All the vulnerabilites related to Hitachi, Ltd - uCosminexus Application Server
jvndb-2021-001345
Vulnerability from jvndb
Published
2021-04-13 16:46
Modified
2021-04-13 16:46
Summary
Information Disclosure Vulnerability in Cosminexus
Details
An Information Disclosure Vulnerability was found in Cosminexus.
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-001345.html",
"dc:date": "2021-04-13T16:46+09:00",
"dcterms:issued": "2021-04-13T16:46+09:00",
"dcterms:modified": "2021-04-13T16:46+09:00",
"description": "An Information Disclosure Vulnerability was found in Cosminexus.",
"link": "https://jvndb.jvn.jp/en/contents/2021/JVNDB-2021-001345.html",
"sec:cpe": [
{
"#text": "cpe:/a:hitachi:cosminexus_component_container",
"@product": "Cosminexus Component Container",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server",
"@product": "uCosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server_enterprise",
"@product": "uCosminexus Application Server Enterprise",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server_standard",
"@product": "uCosminexus Application Server Standard",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer",
"@product": "uCosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer_professional",
"@product": "uCosminexus Developer Professional",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer_standard",
"@product": "uCosminexus Developer Standard",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service_architect",
"@product": "uCosminexus Service Architect",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service_platform",
"@product": "uCosminexus Service Platform",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
}
],
"sec:identifier": "JVNDB-2021-001345",
"sec:references": {
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
},
"title": "Information Disclosure Vulnerability in Cosminexus"
}
jvndb-2007-000297
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-07-11 13:47
Summary
Apache Tomcat Accept-Language Header Cross-Site Scripting Vulnerability
Details
Apache Tomcat from the Apache Software Foundation contains a cross-site scripting vulnerability in the Accept-Language header handling.
Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.
Apache Tomcat contains a cross-site scripting vulnerability. It occurs when the value of the Accept-Language header sent from a client is non-standard.
The vendor has confirmed that this vulnerability occurs when an outdated version of Flash is used.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000297.html",
"dc:date": "2008-07-11T13:47+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-07-11T13:47+09:00",
"description": "Apache Tomcat from the Apache Software Foundation contains a cross-site scripting vulnerability in the Accept-Language header handling.\r\n\r\nApache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.\r\n\r\nApache Tomcat contains a cross-site scripting vulnerability. It occurs when the value of the Accept-Language header sent from a client is non-standard.\r\n\r\nThe vendor has confirmed that this vulnerability occurs when an outdated version of Flash is used.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000297.html",
"sec:cpe": [
{
"#text": "cpe:/a:apache:tomcat",
"@product": "Apache Tomcat",
"@vendor": "Apache Software Foundation",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_application_framework_suite",
"@product": "Interstage Application Framework Suite",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_application_server",
"@product": "Interstage Application Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_apworks",
"@product": "Interstage Apworks",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_business_application_server",
"@product": "Interstage Business Application Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_job_workload_server",
"@product": "Interstage Job Workload Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_web_server",
"@product": "Interstage Web Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_application_server",
"@product": "Cosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_developer",
"@product": "Cosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server",
"@product": "uCosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer",
"@product": "uCosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service",
"@product": "uCosminexus Service",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:nec:webotx_application_server",
"@product": "WebOTX Application Server",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x_server",
"@product": "Apple Mac OS X Server",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:hp:hp-ux",
"@product": "HP-UX",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:sun:solaris",
"@product": "Sun Solaris",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000297",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN16535199/index.html",
"@id": "JVN#16535199",
"@source": "JVN"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1358",
"@id": "CVE-2007-1358",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1358",
"@id": "CVE-2007-1358",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/25721",
"@id": "SA25721",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/24524",
"@id": "24524",
"@source": "BID"
},
{
"#text": "http://www.securitytracker.com/id?1018269",
"@id": "1018269",
"@source": "SECTRACK"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/1729",
"@id": "FrSIRT/ADV-2007-1729",
"@source": "FRSIRT"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Apache Tomcat Accept-Language Header Cross-Site Scripting Vulnerability"
}
jvndb-2009-002475
Vulnerability from jvndb
Published
2010-02-09 14:03
Modified
2010-02-09 14:03
Summary
Buffer Overflow Vulnerability in Cosminexus, Processing Kit for XML and Hitachi Developer's Kit for Java
Details
Cosminexus, Processing Kit for XML and Hitachi Developer's Kit for Java have a buffer overflow vulnerability when processing image files in Java applications.
