Search a vulnerability

jvndb-2009-001741

Vulnerability from jvndb

Published

2009-07-14 10:17

Modified

2014-05-21 18:16

Severity ?

() - -

Summary

Hitachi Web Server Vulnerability in SSL Client Authentication

Details

Hitachi Web Server contains a vulnerability in handling SSL client certificates, which could allow an attacker to manipulate environment variables and/or spoof the client to access Web servers.

References

▼	Type	URL
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0555
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0555
	No Mapping(CWE-noinfo)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	Hitachi, Ltd	Cosminexus Application Server Enterprise
	Hitachi, Ltd	Cosminexus Application Server Standard
	Hitachi, Ltd	Cosminexus Application Server Version 5
	Hitachi, Ltd	Cosminexus Developer Light Version 6
	Hitachi, Ltd	Cosminexus Developer Professional Version 6
	Hitachi, Ltd	Cosminexus Developer Standard Version 6
	Hitachi, Ltd	Cosminexus Developer Version 5
	Hitachi, Ltd	Cosminexus Server - Standard Edition Version 4
	Hitachi, Ltd	Cosminexus Server - Web Edition Version 4
	Hitachi, Ltd	Hitachi Web Server
	Hitachi, Ltd	uCosminexus Application Server Enterprise
	Hitachi, Ltd	uCosminexus Application Server Standard
	Hitachi, Ltd	uCosminexus Developer
	Hitachi, Ltd	uCosminexus Developer Light
	Hitachi, Ltd	uCosminexus Developer Standard
	Hitachi, Ltd	uCosminexus Service Architect
	Hitachi, Ltd	uCosminexus Service Platform

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-001741.html",
  "dc:date": "2014-05-21T18:16+09:00",
  "dcterms:issued": "2009-07-14T10:17+09:00",
  "dcterms:modified": "2014-05-21T18:16+09:00",
  "description": "Hitachi Web Server contains a vulnerability in handling SSL client\r\ncertificates, which could allow an attacker to manipulate environment\r\nvariables and/or spoof the client to access Web servers.",
  "link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-001741.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:hitachi:cosminexus_application_server_enterprise",
      "@product": "Cosminexus Application Server Enterprise",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_application_server_standard",
      "@product": "Cosminexus Application Server Standard",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_application_server_version_5",
      "@product": "Cosminexus Application Server Version 5",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_light_version_6",
      "@product": "Cosminexus Developer Light Version 6",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_professional_version_6",
      "@product": "Cosminexus Developer Professional Version 6",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_standard_version_6",
      "@product": "Cosminexus Developer Standard Version 6",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_version_5",
      "@product": "Cosminexus Developer Version 5",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_standard_edition_version_4",
      "@product": "Cosminexus Server - Standard Edition Version 4",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_web_edition_version_4",
      "@product": "Cosminexus Server - Web Edition Version 4",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:hitachi_web_server",
      "@product": "Hitachi Web Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server_enterprise",
      "@product": "uCosminexus Application Server Enterprise",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server_standard",
      "@product": "uCosminexus Application Server Standard",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer",
      "@product": "uCosminexus Developer",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer_light",
      "@product": "uCosminexus Developer Light",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer_standard",
      "@product": "uCosminexus Developer Standard",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_service_architect",
      "@product": "uCosminexus Service Architect",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_service_platform",
      "@product": "uCosminexus Service Platform",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "4.0",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2009-001741",
  "sec:references": [
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0555",
      "@id": "CVE-2008-0555",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0555",
      "@id": "CVE-2008-0555",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-noinfo",
      "@title": "No Mapping(CWE-noinfo)"
    }
  ],
  "title": "Hitachi Web Server Vulnerability in SSL Client Authentication"
}

jvndb-2012-000079

Vulnerability from jvndb

Published

2012-08-30 13:57

Modified

2014-05-23 18:34

Severity ?

() - -

Summary

Adobe Reader fails to properly handle signatures

Details

Adobe Reader fails to properly handle RSA signatures. Adobe Reader contains an issue where it may fail to properly verify RSA signatures. Masahiko Takenaka of FUJITSU LABORATORIES LTD. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

References

▼	Type	URL
	JVN	https://jvn.jp/en/jp/JVN51615542/index.html
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4339
	CERT-VN	http://www.kb.cert.org/vuls/id/845620
	Credentials Management(CWE-255)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	Adobe Inc.	Adobe Reader
	Hitachi, Ltd	Cosminexus Application Server Enterprise
	Hitachi, Ltd	Cosminexus Application Server Standard
	Hitachi, Ltd	Cosminexus Application Server Version 5
	Hitachi, Ltd	Cosminexus Developer Light Version 6
	Hitachi, Ltd	Cosminexus Developer Professional Version 6
	Hitachi, Ltd	Cosminexus Developer Standard Version 6
	Hitachi, Ltd	Cosminexus Developer Version 5
	Hitachi, Ltd	Cosminexus Server - Enterprise Edition
	Hitachi, Ltd	Cosminexus Server - Standard Edition
	Hitachi, Ltd	Cosminexus Server - Standard Edition Version 4
	Hitachi, Ltd	Cosminexus Server - Web Edition
	Hitachi, Ltd	Cosminexus Server - Web Edition Version 4
	Hitachi, Ltd	Hitachi Web Server
	Hitachi, Ltd	uCosminexus Application Server Enterprise
	Hitachi, Ltd	uCosminexus Application Server Standard
	Hitachi, Ltd	uCosminexus Developer
	Hitachi, Ltd	uCosminexus Developer Light
	Hitachi, Ltd	uCosminexus Developer Standard
	Hitachi, Ltd	uCosminexus Service Architect
	Hitachi, Ltd	uCosminexus Service Platform

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000079.html",
  "dc:date": "2014-05-23T18:34+09:00",
  "dcterms:issued": "2012-08-30T13:57+09:00",
  "dcterms:modified": "2014-05-23T18:34+09:00",
  "description": "Adobe Reader fails to properly handle RSA signatures.\r\n\r\nAdobe Reader contains an issue where it may fail to properly verify RSA signatures.\r\n\r\nMasahiko Takenaka of FUJITSU LABORATORIES LTD. reported this vulnerability to IPA.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000079.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:adobe:acrobat_reader",
      "@product": "Adobe Reader",
      "@vendor": "Adobe Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_application_server_enterprise",
      "@product": "Cosminexus Application Server Enterprise",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_application_server_standard",
      "@product": "Cosminexus Application Server Standard",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_application_server_version_5",
      "@product": "Cosminexus Application Server Version 5",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_light_version_6",
      "@product": "Cosminexus Developer Light Version 6",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_professional_version_6",
      "@product": "Cosminexus Developer Professional Version 6",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_standard_version_6",
      "@product": "Cosminexus Developer Standard Version 6",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_version_5",
      "@product": "Cosminexus Developer Version 5",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_enterprise_edition",
      "@product": "Cosminexus Server - Enterprise Edition",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_standard_edition",
      "@product": "Cosminexus Server - Standard Edition",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_standard_edition_version_4",
      "@product": "Cosminexus Server - Standard Edition Version 4",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_web_edition",
      "@product": "Cosminexus Server - Web Edition",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_web_edition_version_4",
      "@product": "Cosminexus Server - Web Edition Version 4",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:hitachi_web_server",
      "@product": "Hitachi Web Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server_enterprise",
      "@product": "uCosminexus Application Server Enterprise",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server_standard",
      "@product": "uCosminexus Application Server Standard",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer",
      "@product": "uCosminexus Developer",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer_light",
      "@product": "uCosminexus Developer Light",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer_standard",
      "@product": "uCosminexus Developer Standard",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_service_architect",
      "@product": "uCosminexus Service Architect",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_service_platform",
      "@product": "uCosminexus Service Platform",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "5.0",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2012-000079",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN51615542/index.html",
      "@id": "JVN#51615542",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339",
      "@id": "CVE-2006-4339",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4339",
      "@id": "CVE-2006-4339",
      "@source": "NVD"
    },
    {
      "#text": "http://www.kb.cert.org/vuls/id/845620",
      "@id": "US-CERT Vulnerability Note VU#845620",
      "@source": "CERT-VN"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-255",
      "@title": "Credentials Management(CWE-255)"
    }
  ],
  "title": "Adobe Reader fails to properly handle signatures"
}

jvndb-2011-001632

Vulnerability from jvndb

Published

2011-06-29 17:55

Modified

2016-09-08 17:05

Severity ?

() - -

Summary

Arbitrary Data Insertion Vulnerability in Hitachi Web Server SSL/TLS Protocol

Details

When using SSL on the Hitachi Web Server, it could allow an attacker to insert arbitrary data on the top of communication data.

