer 01
  • uCosminexus Developer Professional
  • uCosminexus Developer Professional for Plug-in
  • uCosminexus Developer Light
  • uCosminexus Developer Standard
  • uCosminexus Primary Server Base
  • uCosminexus Primary Server Base(64)
  • uCosminexus Service Architect
  • uCosminexus Service Platform
  • uCosminexus Service Platform - Messaging
  • uCosminexus Service Platform (64)

Please refer to the vendor information for more details.
Impact

An attacker may have unspecified impact.
Solution

Please refer to the 'Vendor Information' section for the official countermeasure and take appropriate action.
Vendor Information

Apache Software Foundation Hewlett Packard Enterprise Co. Hitachi, Ltd
CWE (What is CWE?)

  1. Data Handling(CWE-19) [NVD Evaluation]
CVE (What is CVE?)

  1. CVE-2016-8743
References

  1. National Vulnerability Database (NVD) : CVE-2016-8743
Revision History

  • [2017/06/30]
      Web page was published
    [2017/09/01]
      CVSS Severity was modified
      Affected Products : Product was added 
      Vendor Information : Contents were added
      References : Content was added
      CWE : CWE-ID was added
    [2018/02/01]
      Affected Products : Producs were added
      Vendor Information : Content was added