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-002475.html",
"dc:date": "2010-02-09T14:03+09:00",
"dcterms:issued": "2010-02-09T14:03+09:00",
"dcterms:modified": "2010-02-09T14:03+09:00",
"description": "Cosminexus, Processing Kit for XML and Hitachi Developer\u0027s Kit for Java have a buffer overflow vulnerability when processing image files in Java applications.",
"link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-002475.html",
"sec:cpe": [
{
"#text": "cpe:/a:hitachi:cosminexus_application_server",
"@product": "Cosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_client",
"@product": "Cosminexus Client ",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_developer",
"@product": "Cosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_opentp1",
"@product": "Cosminexus/OpenTP1",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_server",
"@product": "Cosminexus Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_studio",
"@product": "Cosminexus Studio",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:electronic_form_workflow",
"@product": "Electronic Form Workflow",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:groupmax_collaboration",
"@product": "Groupmax Collaboration",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:hitachi_developers_kit_for_java",
"@product": "Hitachi Developer\u0027s Kit for Java",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:processing_kit_for_xml",
"@product": "Processing Kit for XML",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server",
"@product": "uCosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_client",
"@product": "uCosminexus Client",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_collaboration",
"@product": "uCosminexus Collaboration",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer",
"@product": "uCosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_navigation",
"@product": "uCosminexus Navigation",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_opentp1",
"@product": "uCosminexus/OpenTP1 ",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_operator",
"@product": "uCosminexus Operator",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service",
"@product": "uCosminexus Service",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2009-002475",
"sec:references": {
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
},
"title": "Buffer Overflow Vulnerability in Cosminexus, Processing Kit for XML and Hitachi Developer\u0027s Kit for Java"
}
jvndb-2024-009498
Vulnerability from jvndb
Published
2024-10-01 16:01
Modified
2024-10-01 16:01
Summary
Vulnerability in Cosminexus
Details
Vulnerability has been found in Cosminexus.
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-009498.html",
"dc:date": "2024-10-01T16:01+09:00",
"dcterms:issued": "2024-10-01T16:01+09:00",
"dcterms:modified": "2024-10-01T16:01+09:00",
"description": "Vulnerability has been found in Cosminexus.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-009498.html",
"sec:cpe": [
{
"#text": "cpe:/a:hitachi:hitachi_application_server_r",
"@product": "uCosminexus Application Server-R",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server",
"@product": "uCosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer",
"@product": "uCosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_primary_server_base",
"@product": "uCosminexus Primary Server Base",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service_architect",
"@product": "uCosminexus Service Architect",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service_platform",
"@product": "uCosminexus Service Platform",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
}
],
"sec:identifier": "JVNDB-2024-009498",
"sec:references": {
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-24549",
"@id": "CVE-2024-24549",
"@source": "CVE"
},
"title": "Vulnerability in Cosminexus"
}
jvndb-2020-005743
Vulnerability from jvndb
Published
2020-06-22 15:40
Modified
2020-06-22 15:40
Summary
Vulnerability in Cosminexus HTTP Server
Details
A vulnerability (CVE-2019-1551) exists in Cosminexus HTTP Server.
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-005743.html",
"dc:date": "2020-06-22T15:40+09:00",
"dcterms:issued": "2020-06-22T15:40+09:00",
"dcterms:modified": "2020-06-22T15:40+09:00",
"description": "A vulnerability (CVE-2019-1551) exists in Cosminexus HTTP Server.",
"link": "https://jvndb.jvn.jp/en/contents/2020/JVNDB-2020-005743.html",
"sec:cpe": [
{
"#text": "cpe:/a:hitachi:cosminexus_http_server",
"@product": "Cosminexus HTTP Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server",
"@product": "uCosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer",
"@product": "uCosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_primary_server",
"@product": "uCosminexus Primary Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service_architect",
"@product": "uCosminexus Service Architect",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service_platform",
"@product": "uCosminexus Service Platform",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
}
],
"sec:identifier": "JVNDB-2020-005743",
"sec:references": {
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
},
"title": "Vulnerability in Cosminexus HTTP Server"
}
jvndb-2007-001091
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Cosminexus Application Server Incorrect Group Permission Handling Vulnerability
Details
When a logical J2EE server or logical user server is started from Cosminexus Manager in Cosminexus Application Server, Cosminexus Manager may assign the wrong user's group permissions to an activated server process.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-001091.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "When a logical J2EE server or logical user server is started from Cosminexus Manager in Cosminexus Application Server, Cosminexus Manager may assign the wrong user\u0027s group permissions to an activated server process.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-001091.html",
"sec:cpe": [
{
"#text": "cpe:/a:hitachi:cosminexus_application_server",
"@product": "Cosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:electronic_form_workflow",
"@product": "Electronic Form Workflow",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server",
"@product": "uCosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service",
"@product": "uCosminexus Service",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.6",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-001091",
"sec:references": [
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4564",
"@id": "CVE-2007-4564",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4564",
"@id": "CVE-2007-4564",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/26589",
"@id": "SA26589",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/25434",
"@id": "25434",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/36245",
"@id": "36245",
"@source": "XF"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Cosminexus Application Server Incorrect Group Permission Handling Vulnerability"
}
jvndb-2019-004441
Vulnerability from jvndb
Published
2019-06-03 13:55
Modified
2019-06-03 13:55
Summary
Vulnerability in Cosminexus HTTP Server and Hitachi Web Server
Details
A vulnerability (CVE-2019-0220) exists in Cosminexus HTTP Server and Hitachi Web Server.