References

▼	Type	URL
	JVN iPedia	http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002319.html
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555
	No Mapping(CWE-noinfo)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	Hitachi, Ltd	Hitachi Web Server
	Hewlett Packard Enterprise Co.	HPE Matrix Operating Environment
	Hewlett Packard Enterprise Co.	HPE Systems Insight Manager
	Hewlett-Packard Development Company,L.P	HP Virtual Connect

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-001632.html",
  "dc:date": "2016-09-08T17:05+09:00",
  "dcterms:issued": "2011-06-29T17:55+09:00",
  "dcterms:modified": "2016-09-08T17:05+09:00",
  "description": "When using SSL on the Hitachi Web Server, it could allow an attacker to insert arbitrary data on the top of communication data.",
  "link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-001632.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:hitachi:hitachi_web_server",
      "@product": "Hitachi Web Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hp:matrix_operating_environment",
      "@product": "HPE Matrix Operating Environment",
      "@vendor": "Hewlett Packard Enterprise Co.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hp:systems_insight_manager",
      "@product": "HPE Systems Insight Manager",
      "@vendor": "Hewlett Packard Enterprise Co.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hp:virtual_connect",
      "@product": "HP Virtual Connect",
      "@vendor": "Hewlett-Packard Development Company,L.P",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "4.3",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2011-001632",
  "sec:references": [
    {
      "#text": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-002319.html",
      "@id": "JVNDB-2009-002319",
      "@source": "JVN iPedia"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555",
      "@id": "CVE-2009-3555",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3555",
      "@id": "CVE-2009-3555",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-noinfo",
      "@title": "No Mapping(CWE-noinfo)"
    }
  ],
  "title": "Arbitrary Data Insertion Vulnerability in Hitachi Web Server SSL/TLS Protocol"
}

jvndb-2019-010374

Vulnerability from jvndb

Published

2019-10-18 14:18

Modified

2019-10-18 14:18

Summary

Vulnerability in Cosminexus HTTP Server and Hitachi Web Server

Details

A vulnerability (CVE-2019-10092) exists in Cosminexus HTTP Server and Hitachi Web Server.

References

▼	Type	URL

Impacted products

▼	Vendor	Product
	Hitachi, Ltd	Cosminexus HTTP Server
	Hitachi, Ltd	Hitachi Application Server
	Hitachi, Ltd	Hitachi Application Server for Developers
	Hitachi, Ltd	Hitachi Web Server
	Hitachi, Ltd	uCosminexus Application Server
	Hitachi, Ltd	uCosminexus Developer
	Hitachi, Ltd	uCosminexus Primary Server
	Hitachi, Ltd	uCosminexus Service

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-010374.html",
  "dc:date": "2019-10-18T14:18+09:00",
  "dcterms:issued": "2019-10-18T14:18+09:00",
  "dcterms:modified": "2019-10-18T14:18+09:00",
  "description": "A vulnerability (CVE-2019-10092) exists in Cosminexus HTTP Server and Hitachi Web Server.",
  "link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-010374.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:hitachi:cosminexus_http_server",
      "@product": "Cosminexus HTTP Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:hitachi_application_server",
      "@product": "Hitachi Application Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:hitachi_application_server_for_developers",
      "@product": "Hitachi Application Server for Developers",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:hitachi_web_server",
      "@product": "Hitachi Web Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server",
      "@product": "uCosminexus Application Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer",
      "@product": "uCosminexus Developer",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_primary_server",
      "@product": "uCosminexus Primary Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_service",
      "@product": "uCosminexus Service",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    }
  ],
  "sec:identifier": "JVNDB-2019-010374",
  "sec:references": {
    "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
    "@id": "CWE-noinfo",
    "@title": "No Mapping(CWE-noinfo)"
  },
  "title": "Vulnerability in Cosminexus HTTP Server and Hitachi Web Server"
}

jvndb-2008-001513

Vulnerability from jvndb

Published

2008-07-30 13:45

Modified

2014-05-21 18:19

Severity ?

() - -

Summary

Cross-Site Scripting Vulnerability in Hitachi Web Server Status Information Display Function

Details

A cross-site scripting vulnerability has been found with the Status Information Display function of Hitachi Web Server.

References

▼	Type	URL
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6388
	JVNDB_Ja	http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001513.html
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	Hitachi, Ltd	Cosminexus Application Server Enterprise
	Hitachi, Ltd	Cosminexus Application Server Standard
	Hitachi, Ltd	Cosminexus Application Server Version 5
	Hitachi, Ltd	Cosminexus Developer Light Version 6
	Hitachi, Ltd	Cosminexus Developer Professional Version 6
	Hitachi, Ltd	Cosminexus Developer Standard Version 6
	Hitachi, Ltd	Cosminexus Developer Version 5
	Hitachi, Ltd	Cosminexus Server - Enterprise Edition
	Hitachi, Ltd	Cosminexus Server - Standard Edition
	Hitachi, Ltd	Cosminexus Server - Standard Edition Version 4
	Hitachi, Ltd	Cosminexus Server - Web Edition
	Hitachi, Ltd	Cosminexus Server - Web Edition Version 4
	Hitachi, Ltd	Hitachi Web Server
	Hitachi, Ltd	uCosminexus Application Server Enterprise
	Hitachi, Ltd	uCosminexus Application Server Standard
	Hitachi, Ltd	uCosminexus Developer
	Hitachi, Ltd	uCosminexus Developer Light
	Hitachi, Ltd	uCosminexus Developer Standard
	Hitachi, Ltd	uCosminexus Service Architect
	Hitachi, Ltd	uCosminexus Service Platform

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-001513.html",
  "dc:date": "2014-05-21T18:19+09:00",
  "dcterms:issued": "2008-07-30T13:45+09:00",
  "dcterms:modified": "2014-05-21T18:19+09:00",
  "description": "A cross-site scripting vulnerability has been found with the Status Information Display function of Hitachi Web Server.",
  "link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-001513.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:hitachi:cosminexus_application_server_enterprise",
      "@product": "Cosminexus Application Server Enterprise",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_application_server_standard",
      "@product": "Cosminexus Application Server Standard",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_application_server_version_5",
      "@product": "Cosminexus Application Server Version 5",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_light_version_6",
      "@product": "Cosminexus Developer Light Version 6",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_professional_version_6",
      "@product": "Cosminexus Developer Professional Version 6",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_standard_version_6",
      "@product": "Cosminexus Developer Standard Version 6",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_version_5",
      "@product": "Cosminexus Developer Version 5",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_enterprise_edition",
      "@product": "Cosminexus Server - Enterprise Edition",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_standard_edition",
      "@product": "Cosminexus Server - Standard Edition",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_standard_edition_version_4",
      "@product": "Cosminexus Server - Standard Edition Version 4",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_web_edition",
      "@product": "Cosminexus Server - Web Edition",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_web_edition_version_4",
      "@product": "Cosminexus Server - Web Edition Version 4",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:hitachi_web_server",
      "@product": "Hitachi Web Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server_enterprise",
      "@product": "uCosminexus Application Server Enterprise",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server_standard",
      "@product": "uCosminexus Application Server Standard",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer",
      "@product": "uCosminexus Developer",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer_light",
      "@product": "uCosminexus Developer Light",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer_standard",
      "@product": "uCosminexus Developer Standard",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_service_architect",
      "@product": "uCosminexus Service Architect",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_service_platform",
      "@product": "uCosminexus Service Platform",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "4.3",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2008-001513",
  "sec:references": [
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388",
      "@id": "CVE-2007-6388",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6388",
      "@id": "CVE-2007-6388",
      "@source": "NVD"
    },
    {
      "#text": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-001513.html",
      "@id": "JVNDB-2008-001513",
      "@source": "JVNDB_Ja"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Cross-Site Scripting Vulnerability in Hitachi Web Server Status Information Display Function"
}

jvndb-2016-008607

Vulnerability from jvndb

Published

2017-06-30 15:55

Modified

2019-07-25 14:14

Severity ?

4.0 (Medium) - cvssV3_0 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

Summary

Vulnerability in Cosminexus HTTP Server and Hitachi Web Server

Details

A vulnerability (CVE-2016-8743) exists in Cosminexus HTTP Server and Hitachi Web Server.

References

▼	Type	URL
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4975
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-8743
	NVD	https://nvd.nist.gov/vuln/detail/CVE-2016-4975
	Data Handling(CWE-19)	https://cwe.mitre.org/data/definitions/19.html

Impacted products

▼	Vendor	Product
	Apache Software Foundation	Apache HTTP Server
	Hitachi, Ltd	Cosminexus HTTP Server
	Hitachi, Ltd	Hitachi Application Server
	Hitachi, Ltd	Hitachi Application Server for Developers
	Hitachi, Ltd	Hitachi Web Server
	Hitachi, Ltd	Hitachi IT Operations Director
	Hitachi, Ltd	Job Management Partner 1/IT Desktop Management
	Hitachi, Ltd	Job Management Partner 1/IT Desktop Management - Manager
	Hitachi, Ltd	Job Management Partner 1/Integrated Management
	Hitachi, Ltd	Job Management Partner 1/Performance Management - Web Console
	Hitachi, Ltd	JP1/Automatic Operation
	Hitachi, Ltd	JP1/IT Desktop Management - Manager
	Hitachi, Ltd	JP1/Performance Management
	Hitachi, Ltd	JP1/Automatic Job Management System 3
	Hitachi, Ltd	JP1/Integrated Management
	Hitachi, Ltd	JP1/IT Desktop Management
	Hitachi, Ltd	JP1/Operations Analytics
	Hitachi, Ltd	JP1/Service Support
	Hitachi, Ltd	uCosminexus Application Server
	Hitachi, Ltd	uCosminexus Application Server Enterprise
	Hitachi, Ltd	uCosminexus Application Server Smart Edition
	Hitachi, Ltd	uCosminexus Application Server Standard
	Hitachi, Ltd	uCosminexus Developer
	Hitachi, Ltd	uCosminexus Developer Light
	Hitachi, Ltd	uCosminexus Developer Standard
	Hitachi, Ltd	uCosminexus Primary Server
	Hitachi, Ltd	uCosminexus Service Architect
	Hitachi, Ltd	uCosminexus Service Platform