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-004441.html",
"dc:date": "2019-06-03T13:55+09:00",
"dcterms:issued": "2019-06-03T13:55+09:00",
"dcterms:modified": "2019-06-03T13:55+09:00",
"description": "A vulnerability (CVE-2019-0220) exists in Cosminexus HTTP Server and Hitachi Web Server.",
"link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-004441.html",
"sec:cpe": [
{
"#text": "cpe:/a:hitachi:cosminexus_http_server",
"@product": "Cosminexus HTTP Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:hitachi_application_server",
"@product": "Hitachi Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:hitachi_application_server_for_developers",
"@product": "Hitachi Application Server for Developers",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:hitachi_web_server",
"@product": "Hitachi Web Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server",
"@product": "uCosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer",
"@product": "uCosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_primary_server",
"@product": "uCosminexus Primary Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service",
"@product": "uCosminexus Service",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
}
],
"sec:identifier": "JVNDB-2019-004441",
"sec:references": {
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
},
"title": "Vulnerability in Cosminexus HTTP Server and Hitachi Web Server"
}
jvndb-2019-002892
Vulnerability from jvndb
Published
2019-04-25 15:13
Modified
2019-04-25 15:13
Summary
Multiple Vulnerabilities in Cosminexus
Details
Cosminexus Developer's Kit for Java and Hitachi Developer's Kit for Java contain the following vulnerabilities:
CVE-2019-2602, CVE-2019-2684, CVE-2019-2697, CVE-2019-2698
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-002892.html",
"dc:date": "2019-04-25T15:13+09:00",
"dcterms:issued": "2019-04-25T15:13+09:00",
"dcterms:modified": "2019-04-25T15:13+09:00",
"description": "Cosminexus Developer\u0027s Kit for Java and Hitachi Developer\u0027s Kit for Java contain the following vulnerabilities: \r\n\r\nCVE-2019-2602, CVE-2019-2684, CVE-2019-2697, CVE-2019-2698",
"link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-002892.html",
"sec:cpe": [
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server",
"@product": "uCosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_client",
"@product": "uCosminexus Client",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer",
"@product": "uCosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service_architect",
"@product": "uCosminexus Service Architect",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service_platform",
"@product": "uCosminexus Service Platform",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
}
],
"sec:identifier": "JVNDB-2019-002892",
"sec:references": [
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2602",
"@id": "CVE-2019-2602",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2684",
"@id": "CVE-2019-2684",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2697",
"@id": "CVE-2019-2697",
"@source": "CVE"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-2698",
"@id": "CVE-2019-2698",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-2602",
"@id": "CVE-2019-2602",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-2684",
"@id": "CVE-2019-2684",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-2697",
"@id": "CVE-2019-2697",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2019-2698",
"@id": "CVE-2019-2698",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
}
],
"title": "Multiple Vulnerabilities in Cosminexus"
}
jvndb-2007-000702
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Cosminexus Developer's Kit for Java Buffer Overflow and Denial of Service Vulnerabilities
Details
The image-processing APIs in Cosminexus Developer's Kit for Java is vulnerable to buffer overflow and a Denial od Service (DoS).
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000702.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "The image-processing APIs in Cosminexus Developer\u0027s Kit for Java is vulnerable to buffer overflow and a Denial od Service (DoS).",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000702.html",
"sec:cpe": [
{
"#text": "cpe:/a:hitachi:cosminexus_application_server",
"@product": "Cosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_client",
"@product": "Cosminexus Client ",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_collaboration",
"@product": "Cosminexus Collaboration",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_developer",
"@product": "Cosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_developers_kit_for_java",
"@product": "Cosminexus Developer\u0027s Kit for Java(TM)",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_erp_integrator",
"@product": "Cosminexus ERP Integrator",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_opentp1",
"@product": "Cosminexus/OpenTP1",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_server",
"@product": "Cosminexus Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_studio",
"@product": "Cosminexus Studio",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:electronic_form_workflow",
"@product": "Electronic Form Workflow",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:groupmax_collaboration",
"@product": "Groupmax Collaboration",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:hitachi_developers_kit_for_java",
"@product": "Hitachi Developer\u0027s Kit for Java",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:processing_kit_for_xml",
"@product": "Processing Kit for XML",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server",
"@product": "uCosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_client",
"@product": "uCosminexus Client",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_collaboration",
"@product": "uCosminexus Collaboration",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer",
"@product": "uCosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_erp_integrator",
"@product": "uCosminexus ERP Integrator",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_opentp1",
"@product": "uCosminexus/OpenTP1 ",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_operator",
"@product": "uCosminexus Operator",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service",
"@product": "uCosminexus Service",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000702",
"sec:references": [
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4758",
"@id": "CVE-2007-4758",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4758",
"@id": "CVE-2007-4758",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/26538",
"@id": "SA26538",
"@source": "SECUNIA"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/36618",
"@id": "36618",
"@source": "XF"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/3034",
"@id": "FrSIRT/ADV-2007-3034",
"@source": "FRSIRT"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
}
],
"title": "Cosminexus Developer\u0027s Kit for Java Buffer Overflow and Denial of Service Vulnerabilities"
}
jvndb-2009-001545
Vulnerability from jvndb
Published
2009-07-07 11:12
Modified
2009-07-07 11:12
Summary
Cosminexus Processing Kit for XML and Hitachi Developer's Kit for Java Possible Unauthorized Access through Zip File Scanning Utility
Details
Cosminexus Processing Kit for XML and Hitachi Developer's Kit for Java
have a vulnerability that allows unauthorized access through a zip file
scanning API.
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-001545.html",
"dc:date": "2009-07-07T11:12+09:00",
"dcterms:issued": "2009-07-07T11:12+09:00",
"dcterms:modified": "2009-07-07T11:12+09:00",
"description": "Cosminexus Processing Kit for XML and Hitachi Developer\u0027s Kit for Java\r\nhave a vulnerability that allows unauthorized access through a zip file\r\nscanning API.",
"link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-001545.html",
"sec:cpe": [
{
"#text": "cpe:/a:hitachi:cosminexus_application_server",
"@product": "Cosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:electronic_form_workflow",
"@product": "Electronic Form Workflow",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:hitachi_developers_kit_for_java",
"@product": "Hitachi Developer\u0027s Kit for Java",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:processing_kit_for_xml",
"@product": "Processing Kit for XML",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server",
"@product": "uCosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "10.0",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2009-001545",
"sec:references": {
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
},
"title": "Cosminexus Processing Kit for XML and Hitachi Developer\u0027s Kit for Java Possible Unauthorized Access through Zip File Scanning Utility"
}
jvndb-2007-000710
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Cosminexus Denial of Service Vulnerability
Details
JSSE (Java Secure Socket Extension) in Cosminexua Developer's Kit for Java may fall into a denial of service condition when it handles an improper SSL/TLS handshake request. An attacker could exploit this vulnerability and cause a denial of service on the systems that establish an SSL/TLS connection using JSSE API.
References
| ▼ | Type | URL |
|---|---|---|
| CVE | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5281 | |
| NVD | http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5281 | |
| SECUNIA | http://secunia.com/advisories/27075 | |
| BID | http://www.securityfocus.com/bid/25935 | |
| XF | http://xforce.iss.net/xforce/xfdb/36965 | |
| FRSIRT | http://www.frsirt.com/english/advisories/2007/3375 | |
| No Mapping(CWE-DesignError) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html | |
| Improper Input Validation(CWE-20) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000710.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "JSSE (Java Secure Socket Extension) in Cosminexua Developer\u0027s Kit for Java may fall into a denial of service condition when it handles an improper SSL/TLS handshake request. An attacker could exploit this vulnerability and cause a denial of service on the systems that establish an SSL/TLS connection using JSSE API.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000710.html",
"sec:cpe": [
{
"#text": "cpe:/a:hitachi:cosminexus_developers_kit_for_java",
"@product": "Cosminexus Developer\u0027s Kit for Java(TM)",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server",
"@product": "uCosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_client",
"@product": "uCosminexus Client",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer",
"@product": "uCosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_operator",
"@product": "uCosminexus Operator",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service",
"@product": "uCosminexus Service",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000710",
"sec:references": [
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5281",
"@id": "CVE-2007-5281",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5281",
"@id": "CVE-2007-5281",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/27075",
"@id": "SA27075",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/25935",
"@id": "25935",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/36965",
"@id": "36965",
"@source": "XF"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/3375",
"@id": "FrSIRT/ADV-2007-3375",
"@source": "FRSIRT"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-DesignError",
"@title": "No Mapping(CWE-DesignError)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "Cosminexus Denial of Service Vulnerability"
}
jvndb-2013-001321
Vulnerability from jvndb
Published
2013-02-12 14:24
Modified
2013-02-12 14:24
Summary
User Authentication Vulnerability in Operational Management Function of Cosminexus
Details
The operational management function of Cosminexus does not properly require authentication for manipulation of an operational management portal, which allows remote attackers to delete and replace applications which other users attached.