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-008607.html",
  "dc:date": "2019-07-25T14:14+09:00",
  "dcterms:issued": "2017-06-30T15:55+09:00",
  "dcterms:modified": "2019-07-25T14:14+09:00",
  "description": "A vulnerability (CVE-2016-8743) exists in Cosminexus HTTP Server and Hitachi Web Server.",
  "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-008607.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:apache:http_server",
      "@product": "Apache HTTP Server",
      "@vendor": "Apache Software Foundation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_http_server",
      "@product": "Cosminexus HTTP Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:hitachi_application_server",
      "@product": "Hitachi Application Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:hitachi_application_server_for_developers",
      "@product": "Hitachi Application Server for Developers",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:hitachi_web_server",
      "@product": "Hitachi Web Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:it_operations_director",
      "@product": "Hitachi IT Operations Director",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:job_management_partner_1%2Fit_desktop_management",
      "@product": "Job Management Partner 1/IT Desktop Management",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:job_management_partner_1%2Fit_desktop_management-manager",
      "@product": "Job Management Partner 1/IT Desktop Management - Manager",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:job_management_partner_1_integrated_management",
      "@product": "Job Management Partner 1/Integrated Management",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:job_management_partner_1_performance_management_web_console",
      "@product": "Job Management Partner 1/Performance Management - Web Console",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:jp1%2fautomatic_operation",
      "@product": "JP1/Automatic Operation",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:jp1%2Fit_desktop_management-manager",
      "@product": "JP1/IT Desktop Management - Manager",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:jp1%2fperformance_management",
      "@product": "JP1/Performance Management",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:jp1_automatic_job_management_system_3",
      "@product": "JP1/Automatic Job Management System 3",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:jp1_integrated_management",
      "@product": "JP1/Integrated Management",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:jp1_it_desktop_management",
      "@product": "JP1/IT Desktop Management",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:jp1_operation_analytics",
      "@product": "JP1/Operations Analytics",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:jp1_service_support",
      "@product": "JP1/Service Support",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server",
      "@product": "uCosminexus Application Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server_enterprise",
      "@product": "uCosminexus Application Server Enterprise",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server_smart_edition",
      "@product": "uCosminexus Application Server Smart Edition",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server_standard",
      "@product": "uCosminexus Application Server Standard",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer",
      "@product": "uCosminexus Developer",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer_light",
      "@product": "uCosminexus Developer Light",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer_standard",
      "@product": "uCosminexus Developer Standard",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_primary_server",
      "@product": "uCosminexus Primary Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_service_architect",
      "@product": "uCosminexus Service Architect",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_service_platform",
      "@product": "uCosminexus Service Platform",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    }
  ],
  "sec:cvss": [
    {
      "@score": "4.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "4.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2016-008607",
  "sec:references": [
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743",
      "@id": "CVE-2016-8743",
      "@source": "CVE"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4975",
      "@id": "CVE-2016-4975",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-8743",
      "@id": "CVE-2016-8743",
      "@source": "NVD"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4975",
      "@id": "CVE-2016-4975",
      "@source": "NVD"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/19.html",
      "@id": "CWE-19",
      "@title": "Data Handling(CWE-19)"
    }
  ],
  "title": "Vulnerability in Cosminexus HTTP Server and Hitachi Web Server"
}

jvndb-2007-000773

Vulnerability from jvndb

Published

2008-05-21 00:00

Modified

2014-05-21 18:27

Severity ?

() - -

Summary

Hitachi Web Server Cross-Site Scripting Vulnerability with Server-Status Page

Details

When Hitachi Web Server receives a request that contains malicious scripts, they are inserted into the server-satus page the Server automatically creates. This allows the inserted malicious scripts to be executed on the client machines. The vulnerability does not affect the product if the server-status reporting feature is disabled.

References

▼	Type	URL
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5809
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752
	NVD	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5809
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5752
	SECUNIA	http://secunia.com/advisories/27421
	FRSIRT	http://www.frsirt.com/english/advisories/2007/3666
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	Hitachi, Ltd	Cosminexus Application Server Enterprise
	Hitachi, Ltd	Cosminexus Application Server Standard
	Hitachi, Ltd	Cosminexus Application Server Version 5
	Hitachi, Ltd	Cosminexus Developer Light Version 6
	Hitachi, Ltd	Cosminexus Developer Professional Version 6
	Hitachi, Ltd	Cosminexus Developer Standard Version 6
	Hitachi, Ltd	Cosminexus Developer Version 5
	Hitachi, Ltd	Cosminexus Server - Enterprise Edition
	Hitachi, Ltd	Cosminexus Server - Standard Edition
	Hitachi, Ltd	Cosminexus Server - Standard Edition Version 4
	Hitachi, Ltd	Cosminexus Server - Web Edition
	Hitachi, Ltd	Cosminexus Server - Web Edition Version 4
	Hitachi, Ltd	Hitachi Web Server
	Hitachi, Ltd	uCosminexus Application Server Enterprise
	Hitachi, Ltd	uCosminexus Application Server Standard
	Hitachi, Ltd	uCosminexus Developer
	Hitachi, Ltd	uCosminexus Developer Light
	Hitachi, Ltd	uCosminexus Developer Standard
	Hitachi, Ltd	uCosminexus Service Architect
	Hitachi, Ltd	uCosminexus Service Platform

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000773.html",
  "dc:date": "2014-05-21T18:27+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2014-05-21T18:27+09:00",
  "description": "When Hitachi Web Server receives a request that contains malicious scripts, they are inserted into the server-satus page the Server automatically creates. This allows the inserted malicious scripts to be executed on the client machines.\r\n\r\nThe vulnerability does not affect the product if the server-status reporting feature is disabled.",
  "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000773.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:hitachi:cosminexus_application_server_enterprise",
      "@product": "Cosminexus Application Server Enterprise",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_application_server_standard",
      "@product": "Cosminexus Application Server Standard",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_application_server_version_5",
      "@product": "Cosminexus Application Server Version 5",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_light_version_6",
      "@product": "Cosminexus Developer Light Version 6",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_professional_version_6",
      "@product": "Cosminexus Developer Professional Version 6",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_standard_version_6",
      "@product": "Cosminexus Developer Standard Version 6",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_version_5",
      "@product": "Cosminexus Developer Version 5",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_enterprise_edition",
      "@product": "Cosminexus Server - Enterprise Edition",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_standard_edition",
      "@product": "Cosminexus Server - Standard Edition",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_standard_edition_version_4",
      "@product": "Cosminexus Server - Standard Edition Version 4",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_web_edition",
      "@product": "Cosminexus Server - Web Edition",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_web_edition_version_4",
      "@product": "Cosminexus Server - Web Edition Version 4",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:hitachi_web_server",
      "@product": "Hitachi Web Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server_enterprise",
      "@product": "uCosminexus Application Server Enterprise",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server_standard",
      "@product": "uCosminexus Application Server Standard",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer",
      "@product": "uCosminexus Developer",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer_light",
      "@product": "uCosminexus Developer Light",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer_standard",
      "@product": "uCosminexus Developer Standard",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_service_architect",
      "@product": "uCosminexus Service Architect",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_service_platform",
      "@product": "uCosminexus Service Platform",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "4.3",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2007-000773",
  "sec:references": [
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5809",
      "@id": "CVE-2007-5809",
      "@source": "CVE"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752",
      "@id": "CVE-2006-5752",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5809",
      "@id": "CVE-2007-5809",
      "@source": "NVD"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-5752",
      "@id": "CVE-2006-5752",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/27421",
      "@id": "SA27421",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2007/3666",
      "@id": "FrSIRT/ADV-2007-3666",
      "@source": "FRSIRT"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Hitachi Web Server Cross-Site Scripting Vulnerability with Server-Status Page"
}

jvndb-2005-000601

Vulnerability from jvndb

Published

2008-05-21 00:00

Modified

2014-05-22 18:04

Severity ?

() - -

Summary

OpenSSL version rollback vulnerability

Details

OpenSSL from OpenSSL Project contains a version rollback vulnerability. If a specific option is used on a server running OpenSSL, an attacker can force the client and the server to negotiate the SSL 2.0 protocol even if these parties both request TLS 1.0 protocol by crafting an attack on the communication path. RFC 2246, defining the TLS protocol, defines that when TLS 1.0 is available, SSL 2.0 should not be used in order to avoid version rollback attacks.

References

▼	Type	URL
	JVN	http://jvn.jp/en/jp/JVN23632449/index.html
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969
	NVD	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-2969
	SECUNIA	http://secunia.com/advisories/17151/
	BID	http://www.securityfocus.com/bid/15071
	SECTEAM	http://www.securiteam.com/securitynews/6Y00D0AEBW.html
	FRSIRT	http://www.frsirt.com/english/advisories/2005/2036

Impacted products

▼	Vendor	Product
	Hitachi, Ltd	Cosminexus Application Server Enterprise
	Hitachi, Ltd	Cosminexus Application Server Standard
	Hitachi, Ltd	Cosminexus Application Server Version 5
	Hitachi, Ltd	Cosminexus Developer Light Version 6
	Hitachi, Ltd	Cosminexus Developer Professional Version 6
	Hitachi, Ltd	Cosminexus Developer Standard Version 6
	Hitachi, Ltd	Cosminexus Developer Version 5
	Hitachi, Ltd	Cosminexus Server - Enterprise Edition
	Hitachi, Ltd	Cosminexus Server - Standard Edition
	Hitachi, Ltd	Cosminexus Server - Standard Edition Version 4
	Hitachi, Ltd	Cosminexus Server - Web Edition
	Hitachi, Ltd	Cosminexus Server - Web Edition Version 4
	Hitachi, Ltd	Hitachi Web Server
	Hitachi, Ltd	uCosminexus Application Server Enterprise
	Hitachi, Ltd	uCosminexus Application Server Smart Edition
	Hitachi, Ltd	uCosminexus Application Server Standard
	Hitachi, Ltd	uCosminexus Developer
	Hitachi, Ltd	uCosminexus Developer Light
	Hitachi, Ltd	uCosminexus Developer Standard
	Hitachi, Ltd	uCosminexus Service Architect
	Hitachi, Ltd	uCosminexus Service Platform
	OpenSSL Project	OpenSSL
	Trend Micro, Inc.	InterScan Messaging Security Suite
	Trend Micro, Inc.	TrendMicro InterScan VirusWall
	Trend Micro, Inc.	TrendMicro InterScan Web Security Suite
	FUJITSU	FMSE-C301
	FUJITSU	IPCOM Series
	Hewlett-Packard Development Company,L.P	HP-UX
	Cybertrust Japan Co., Ltd.	Asianux Server
	Red Hat, Inc.	Red Hat Enterprise Linux
	Red Hat, Inc.	Red Hat Linux Advanced Workstation
	Sun Microsystems, Inc.	Sun Solaris
	Turbolinux, Inc.	Turbolinux Appliance Server
	Turbolinux, Inc.	Turbolinux FUJI
	Turbolinux, Inc.	Turbolinux Multimedia
	Turbolinux, Inc.	Turbolinux Personal
	Turbolinux, Inc.	Turbolinux Server
	Turbolinux, Inc.	wizpy

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000601.html",
  "dc:date": "2014-05-22T18:04+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2014-05-22T18:04+09:00",
  "description": "OpenSSL from OpenSSL Project contains a version rollback vulnerability. If a specific option is used on a server running OpenSSL, an attacker can force the client and the server to negotiate the SSL 2.0 protocol even if these parties both request TLS 1.0 protocol by crafting an attack on the communication path.\r\n\r\nRFC 2246, defining the TLS protocol, defines that when TLS 1.0 is available, SSL 2.0 should not be used in order to avoid version rollback attacks.",
  "link": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000601.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:hitachi:cosminexus_application_server_enterprise",
      "@product": "Cosminexus Application Server Enterprise",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_application_server_standard",
      "@product": "Cosminexus Application Server Standard",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_application_server_version_5",
      "@product": "Cosminexus Application Server Version 5",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_light_version_6",
      "@product": "Cosminexus Developer Light Version 6",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_professional_version_6",
      "@product": "Cosminexus Developer Professional Version 6",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_standard_version_6",
      "@product": "Cosminexus Developer Standard Version 6",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_version_5",
      "@product": "Cosminexus Developer Version 5",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_enterprise_edition",
      "@product": "Cosminexus Server - Enterprise Edition",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_standard_edition",
      "@product": "Cosminexus Server - Standard Edition",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_standard_edition_version_4",
      "@product": "Cosminexus Server - Standard Edition Version 4",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_web_edition",
      "@product": "Cosminexus Server - Web Edition",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_web_edition_version_4",
      "@product": "Cosminexus Server - Web Edition Version 4",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:hitachi_web_server",
      "@product": "Hitachi Web Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server_enterprise",
      "@product": "uCosminexus Application Server Enterprise",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server_smart_edition",
      "@product": "uCosminexus Application Server Smart Edition",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server_standard",
      "@product": "uCosminexus Application Server Standard",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer",
      "@product": "uCosminexus Developer",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer_light",
      "@product": "uCosminexus Developer Light",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer_standard",
      "@product": "uCosminexus Developer Standard",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_service_architect",
      "@product": "uCosminexus Service Architect",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_service_platform",
      "@product": "uCosminexus Service Platform",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:openssl:openssl",
      "@product": "OpenSSL",
      "@vendor": "OpenSSL Project",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:trendmicro:interscan_messaging_security_suite",
      "@product": "InterScan Messaging Security Suite",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:trendmicro:interscan_viruswall",
      "@product": "TrendMicro InterScan VirusWall",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:trendmicro:interscan_web_security_suite",
      "@product": "TrendMicro InterScan Web Security Suite",
      "@vendor": "Trend Micro, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:fujitsu:fmse-c301",
      "@product": "FMSE-C301",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:fujitsu:ipcom",
      "@product": "IPCOM Series",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:hp:hp-ux",
      "@product": "HP-UX",
      "@vendor": "Hewlett-Packard Development Company,L.P",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:misc:miraclelinux_asianux_server",
      "@product": "Asianux Server",
      "@vendor": "Cybertrust Japan Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux",
      "@product": "Red Hat Enterprise Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:linux_advanced_workstation",
      "@product": "Red Hat Linux Advanced Workstation",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:sun:solaris",
      "@product": "Sun Solaris",
      "@vendor": "Sun Microsystems, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_appliance_server",
      "@product": "Turbolinux Appliance Server",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_fuji",
      "@product": "Turbolinux FUJI",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_multimedia",
      "@product": "Turbolinux Multimedia",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_personal",
      "@product": "Turbolinux Personal",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_server",
      "@product": "Turbolinux Server",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_wizpy",
      "@product": "wizpy",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "2.6",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2005-000601",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN23632449/index.html",
      "@id": "JVN#23632449",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969",
      "@id": "CVE-2005-2969",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-2969",
      "@id": "CVE-2005-2969",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/17151/",
      "@id": "SA17151",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/15071",
      "@id": "15071",
      "@source": "BID"
    },
    {
      "#text": "http://www.securiteam.com/securitynews/6Y00D0AEBW.html",
      "@id": "6Y00D0AEBW",
      "@source": "SECTEAM"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2005/2036",
      "@id": "FrSIRT/ADV-2005-2036",
      "@source": "FRSIRT"
    }
  ],
  "title": "OpenSSL version rollback vulnerability"
}

jvndb-2005-000727

Vulnerability from jvndb

Published

2008-05-21 00:00

Modified

2014-05-22 18:03

Severity ?

() - -

Summary

mod_imap cross-site scripting vulnerability

Details

The "mod_imap" and "mod_imagemap" modules of the Apache HTTP Server are used for implementing server-side image map processing. mod_imap and mod_imagemap are affected by a cross-site scripting vulnerability when referer values are used in an image map in such a way that they do not handle HTTP_REFERER properly.

References

▼	Type	URL
	JVN	http://jvn.jp/en/jp/JVN06045169/index.html
	JVNTR	https://jvn.jp/en/tr/TRTA08-079A/index.html
	JVNTR	https://jvn.jp/en/tr/TRTA08-150A/index.html
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352
	NVD	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3352
	CERT-SA	http://www.us-cert.gov/cas/alerts/SA08-079A.html
	CERT-SA	http://www.us-cert.gov/cas/alerts/SA08-150A.html
	CERT-TA	http://www.us-cert.gov/cas/techalerts/TA08-079A.html
	CERT-TA	http://www.us-cert.gov/cas/techalerts/TA08-150A.html
	BID	http://www.securityfocus.com/bid/15834

Impacted products

▼	Vendor	Product
	Apache Software Foundation	Apache HTTP Server
	Hitachi, Ltd	Cosminexus Application Server Enterprise
	Hitachi, Ltd	Cosminexus Application Server Standard
	Hitachi, Ltd	Cosminexus Application Server Version 5
	Hitachi, Ltd	Cosminexus Developer Light Version 6
	Hitachi, Ltd	Cosminexus Developer Professional Version 6
	Hitachi, Ltd	Cosminexus Developer Standard Version 6
	Hitachi, Ltd	Cosminexus Developer Version 5
	Hitachi, Ltd	Cosminexus Server - Enterprise Edition
	Hitachi, Ltd	Cosminexus Server - Standard Edition
	Hitachi, Ltd	Cosminexus Server - Standard Edition Version 4
	Hitachi, Ltd	Cosminexus Server - Web Edition
	Hitachi, Ltd	Cosminexus Server - Web Edition Version 4
	Hitachi, Ltd	Hitachi Web Server
	Hitachi, Ltd	uCosminexus Application Server Enterprise
	Hitachi, Ltd	uCosminexus Application Server Smart Edition
	Hitachi, Ltd	uCosminexus Application Server Standard
	Hitachi, Ltd	uCosminexus Developer
	Hitachi, Ltd	uCosminexus Developer Light
	Hitachi, Ltd	uCosminexus Developer Standard
	Hitachi, Ltd	uCosminexus Service Architect
	Hitachi, Ltd	uCosminexus Service Platform
	IBM Corporation	IBM HTTP Server
	Oracle Corporation	Oracle HTTP Server
	Apple Inc.	Apple Mac OS X
	Apple Inc.	Apple Mac OS X Server
	Hewlett-Packard Development Company,L.P	HP-UX
	Cybertrust Japan Co., Ltd.	Asianux Server
	Red Hat, Inc.	Red Hat Enterprise Linux
	Red Hat, Inc.	Red Hat Linux Advanced Workstation
	Sun Microsystems, Inc.	Sun Solaris
	Turbolinux, Inc.	Turbolinux
	Turbolinux, Inc.	Turbolinux Desktop
	Turbolinux, Inc.	Turbolinux FUJI
	Turbolinux, Inc.	Turbolinux Home
	Turbolinux, Inc.	Turbolinux Multimedia
	Turbolinux, Inc.	Turbolinux Personal
	Turbolinux, Inc.	Turbolinux Server