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-001321.html",
"dc:date": "2013-02-12T14:24+09:00",
"dcterms:issued": "2013-02-12T14:24+09:00",
"dcterms:modified": "2013-02-12T14:24+09:00",
"description": "The operational management function of Cosminexus does not properly require authentication for manipulation of an operational management portal, which allows remote attackers to delete and replace applications which other users attached.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-001321.html",
"sec:cpe": [
{
"#text": "cpe:/a:hitachi:cosminexus_component_container",
"@product": "Cosminexus Component Container",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server",
"@product": "uCosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server_enterprise",
"@product": "uCosminexus Application Server Enterprise",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server_smart_edition",
"@product": "uCosminexus Application Server Smart Edition",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server_standard",
"@product": "uCosminexus Application Server Standard",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer",
"@product": "uCosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer_light",
"@product": "uCosminexus Developer Light",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer_standard",
"@product": "uCosminexus Developer Standard",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service_architect",
"@product": "uCosminexus Service Architect",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service_platform",
"@product": "uCosminexus Service Platform",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-001321",
"sec:references": {
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-287",
"@title": "Improper Authentication(CWE-287)"
},
"title": "User Authentication Vulnerability in Operational Management Function of Cosminexus"
}
jvndb-2008-000016
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-10-09 13:35
Summary
Sun Java Runtime Environment (JRE) contains a vulnerability in processing XSLT transformations
Details
The Sun Microsystems Java Runtime Environment (JRE) contains a vulnerability that could allow privilege escalation in the processing of XSLT transformations.
The Sun Microsystems Java Runtime Environment (JRE) contains a vulnerability that could allow a remote attacker to elevate its privileges via an untrusted applet or application that is downloaded from a website to perform XSLT transformations on XML documents.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000016.html",
"dc:date": "2008-10-09T13:35+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-10-09T13:35+09:00",
"description": "The Sun Microsystems Java Runtime Environment (JRE) contains a vulnerability that could allow privilege escalation in the processing of XSLT transformations.\r\n\r\nThe Sun Microsystems Java Runtime Environment (JRE) contains a vulnerability that could allow a remote attacker to elevate its privileges via an untrusted applet or application that is downloaded from a website to perform XSLT transformations on XML documents.",
"link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000016.html",
"sec:cpe": [
{
"#text": "cpe:/a:hitachi:electronic_form_workflow",
"@product": "Electronic Form Workflow",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server",
"@product": "uCosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_client",
"@product": "uCosminexus Client",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer",
"@product": "uCosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_operator",
"@product": "uCosminexus Operator",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service",
"@product": "uCosminexus Service",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux Extras",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:redhat:rhel_desktop_supplementary",
"@product": "RHEL Desktop Supplementary",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:redhat:rhel_supplementary",
"@product": "RHEL Supplementary",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sun:jdk",
"@product": "JDK",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sun:jre",
"@product": "JRE",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sun:sdk",
"@product": "SDK",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x",
"@product": "Apple Mac OS X",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x_server",
"@product": "Apple Mac OS X Server",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2008-000016",
"sec:references": [
{
"#text": "http://jvn.jp/cert/JVNTA08-066A/index.html",
"@id": "JVNTA08-066A",
"@source": "JVN"
},
{
"#text": "http://jvn.jp/en/jp/JVN04032535/index.html",
"@id": "JVN#04032535",
"@source": "JVN"
},
{
"#text": "http://jvn.jp/tr/TRTA08-066A/index.html",
"@id": "TRTA08-066A",
"@source": "JVNTR"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1187",
"@id": "CVE-2008-1187",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1187",
"@id": "CVE-2008-1187",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/english/vuln/200803_JRE_press_en.html",
"@id": "Security Alert for Vulnerability In Sun JRE (Java Runtime Environment) XSLT Transformations",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "https://www.us-cert.gov/cas/alerts/SA08-066A.html",
"@id": "SA08-066A",
"@source": "CERT-SA"
},
{
"#text": "http://www.us-cert.gov/cas/techalerts/TA08-066A.html",
"@id": "TA08-066A",
"@source": "CERT-TA"
},
{
"#text": "http://secunia.com/advisories/29273",
"@id": "SA29273",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/28083",
"@id": "28083",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/41025",
"@id": "41025",
"@source": "XF"
},
{
"#text": "http://www.securitytracker.com/id?1019548",
"@id": "1019548",
"@source": "SECTRACK"
},
{
"#text": "http://www.frsirt.com/english/advisories/2008/0770",
"@id": "FrSIRT/ADV-2008-0770",
"@source": "FRSIRT"
},
{
"#text": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000016.html",
"@id": "JVNDB-2008-000016",
"@source": "JVNDB_Ja"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Sun Java Runtime Environment (JRE) contains a vulnerability in processing XSLT transformations"
}
jvndb-2019-010374
Vulnerability from jvndb
Published
2019-10-18 14:18
Modified
2019-10-18 14:18
Summary
Vulnerability in Cosminexus HTTP Server and Hitachi Web Server
Details
A vulnerability (CVE-2019-10092) exists in Cosminexus HTTP Server and Hitachi Web Server.