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000727.html",
  "dc:date": "2014-05-22T18:03+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2014-05-22T18:03+09:00",
  "description": "The \"mod_imap\" and \"mod_imagemap\" modules of the Apache HTTP Server are used for implementing server-side image map processing.\r\nmod_imap and mod_imagemap are affected by a cross-site scripting vulnerability when referer values are used in an image map in such a way that they do not handle HTTP_REFERER properly.",
  "link": "https://jvndb.jvn.jp/en/contents/2005/JVNDB-2005-000727.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:apache:http_server",
      "@product": "Apache HTTP Server",
      "@vendor": "Apache Software Foundation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_application_server_enterprise",
      "@product": "Cosminexus Application Server Enterprise",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_application_server_standard",
      "@product": "Cosminexus Application Server Standard",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_application_server_version_5",
      "@product": "Cosminexus Application Server Version 5",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_light_version_6",
      "@product": "Cosminexus Developer Light Version 6",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_professional_version_6",
      "@product": "Cosminexus Developer Professional Version 6",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_standard_version_6",
      "@product": "Cosminexus Developer Standard Version 6",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_version_5",
      "@product": "Cosminexus Developer Version 5",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_enterprise_edition",
      "@product": "Cosminexus Server - Enterprise Edition",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_standard_edition",
      "@product": "Cosminexus Server - Standard Edition",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_standard_edition_version_4",
      "@product": "Cosminexus Server - Standard Edition Version 4",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_web_edition",
      "@product": "Cosminexus Server - Web Edition",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_web_edition_version_4",
      "@product": "Cosminexus Server - Web Edition Version 4",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:hitachi_web_server",
      "@product": "Hitachi Web Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server_enterprise",
      "@product": "uCosminexus Application Server Enterprise",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server_smart_edition",
      "@product": "uCosminexus Application Server Smart Edition",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server_standard",
      "@product": "uCosminexus Application Server Standard",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer",
      "@product": "uCosminexus Developer",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer_light",
      "@product": "uCosminexus Developer Light",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer_standard",
      "@product": "uCosminexus Developer Standard",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_service_architect",
      "@product": "uCosminexus Service Architect",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_service_platform",
      "@product": "uCosminexus Service Platform",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:ibm:http_server",
      "@product": "IBM HTTP Server",
      "@vendor": "IBM Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:oracle:http_server",
      "@product": "Oracle HTTP Server",
      "@vendor": "Oracle Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:apple:mac_os_x",
      "@product": "Apple Mac OS X",
      "@vendor": "Apple Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:apple:mac_os_x_server",
      "@product": "Apple Mac OS X Server",
      "@vendor": "Apple Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:hp:hp-ux",
      "@product": "HP-UX",
      "@vendor": "Hewlett-Packard Development Company,L.P",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:misc:miraclelinux_asianux_server",
      "@product": "Asianux Server",
      "@vendor": "Cybertrust Japan Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux",
      "@product": "Red Hat Enterprise Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:linux_advanced_workstation",
      "@product": "Red Hat Linux Advanced Workstation",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:sun:solaris",
      "@product": "Sun Solaris",
      "@vendor": "Sun Microsystems, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux",
      "@product": "Turbolinux",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_desktop",
      "@product": "Turbolinux Desktop",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_fuji",
      "@product": "Turbolinux FUJI",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_home",
      "@product": "Turbolinux Home",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_multimedia",
      "@product": "Turbolinux Multimedia",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_personal",
      "@product": "Turbolinux Personal",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_server",
      "@product": "Turbolinux Server",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "4.3",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2005-000727",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN06045169/index.html",
      "@id": "JVN#06045169",
      "@source": "JVN"
    },
    {
      "#text": "https://jvn.jp/en/tr/TRTA08-079A/index.html",
      "@id": "TRTA08-079A",
      "@source": "JVNTR"
    },
    {
      "#text": "https://jvn.jp/en/tr/TRTA08-150A/index.html",
      "@id": "TRTA08-150A",
      "@source": "JVNTR"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352",
      "@id": "CVE-2005-3352",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-3352",
      "@id": "CVE-2005-3352",
      "@source": "NVD"
    },
    {
      "#text": "http://www.us-cert.gov/cas/alerts/SA08-079A.html",
      "@id": "SA08-079A",
      "@source": "CERT-SA"
    },
    {
      "#text": "http://www.us-cert.gov/cas/alerts/SA08-150A.html",
      "@id": "SA08-150A",
      "@source": "CERT-SA"
    },
    {
      "#text": "http://www.us-cert.gov/cas/techalerts/TA08-079A.html",
      "@id": "TA08-079A",
      "@source": "CERT-TA"
    },
    {
      "#text": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html",
      "@id": "TA08-150A",
      "@source": "CERT-TA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/15834",
      "@id": "15834",
      "@source": "BID"
    }
  ],
  "title": "mod_imap cross-site scripting vulnerability"
}

jvndb-2007-000819

Vulnerability from jvndb

Published

2008-05-21 00:00

Modified

2013-07-18 18:58

Severity ?

() - -

Summary

Cross-site scripting vulnerability in Apache HTTP Server "mod_imap" and "mod_imagemap"

Details

mod_imap and mod_imagemap modules of the Apache HTTP Server are vulnerable to cross-site scripting. The Apache HTTP Server is open source web server software. The Apache HTTP Server modules mod_imap and mod_imagemap provide server-side imagemap processing capability. The Apache HTTP Server modules mod_imap and mod_imagemap are vulnerable to cross-site scripting.

References

▼	Type	URL
	JVN	http://jvn.jp/en/jp/JVN80057925/index.html
	JVNTR	https://jvn.jp/en/tr/TRTA08-079A/index.html
	JVNTR	https://jvn.jp/en/tr/TRTA08-150A/index.html
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000
	NVD	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5000
	SECUNIA	http://secunia.com/advisories/28046
	SECUNIA	http://secunia.com/advisories/28073
	FRSIRT	http://www.frsirt.com/english/advisories/2007/4201
	FRSIRT	http://www.frsirt.com/english/advisories/2007/4202
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	Apache Software Foundation	Apache HTTP Server
	FUJITSU	Interstage Application Framework Suite
	FUJITSU	Interstage Application Server
	FUJITSU	Interstage Apworks
	FUJITSU	Interstage Business Application Server
	FUJITSU	Interstage Job Workload Server
	FUJITSU	Interstage Studio
	FUJITSU	Interstage Web Server
	FUJITSU	Systemwalker Resource Coordinator
	Hitachi, Ltd	Cosminexus Application Server
	Hitachi, Ltd	Cosminexus Developer
	Hitachi, Ltd	Cosminexus Server
	Hitachi, Ltd	Hitachi Web Server
	Hitachi, Ltd	uCosminexus Application Server
	Hitachi, Ltd	uCosminexus Developer
	Hitachi, Ltd	uCosminexus Service
	IBM Corporation	IBM HTTP Server
	Oracle Corporation	Oracle HTTP Server
	Red Hat, Inc.	Red Hat Application Stack
	NEC Corporation	WanBooster
	Apple Inc.	Apple Mac OS X
	Apple Inc.	Apple Mac OS X Server
	Hewlett-Packard Development Company,L.P	HP-UX
	Cybertrust Japan Co., Ltd.	Asianux Server
	Red Hat, Inc.	Red Hat Enterprise Linux
	Red Hat, Inc.	Red Hat Enterprise Linux Desktop
	Red Hat, Inc.	Red Hat Linux Advanced Workstation
	Red Hat, Inc.	RHEL Desktop Workstation
	Sun Microsystems, Inc.	Sun Solaris
	Turbolinux, Inc.	Turbolinux Appliance Server
	Turbolinux, Inc.	Turbolinux FUJI
	Turbolinux, Inc.	Turbolinux Multimedia
	Turbolinux, Inc.	Turbolinux Personal
	Turbolinux, Inc.	Turbolinux Server

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000819.html",
  "dc:date": "2013-07-18T18:58+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2013-07-18T18:58+09:00",
  "description": "mod_imap and mod_imagemap modules of the Apache HTTP Server are vulnerable to cross-site scripting.\r\n\r\nThe Apache HTTP Server is open source web server software. The Apache HTTP Server modules mod_imap and mod_imagemap provide server-side imagemap processing capability.\r\nThe Apache HTTP Server modules mod_imap and mod_imagemap are vulnerable to cross-site scripting.",
  "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000819.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:apache:http_server",
      "@product": "Apache HTTP Server",
      "@vendor": "Apache Software Foundation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_application_framework_suite",
      "@product": "Interstage Application Framework Suite",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_application_server",
      "@product": "Interstage Application Server",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_apworks",
      "@product": "Interstage Apworks",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_business_application_server",
      "@product": "Interstage Business Application Server",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_job_workload_server",
      "@product": "Interstage Job Workload Server",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_studio",
      "@product": "Interstage Studio",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_web_server",
      "@product": "Interstage Web Server",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:systemwalker_resource_coordinator",
      "@product": "Systemwalker Resource Coordinator",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_application_server",
      "@product": "Cosminexus Application Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer",
      "@product": "Cosminexus Developer",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server",
      "@product": "Cosminexus Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:hitachi_web_server",
      "@product": "Hitachi Web Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server",
      "@product": "uCosminexus Application Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer",
      "@product": "uCosminexus Developer",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_service",
      "@product": "uCosminexus Service",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:ibm:http_server",
      "@product": "IBM HTTP Server",
      "@vendor": "IBM Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:oracle:http_server",
      "@product": "Oracle HTTP Server",
      "@vendor": "Oracle Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:redhat:rhel_application_stack",
      "@product": "Red Hat Application Stack",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/h:nec:wanbooster",
      "@product": "WanBooster",
      "@vendor": "NEC Corporation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:apple:mac_os_x",
      "@product": "Apple Mac OS X",
      "@vendor": "Apple Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:apple:mac_os_x_server",
      "@product": "Apple Mac OS X Server",
      "@vendor": "Apple Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:hp:hp-ux",
      "@product": "HP-UX",
      "@vendor": "Hewlett-Packard Development Company,L.P",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:misc:miraclelinux_asianux_server",
      "@product": "Asianux Server",
      "@vendor": "Cybertrust Japan Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux",
      "@product": "Red Hat Enterprise Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux_desktop",
      "@product": "Red Hat Enterprise Linux Desktop",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:linux_advanced_workstation",
      "@product": "Red Hat Linux Advanced Workstation",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:rhel_desktop_workstation",
      "@product": "RHEL Desktop Workstation",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:sun:solaris",
      "@product": "Sun Solaris",
      "@vendor": "Sun Microsystems, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_appliance_server",
      "@product": "Turbolinux Appliance Server",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_fuji",
      "@product": "Turbolinux FUJI",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_multimedia",
      "@product": "Turbolinux Multimedia",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_personal",
      "@product": "Turbolinux Personal",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_server",
      "@product": "Turbolinux Server",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "4.3",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2007-000819",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN80057925/index.html",
      "@id": "JVN#80057925",
      "@source": "JVN"
    },
    {
      "#text": "https://jvn.jp/en/tr/TRTA08-079A/index.html",
      "@id": "TRTA08-079A",
      "@source": "JVNTR"
    },
    {
      "#text": "https://jvn.jp/en/tr/TRTA08-150A/index.html",
      "@id": "TRTA08-150A",
      "@source": "JVNTR"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000",
      "@id": "CVE-2007-5000",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5000",
      "@id": "CVE-2007-5000",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/28046",
      "@id": "SA28046",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://secunia.com/advisories/28073",
      "@id": "SA28073",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2007/4201",
      "@id": "FrSIRT/ADV-2007-4201",
      "@source": "FRSIRT"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2007/4202",
      "@id": "FrSIRT/ADV-2007-4202",
      "@source": "FRSIRT"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Cross-site scripting vulnerability in Apache HTTP Server \"mod_imap\" and \"mod_imagemap\""
}

jvndb-2006-000992

Vulnerability from jvndb

Published

2009-02-04 17:42

Modified

2014-05-22 18:03

Severity ?

() - -

Summary

Multiple Vulnerabilities Concerning Hitachi Web Server

Details

Hitachi Web Server has vulnerabilities listed below: 1. A vulnerability that allows to roll back the Open SSL version when using the SSL. 2. Cross-site scripting vulnerability in contents created automatically by the Hitachi Web Server. 3. Cross-site scripting vulnerability due to inadequate processing of the Expect header.

References

▼	Type	URL
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3918
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0514
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2969
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3352
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3918
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0514
	JVNDB_Ja	http://jvndb.jvn.jp/ja/contents/2006/JVNDB-2006-000992.html
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	No Mapping(CWE-noinfo)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	Hitachi, Ltd	Cosminexus Application Server Enterprise
	Hitachi, Ltd	Cosminexus Application Server Standard
	Hitachi, Ltd	Cosminexus Application Server Version 5
	Hitachi, Ltd	Cosminexus Developer Light Version 6
	Hitachi, Ltd	Cosminexus Developer Professional Version 6
	Hitachi, Ltd	Cosminexus Developer Standard Version 6
	Hitachi, Ltd	Cosminexus Developer Version 5
	Hitachi, Ltd	Cosminexus Server - Enterprise Edition
	Hitachi, Ltd	Cosminexus Server - Standard Edition
	Hitachi, Ltd	Cosminexus Server - Standard Edition Version 4
	Hitachi, Ltd	Cosminexus Server - Web Edition
	Hitachi, Ltd	Cosminexus Server - Web Edition Version 4
	Hitachi, Ltd	Hitachi Web Server
	Hitachi, Ltd	uCosminexus Application Server Enterprise
	Hitachi, Ltd	uCosminexus Application Server Smart Edition
	Hitachi, Ltd	uCosminexus Application Server Standard
	Hitachi, Ltd	uCosminexus Developer
	Hitachi, Ltd	uCosminexus Developer Light
	Hitachi, Ltd	uCosminexus Developer Standard
	Hitachi, Ltd	uCosminexus Service Architect
	Hitachi, Ltd	uCosminexus Service Platform

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000992.html",
  "dc:date": "2014-05-22T18:03+09:00",
  "dcterms:issued": "2009-02-04T17:42+09:00",
  "dcterms:modified": "2014-05-22T18:03+09:00",
  "description": "Hitachi Web Server has vulnerabilities listed below:\r\n\r\n1. A vulnerability that allows to roll back the Open SSL version when using the SSL.\r\n\r\n2. Cross-site scripting vulnerability in contents created automatically by the Hitachi Web Server.\r\n\r\n3. Cross-site scripting vulnerability due to inadequate processing of the Expect header.",
  "link": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000992.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:hitachi:cosminexus_application_server_enterprise",
      "@product": "Cosminexus Application Server Enterprise",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_application_server_standard",
      "@product": "Cosminexus Application Server Standard",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_application_server_version_5",
      "@product": "Cosminexus Application Server Version 5",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_light_version_6",
      "@product": "Cosminexus Developer Light Version 6",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_professional_version_6",
      "@product": "Cosminexus Developer Professional Version 6",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_standard_version_6",
      "@product": "Cosminexus Developer Standard Version 6",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_version_5",
      "@product": "Cosminexus Developer Version 5",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_enterprise_edition",
      "@product": "Cosminexus Server - Enterprise Edition",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_standard_edition",
      "@product": "Cosminexus Server - Standard Edition",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_standard_edition_version_4",
      "@product": "Cosminexus Server - Standard Edition Version 4",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_web_edition",
      "@product": "Cosminexus Server - Web Edition",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_web_edition_version_4",
      "@product": "Cosminexus Server - Web Edition Version 4",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:hitachi_web_server",
      "@product": "Hitachi Web Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server_enterprise",
      "@product": "uCosminexus Application Server Enterprise",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server_smart_edition",
      "@product": "uCosminexus Application Server Smart Edition",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server_standard",
      "@product": "uCosminexus Application Server Standard",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer",
      "@product": "uCosminexus Developer",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer_light",
      "@product": "uCosminexus Developer Light",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer_standard",
      "@product": "uCosminexus Developer Standard",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_service_architect",
      "@product": "uCosminexus Service Architect",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_service_platform",
      "@product": "uCosminexus Service Platform",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "5.0",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2006-000992",
  "sec:references": [
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969",
      "@id": "CVE-2005-2969",
      "@source": "CVE"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352",
      "@id": "CVE-2005-3352",
      "@source": "CVE"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3918",
      "@id": "CVE-2006-3918",
      "@source": "CVE"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0514",
      "@id": "CVE-2007-0514",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2969",
      "@id": "CVE-2005-2969",
      "@source": "NVD"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3352",
      "@id": "CVE-2005-3352",
      "@source": "NVD"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3918",
      "@id": "CVE-2006-3918",
      "@source": "NVD"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0514",
      "@id": "CVE-2007-0514",
      "@source": "NVD"
    },
    {
      "#text": "http://jvndb.jvn.jp/ja/contents/2006/JVNDB-2006-000992.html",
      "@id": "JVNDB-2006-000992",
      "@source": "JVNDB_Ja"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-noinfo",
      "@title": "No Mapping(CWE-noinfo)"
    }
  ],
  "title": "Multiple Vulnerabilities Concerning Hitachi Web Server"
}

jvndb-2011-001633

Vulnerability from jvndb

Published

2011-06-29 17:54

Modified

2014-05-21 18:21

Severity ?

() - -

Summary

Header Customization by Hitachi Web Server RequetHeader Directive Could Allow Attacker to Access Data Deleted from Memory

Details

When using the header customization function through the RequestHeader directive of Hitachi Web Server, if the RequestHeader directive is defined and the mod_headers module is being used through the LoadModule directive, it could allow an attacker to gain access to the data that have been deleted from the memory. If the header customization function of the RequestHeader directive is not used, the vulnerability does not apply.