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-010374.html",
"dc:date": "2019-10-18T14:18+09:00",
"dcterms:issued": "2019-10-18T14:18+09:00",
"dcterms:modified": "2019-10-18T14:18+09:00",
"description": "A vulnerability (CVE-2019-10092) exists in Cosminexus HTTP Server and Hitachi Web Server.",
"link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-010374.html",
"sec:cpe": [
{
"#text": "cpe:/a:hitachi:cosminexus_http_server",
"@product": "Cosminexus HTTP Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:hitachi_application_server",
"@product": "Hitachi Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:hitachi_application_server_for_developers",
"@product": "Hitachi Application Server for Developers",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:hitachi_web_server",
"@product": "Hitachi Web Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server",
"@product": "uCosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer",
"@product": "uCosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_primary_server",
"@product": "uCosminexus Primary Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service",
"@product": "uCosminexus Service",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
}
],
"sec:identifier": "JVNDB-2019-010374",
"sec:references": {
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
},
"title": "Vulnerability in Cosminexus HTTP Server and Hitachi Web Server"
}
jvndb-2013-005669
Vulnerability from jvndb
Published
2013-12-25 19:13
Modified
2013-12-25 19:13
Summary
Xml eXternal Entity Vulnerability in Hitachi Cosminexus
Details
When using Cosminexus JAX-WS, XXE (Xml eXternal Entity) in Hitachi Cosminexus Component Container contains a vulnerability that may cause information leakage.
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-005669.html",
"dc:date": "2013-12-25T19:13+09:00",
"dcterms:issued": "2013-12-25T19:13+09:00",
"dcterms:modified": "2013-12-25T19:13+09:00",
"description": "When using Cosminexus JAX-WS, XXE (Xml eXternal Entity) in Hitachi Cosminexus Component Container contains a vulnerability that may cause information leakage.",
"link": "https://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-005669.html",
"sec:cpe": [
{
"#text": "cpe:/a:hitachi:cosminexus_component_container",
"@product": "Cosminexus Component Container",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server",
"@product": "uCosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server_enterprise",
"@product": "uCosminexus Application Server Enterprise",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server_smart_edition",
"@product": "uCosminexus Application Server Smart Edition",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server_standard",
"@product": "uCosminexus Application Server Standard",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer",
"@product": "uCosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer_light",
"@product": "uCosminexus Developer Light",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer_standard",
"@product": "uCosminexus Developer Standard",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service_architect",
"@product": "uCosminexus Service Architect",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service_platform",
"@product": "uCosminexus Service Platform",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "2.6",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2013-005669",
"sec:references": {
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
},
"title": "Xml eXternal Entity Vulnerability in Hitachi Cosminexus"
}
jvndb-2007-000819
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2013-07-18 18:58
Summary
Cross-site scripting vulnerability in Apache HTTP Server "mod_imap" and "mod_imagemap"
Details
mod_imap and mod_imagemap modules of the Apache HTTP Server are vulnerable to cross-site scripting.
The Apache HTTP Server is open source web server software. The Apache HTTP Server modules mod_imap and mod_imagemap provide server-side imagemap processing capability.