References

▼	Type	URL
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0434
	No Mapping(CWE-noinfo)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	Hitachi, Ltd	Hitachi Web Server

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-001633.html",
  "dc:date": "2014-05-21T18:21+09:00",
  "dcterms:issued": "2011-06-29T17:54+09:00",
  "dcterms:modified": "2014-05-21T18:21+09:00",
  "description": "When using the header customization function through the RequestHeader directive of Hitachi Web Server, if the RequestHeader directive is defined and the mod_headers module is being used through the LoadModule directive, it could allow an attacker to gain access to the data that have been deleted from the memory.\r\nIf the header customization function of the RequestHeader directive is not used, the vulnerability does not apply.",
  "link": "https://jvndb.jvn.jp/en/contents/2011/JVNDB-2011-001633.html",
  "sec:cpe": {
    "#text": "cpe:/a:hitachi:hitachi_web_server",
    "@product": "Hitachi Web Server",
    "@vendor": "Hitachi, Ltd",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "5.1",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2011-001633",
  "sec:references": [
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0434",
      "@id": "CVE-2010-0434",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0434",
      "@id": "CVE-2010-0434",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-noinfo",
      "@title": "No Mapping(CWE-noinfo)"
    }
  ],
  "title": "Header Customization by Hitachi Web Server RequetHeader Directive Could Allow Attacker to Access Data Deleted from Memory"
}

jvndb-2009-001740

Vulnerability from jvndb

Published

2009-07-14 10:17

Modified

2014-05-21 18:24

Severity ?

() - -

Summary

Hitachi Web Server Reverse Proxy Denial of Service (DoS) Vulnerability

Details

Hitachi Web Server contains a vulnerability that could lead to a denial of service (DoS) condition when using it as a reverse proxy due to excessive memory usage.

References

▼	Type	URL
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2364
	No Mapping(CWE-noinfo)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	Hitachi, Ltd	Hitachi Web Server
	Hitachi, Ltd	uCosminexus Application Server Enterprise
	Hitachi, Ltd	uCosminexus Application Server Standard
	Hitachi, Ltd	uCosminexus Developer
	Hitachi, Ltd	uCosminexus Developer Standard
	Hitachi, Ltd	uCosminexus Service Architect
	Hitachi, Ltd	uCosminexus Service Platform

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-001740.html",
  "dc:date": "2014-05-21T18:24+09:00",
  "dcterms:issued": "2009-07-14T10:17+09:00",
  "dcterms:modified": "2014-05-21T18:24+09:00",
  "description": "Hitachi Web Server contains a vulnerability that could lead to a denial\r\nof service (DoS) condition when using it as a reverse proxy due to\r\nexcessive memory usage.",
  "link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-001740.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:hitachi:hitachi_web_server",
      "@product": "Hitachi Web Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server_enterprise",
      "@product": "uCosminexus Application Server Enterprise",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server_standard",
      "@product": "uCosminexus Application Server Standard",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer",
      "@product": "uCosminexus Developer",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer_standard",
      "@product": "uCosminexus Developer Standard",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_service_architect",
      "@product": "uCosminexus Service Architect",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_service_platform",
      "@product": "uCosminexus Service Platform",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "2.6",
    "@severity": "Low",
    "@type": "Base",
    "@vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2009-001740",
  "sec:references": [
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2364",
      "@id": "CVE-2008-2364",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2364",
      "@id": "CVE-2008-2364",
      "@source": "NVD"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-noinfo",
      "@title": "No Mapping(CWE-noinfo)"
    }
  ],
  "title": "Hitachi Web Server Reverse Proxy Denial of Service (DoS) Vulnerability"
}

jvndb-2007-001022

Vulnerability from jvndb

Published

2008-05-21 00:00

Modified

2009-11-16 11:52

Severity ?

() - -

Summary

Apache UTF-7 Encoding Cross-Site Scripting Vulnerability

Details

The mod_autoindex.c module in Apache HTTP Server is vulnerable to a cross-site scripting attack. When the charset on a server-generated page is undefined, the vulnerability allows attackers to inject arbitrary scripts or HTML via the P parameter using the UTF-7 charset.

References

▼	Type	URL
	JVNTR	http://jvn.jp/en/tr/TRTA08-150A/index.html
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465
	NVD	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4465
	CERT-SA	http://www.us-cert.gov/cas/alerts/SA08-150A.html
	CERT-TA	http://www.us-cert.gov/cas/techalerts/TA08-150A.html
	BID	http://www.securityfocus.com/bid/25653
	XF	http://xforce.iss.net/xforce/xfdb/36586
	SECTRACK	http://www.securitytracker.com/id?1019194
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	Apache Software Foundation	Apache HTTP Server
	FUJITSU	Interstage Application Framework Suite
	FUJITSU	Interstage Application Server
	FUJITSU	Interstage Apworks
	FUJITSU	Interstage Business Application Server
	FUJITSU	Interstage Job Workload Server
	FUJITSU	Interstage Studio
	FUJITSU	Interstage Web Server
	FUJITSU	Systemwalker Resource Coordinator
	Hitachi, Ltd	Hitachi Web Server
	Hitachi, Ltd	uCosminexus Application Server
	Hitachi, Ltd	uCosminexus Service
	Apple Inc.	Apple Mac OS X Server
	Hewlett-Packard Development Company,L.P	HP-UX
	Cybertrust Japan Co., Ltd.	Asianux Server
	Red Hat, Inc.	Red Hat Enterprise Linux
	Red Hat, Inc.	Red Hat Enterprise Linux Desktop
	Red Hat, Inc.	Red Hat Linux Advanced Workstation
	Red Hat, Inc.	RHEL Desktop Workstation
	Turbolinux, Inc.	Turbolinux Appliance Server
	Turbolinux, Inc.	Turbolinux FUJI
	Turbolinux, Inc.	Turbolinux Multimedia
	Turbolinux, Inc.	Turbolinux Personal
	Turbolinux, Inc.	Turbolinux Server

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-001022.html",
  "dc:date": "2009-11-16T11:52+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2009-11-16T11:52+09:00",
  "description": "The mod_autoindex.c module in Apache HTTP Server is vulnerable to a cross-site scripting attack. When the charset on a server-generated page is undefined, the vulnerability allows attackers to inject arbitrary scripts or HTML via the P parameter using the UTF-7 charset.",
  "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-001022.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:apache:http_server",
      "@product": "Apache HTTP Server",
      "@vendor": "Apache Software Foundation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_application_framework_suite",
      "@product": "Interstage Application Framework Suite",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_application_server",
      "@product": "Interstage Application Server",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_apworks",
      "@product": "Interstage Apworks",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_business_application_server",
      "@product": "Interstage Business Application Server",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_job_workload_server",
      "@product": "Interstage Job Workload Server",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_studio",
      "@product": "Interstage Studio",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_web_server",
      "@product": "Interstage Web Server",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:systemwalker_resource_coordinator",
      "@product": "Systemwalker Resource Coordinator",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:hitachi_web_server",
      "@product": "Hitachi Web Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server",
      "@product": "uCosminexus Application Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_service",
      "@product": "uCosminexus Service",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:apple:mac_os_x_server",
      "@product": "Apple Mac OS X Server",
      "@vendor": "Apple Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:hp:hp-ux",
      "@product": "HP-UX",
      "@vendor": "Hewlett-Packard Development Company,L.P",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:misc:miraclelinux_asianux_server",
      "@product": "Asianux Server",
      "@vendor": "Cybertrust Japan Co., Ltd.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux",
      "@product": "Red Hat Enterprise Linux",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:enterprise_linux_desktop",
      "@product": "Red Hat Enterprise Linux Desktop",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:linux_advanced_workstation",
      "@product": "Red Hat Linux Advanced Workstation",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:redhat:rhel_desktop_workstation",
      "@product": "RHEL Desktop Workstation",
      "@vendor": "Red Hat, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_appliance_server",
      "@product": "Turbolinux Appliance Server",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_fuji",
      "@product": "Turbolinux FUJI",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_multimedia",
      "@product": "Turbolinux Multimedia",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_personal",
      "@product": "Turbolinux Personal",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:turbolinux:turbolinux_server",
      "@product": "Turbolinux Server",
      "@vendor": "Turbolinux, Inc.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "4.3",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2007-001022",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/tr/TRTA08-150A/index.html",
      "@id": "TRTA08-150A",
      "@source": "JVNTR"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465",
      "@id": "CVE-2007-4465",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4465",
      "@id": "CVE-2007-4465",
      "@source": "NVD"
    },
    {
      "#text": "http://www.us-cert.gov/cas/alerts/SA08-150A.html",
      "@id": "SA08-150A",
      "@source": "CERT-SA"
    },
    {
      "#text": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html",
      "@id": "TA08-150A",
      "@source": "CERT-TA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/25653",
      "@id": "25653",
      "@source": "BID"
    },
    {
      "#text": "http://xforce.iss.net/xforce/xfdb/36586",
      "@id": "36586",
      "@source": "XF"
    },
    {
      "#text": "http://www.securitytracker.com/id?1019194",
      "@id": "1019194",
      "@source": "SECTRACK"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    }
  ],
  "title": "Apache UTF-7 Encoding Cross-Site Scripting Vulnerability"
}

jvndb-2019-004441

Vulnerability from jvndb

Published

2019-06-03 13:55

Modified

2019-06-03 13:55

Summary

Vulnerability in Cosminexus HTTP Server and Hitachi Web Server

Details

A vulnerability (CVE-2019-0220) exists in Cosminexus HTTP Server and Hitachi Web Server.

References

▼	Type	URL

Impacted products

▼	Vendor	Product
	Hitachi, Ltd	Cosminexus HTTP Server
	Hitachi, Ltd	Hitachi Application Server
	Hitachi, Ltd	Hitachi Application Server for Developers
	Hitachi, Ltd	Hitachi Web Server
	Hitachi, Ltd	uCosminexus Application Server
	Hitachi, Ltd	uCosminexus Developer
	Hitachi, Ltd	uCosminexus Primary Server
	Hitachi, Ltd	uCosminexus Service

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-004441.html",
  "dc:date": "2019-06-03T13:55+09:00",
  "dcterms:issued": "2019-06-03T13:55+09:00",
  "dcterms:modified": "2019-06-03T13:55+09:00",
  "description": "A vulnerability (CVE-2019-0220) exists in Cosminexus HTTP Server and Hitachi Web Server.",
  "link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-004441.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:hitachi:cosminexus_http_server",
      "@product": "Cosminexus HTTP Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:hitachi_application_server",
      "@product": "Hitachi Application Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:hitachi_application_server_for_developers",
      "@product": "Hitachi Application Server for Developers",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:hitachi_web_server",
      "@product": "Hitachi Web Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server",
      "@product": "uCosminexus Application Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer",
      "@product": "uCosminexus Developer",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_primary_server",
      "@product": "uCosminexus Primary Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_service",
      "@product": "uCosminexus Service",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    }
  ],
  "sec:identifier": "JVNDB-2019-004441",
  "sec:references": {
    "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
    "@id": "CWE-noinfo",
    "@title": "No Mapping(CWE-noinfo)"
  },
  "title": "Vulnerability in Cosminexus HTTP Server and Hitachi Web Server"
}

jvndb-2010-001519

Vulnerability from jvndb

Published

2010-06-22 11:23

Modified

2010-06-22 11:23

Severity ?

() - -

Summary

Improper Authentication Vulnerability in Handling of Revoked Certificate in Hitachi Web Server SSL Client Authentication

Details

SSL client authentication in Hitachi Web Server has a vulnerability which allows an attacker to access a Hitachi Web Server using the client certificates registered in the Certification Revocation List (CRL). This vulnerability does not apply if SSL or SSL client authentication is not in use. The vulnerability does affect the Cosminexus products bundled with Hitachi Web Server.

References

▼	Type	URL

Impacted products

▼	Vendor	Product
	Hitachi, Ltd	Hitachi Web Server

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-001519.html",
  "dc:date": "2010-06-22T11:23+09:00",
  "dcterms:issued": "2010-06-22T11:23+09:00",
  "dcterms:modified": "2010-06-22T11:23+09:00",
  "description": "SSL client authentication in Hitachi Web Server has a vulnerability which allows an attacker to access a Hitachi Web Server using the client certificates registered in the Certification Revocation List (CRL).\r\nThis vulnerability does not apply if SSL or SSL client authentication is not in use. The vulnerability does affect the Cosminexus products bundled with Hitachi Web Server.",
  "link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-001519.html",
  "sec:cpe": {
    "#text": "cpe:/a:hitachi:hitachi_web_server",
    "@product": "Hitachi Web Server",
    "@vendor": "Hitachi, Ltd",
    "@version": "2.2"
  },
  "sec:cvss": {
    "@score": "4.3",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2010-001519",
  "sec:references": {
    "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
    "@id": "CWE-287",
    "@title": "Improper Authentication(CWE-287)"
  },
  "title": "Improper Authentication Vulnerability in Handling of Revoked Certificate in Hitachi Web Server SSL Client Authentication"
}

jvndb-2007-000772

Vulnerability from jvndb

Published

2008-05-21 00:00

Modified

2014-05-23 18:32

Severity ?

() - -

Summary

Hitachi Web Server SSL Client Authentication Vulnerability

Details

Hitachi Web Server accepts an SSL certificate sent by a clinet trying to connect to the Server even if the certificate is fraudulent. The vulnerability does not affect the product if the SSL authenticaton client feature is disabled.

References

▼	Type	URL
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5810
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
	NVD	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5810
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4339
	SECUNIA	http://secunia.com/advisories/27421
	XF	http://xforce.iss.net/xforce/xfdb/28755
	FRSIRT	http://www.frsirt.com/english/advisories/2007/3666
	Improper Input Validation(CWE-20)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	Hitachi, Ltd	Cosminexus Application Server Enterprise
	Hitachi, Ltd	Cosminexus Application Server Standard
	Hitachi, Ltd	Cosminexus Application Server Version 5
	Hitachi, Ltd	Cosminexus Developer Light Version 6
	Hitachi, Ltd	Cosminexus Developer Professional Version 6
	Hitachi, Ltd	Cosminexus Developer Standard Version 6
	Hitachi, Ltd	Cosminexus Developer Version 5
	Hitachi, Ltd	Cosminexus Server - Enterprise Edition
	Hitachi, Ltd	Cosminexus Server - Standard Edition
	Hitachi, Ltd	Cosminexus Server - Standard Edition Version 4
	Hitachi, Ltd	Cosminexus Server - Web Edition
	Hitachi, Ltd	Cosminexus Server - Web Edition Version 4
	Hitachi, Ltd	Hitachi Web Server
	Hitachi, Ltd	uCosminexus Application Server Enterprise
	Hitachi, Ltd	uCosminexus Application Server Standard
	Hitachi, Ltd	uCosminexus Developer
	Hitachi, Ltd	uCosminexus Developer Light
	Hitachi, Ltd	uCosminexus Developer Standard
	Hitachi, Ltd	uCosminexus Service Architect
	Hitachi, Ltd	uCosminexus Service Platform

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000772.html",
  "dc:date": "2014-05-23T18:32+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2014-05-23T18:32+09:00",
  "description": "Hitachi Web Server accepts an SSL certificate sent by a clinet trying to connect to the Server even if the certificate is fraudulent.\r\n\r\nThe vulnerability does not affect the product if the SSL authenticaton client feature is disabled.",
  "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000772.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:hitachi:cosminexus_application_server_enterprise",
      "@product": "Cosminexus Application Server Enterprise",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_application_server_standard",
      "@product": "Cosminexus Application Server Standard",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_application_server_version_5",
      "@product": "Cosminexus Application Server Version 5",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_light_version_6",
      "@product": "Cosminexus Developer Light Version 6",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_professional_version_6",
      "@product": "Cosminexus Developer Professional Version 6",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_standard_version_6",
      "@product": "Cosminexus Developer Standard Version 6",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_version_5",
      "@product": "Cosminexus Developer Version 5",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_enterprise_edition",
      "@product": "Cosminexus Server - Enterprise Edition",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_standard_edition",
      "@product": "Cosminexus Server - Standard Edition",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_standard_edition_version_4",
      "@product": "Cosminexus Server - Standard Edition Version 4",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_web_edition",
      "@product": "Cosminexus Server - Web Edition",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_web_edition_version_4",
      "@product": "Cosminexus Server - Web Edition Version 4",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:hitachi_web_server",
      "@product": "Hitachi Web Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server_enterprise",
      "@product": "uCosminexus Application Server Enterprise",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server_standard",
      "@product": "uCosminexus Application Server Standard",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer",
      "@product": "uCosminexus Developer",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer_light",
      "@product": "uCosminexus Developer Light",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer_standard",
      "@product": "uCosminexus Developer Standard",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_service_architect",
      "@product": "uCosminexus Service Architect",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_service_platform",
      "@product": "uCosminexus Service Platform",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "5.0",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2007-000772",
  "sec:references": [
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5810",
      "@id": "CVE-2007-5810",
      "@source": "CVE"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339",
      "@id": "CVE-2006-4339",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5810",
      "@id": "CVE-2007-5810",
      "@source": "NVD"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4339",
      "@id": "CVE-2006-4339",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/27421",
      "@id": "SA27421",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://xforce.iss.net/xforce/xfdb/28755",
      "@id": "28755",
      "@source": "XF"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2007/3666",
      "@id": "FrSIRT/ADV-2007-3666",
      "@source": "FRSIRT"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-20",
      "@title": "Improper Input Validation(CWE-20)"
    }
  ],
  "title": "Hitachi Web Server SSL Client Authentication Vulnerability"
}

All the vulnerabilites related to Hitachi, Ltd - Hitachi Web Server

Vulnerability from jvndb

Vulnerability from jvndb

Vulnerability from jvndb

Vulnerability from jvndb

Vulnerability from jvndb

Vulnerability from jvndb

Vulnerability from jvndb

Vulnerability from jvndb

Vulnerability from jvndb

Vulnerability from jvndb

Vulnerability from jvndb

Vulnerability from jvndb

Vulnerability from jvndb

Vulnerability from jvndb

Vulnerability from jvndb

Vulnerability from jvndb

Vulnerability from jvndb