The Apache HTTP Server modules mod_imap and mod_imagemap are vulnerable to cross-site scripting.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000819.html",
"dc:date": "2013-07-18T18:58+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2013-07-18T18:58+09:00",
"description": "mod_imap and mod_imagemap modules of the Apache HTTP Server are vulnerable to cross-site scripting.\r\n\r\nThe Apache HTTP Server is open source web server software. The Apache HTTP Server modules mod_imap and mod_imagemap provide server-side imagemap processing capability.\r\nThe Apache HTTP Server modules mod_imap and mod_imagemap are vulnerable to cross-site scripting.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000819.html",
"sec:cpe": [
{
"#text": "cpe:/a:apache:http_server",
"@product": "Apache HTTP Server",
"@vendor": "Apache Software Foundation",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_application_framework_suite",
"@product": "Interstage Application Framework Suite",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_application_server",
"@product": "Interstage Application Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_apworks",
"@product": "Interstage Apworks",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_business_application_server",
"@product": "Interstage Business Application Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_job_workload_server",
"@product": "Interstage Job Workload Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_studio",
"@product": "Interstage Studio",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_web_server",
"@product": "Interstage Web Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:systemwalker_resource_coordinator",
"@product": "Systemwalker Resource Coordinator",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_application_server",
"@product": "Cosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_developer",
"@product": "Cosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_server",
"@product": "Cosminexus Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:hitachi_web_server",
"@product": "Hitachi Web Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server",
"@product": "uCosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer",
"@product": "uCosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service",
"@product": "uCosminexus Service",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:ibm:http_server",
"@product": "IBM HTTP Server",
"@vendor": "IBM Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:oracle:http_server",
"@product": "Oracle HTTP Server",
"@vendor": "Oracle Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/a:redhat:rhel_application_stack",
"@product": "Red Hat Application Stack",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/h:nec:wanbooster",
"@product": "WanBooster",
"@vendor": "NEC Corporation",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x",
"@product": "Apple Mac OS X",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x_server",
"@product": "Apple Mac OS X Server",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:hp:hp-ux",
"@product": "HP-UX",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_desktop",
"@product": "Red Hat Enterprise Linux Desktop",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:linux_advanced_workstation",
"@product": "Red Hat Linux Advanced Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:rhel_desktop_workstation",
"@product": "RHEL Desktop Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:sun:solaris",
"@product": "Sun Solaris",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_appliance_server",
"@product": "Turbolinux Appliance Server",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_fuji",
"@product": "Turbolinux FUJI",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_multimedia",
"@product": "Turbolinux Multimedia",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_personal",
"@product": "Turbolinux Personal",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_server",
"@product": "Turbolinux Server",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000819",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN80057925/index.html",
"@id": "JVN#80057925",
"@source": "JVN"
},
{
"#text": "https://jvn.jp/en/tr/TRTA08-079A/index.html",
"@id": "TRTA08-079A",
"@source": "JVNTR"
},
{
"#text": "https://jvn.jp/en/tr/TRTA08-150A/index.html",
"@id": "TRTA08-150A",
"@source": "JVNTR"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000",
"@id": "CVE-2007-5000",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5000",
"@id": "CVE-2007-5000",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/28046",
"@id": "SA28046",
"@source": "SECUNIA"
},
{
"#text": "http://secunia.com/advisories/28073",
"@id": "SA28073",
"@source": "SECUNIA"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/4201",
"@id": "FrSIRT/ADV-2007-4201",
"@source": "FRSIRT"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/4202",
"@id": "FrSIRT/ADV-2007-4202",
"@source": "FRSIRT"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Cross-site scripting vulnerability in Apache HTTP Server \"mod_imap\" and \"mod_imagemap\""
}
jvndb-2007-000701
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Cosminexus, Processing Kit for XML and Hitachi Developer's Kit for Java Buffer Overflow Vulnerabilities
Details
Cosminexus, Processing Kit for XML and Hitachi Developer's Kit for Java may suffer from buffer overflow when a Java application handles GIF images with the image-processing APIs.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000701.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Cosminexus, Processing Kit for XML and Hitachi Developer\u0027s Kit for Java may suffer from buffer overflow when a Java application handles GIF images with the image-processing APIs.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000701.html",
"sec:cpe": [
{
"#text": "cpe:/a:hitachi:cosminexus_application_server",
"@product": "Cosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_client",
"@product": "Cosminexus Client ",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_collaboration",
"@product": "Cosminexus Collaboration",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_developer",
"@product": "Cosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_developers_kit_for_java",
"@product": "Cosminexus Developer\u0027s Kit for Java(TM)",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_erp_integrator",
"@product": "Cosminexus ERP Integrator",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_opentp1",
"@product": "Cosminexus/OpenTP1",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_server",
"@product": "Cosminexus Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_studio",
"@product": "Cosminexus Studio",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:electronic_form_workflow",
"@product": "Electronic Form Workflow",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:groupmax_collaboration",
"@product": "Groupmax Collaboration",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:hitachi_developers_kit_for_java",
"@product": "Hitachi Developer\u0027s Kit for Java",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:processing_kit_for_xml",
"@product": "Processing Kit for XML",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server",
"@product": "uCosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_client",
"@product": "uCosminexus Client",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_collaboration",
"@product": "uCosminexus Collaboration",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer",
"@product": "uCosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_erp_integrator",
"@product": "uCosminexus ERP Integrator",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_opentp1",
"@product": "uCosminexus/OpenTP1 ",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_operator",
"@product": "uCosminexus Operator",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service",
"@product": "uCosminexus Service",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000701",
"sec:references": [
{
"#text": "http://jvn.jp/cert/JVNTA07-022A/index.html",
"@id": "JVNTA07-022A",
"@source": "JVN"
},
{
"#text": "http://jvn.jp/tr/TRTA07-022A/index.html",
"@id": "TRTA07-022A",
"@source": "JVNTR"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3794",
"@id": "CVE-2007-3794",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3794",
"@id": "CVE-2007-3794",
"@source": "NVD"
},
{
"#text": "http://www.us-cert.gov/cas/alerts/SA07-022A.html",
"@id": "SA07-022A",
"@source": "CERT-SA"
},
{
"#text": "http://www.us-cert.gov/cas/techalerts/TA07-022A.html",
"@id": "TA07-022A",
"@source": "CERT-TA"
},
{
"#text": "http://secunia.com/advisories/26025",
"@id": "SA26025",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/24905",
"@id": "24905",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/36022",
"@id": "36022",
"@source": "XF"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/2534",
"@id": "FrSIRT/ADV-2007-2534",
"@source": "FRSIRT"
}
],
"title": "Cosminexus, Processing Kit for XML and Hitachi Developer\u0027s Kit for Java Buffer Overflow Vulnerabilities"
}
jvndb-2024-002961
Vulnerability from jvndb
Published
2024-03-13 12:10
Modified
2024-03-13 12:10
Severity ?
Summary
Information Exposure Vulnerability in Cosminexus Component Container
Details
An information exposure vulnerability (CVE-2023-6814) exists in Cosminexus Component Container.
Affected products and versions are listed below. Please upgrade your version to the appropriate version.
These vulnerabilities exist in Cosminexus Component Container which is a component product of other Hitachi products.
For details about the fixed version about Cosminexus products, contact your Hitachi support service representative.
References
| ▼ | Type | URL |
|---|---|---|
| CVE | https://www.cve.org/CVERecord?id=CVE-2023-6814 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2023-6814 | |
| Information Exposure Through Log Files(CWE-532) | https://cwe.mitre.org/data/definitions/532.html |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-002961.html",
"dc:date": "2024-03-13T12:10+09:00",
"dcterms:issued": "2024-03-13T12:10+09:00",
"dcterms:modified": "2024-03-13T12:10+09:00",
"description": "An information exposure vulnerability (CVE-2023-6814) exists in Cosminexus Component Container.\r\n\r\nAffected products and versions are listed below. Please upgrade your version to the appropriate version.\r\nThese vulnerabilities exist in Cosminexus Component Container which is a component product of other Hitachi products.\r\nFor details about the fixed version about Cosminexus products, contact your Hitachi support service representative.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-002961.html",
"sec:cpe": [
{
"#text": "cpe:/a:hitachi:cosminexus_component_container",
"@product": "Cosminexus Component Container",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:hitachi_application_server64",
"@product": "uCosminexus Application Server(64)",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:hitachi_application_server_r",
"@product": "uCosminexus Application Server-R",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server",
"@product": "uCosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server_enterprise",
"@product": "uCosminexus Application Server Enterprise",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server_standard",
"@product": "uCosminexus Application Server Standard",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server_standard-r",
"@product": "uCosminexus Application Server Standard-R",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer",
"@product": "uCosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer_professional",
"@product": "uCosminexus Developer Professional",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer_professional_for_plug-in",
"@product": "uCosminexus Developer Professional for Plug-in",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer_standard",
"@product": "uCosminexus Developer Standard",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_primary_server_base",
"@product": "uCosminexus Primary Server Base",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_primary_server_base64",
"@product": "uCosminexus Primary Server Base(64)",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service_architect",
"@product": "uCosminexus Service Architect",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service_platform",
"@product": "uCosminexus Service Platform",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service_platform_64",
"@product": "uCosminexus Service Platform(64)",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.6",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-002961",
"sec:references": [
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-6814",
"@id": "CVE-2023-6814",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-6814",
"@id": "CVE-2023-6814",
"@source": "NVD"
},
{
"#text": "https://cwe.mitre.org/data/definitions/532.html",
"@id": "CWE-532",
"@title": "Information Exposure Through Log Files(CWE-532)"
}
],
"title": "Information Exposure Vulnerability in Cosminexus Component Container"
}
jvndb-2007-001133
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Cosminexus Component Container Session Handling Vulnerability
Details
The session failover function in Cosminexus Component Container may fail to handle session information properly and allow one user's session data to be used as aonther user's session data.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-001133.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "The session failover function in Cosminexus Component Container may fail to handle session information properly and allow one user\u0027s session data to be used as aonther user\u0027s session data.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-001133.html",
"sec:cpe": [
{
"#text": "cpe:/a:hitachi:cosminexus_application_server",
"@product": "Cosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_collaboration",
"@product": "Cosminexus Collaboration",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_component_container",
"@product": "Cosminexus Component Container",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_developer",
"@product": "Cosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_erp_integrator",
"@product": "Cosminexus ERP Integrator",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_opentp1",
"@product": "Cosminexus/OpenTP1",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:electronic_form_workflow",
"@product": "Electronic Form Workflow",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:groupmax_collaboration",
"@product": "Groupmax Collaboration",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server",
"@product": "uCosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_collaboration",
"@product": "uCosminexus Collaboration",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer",
"@product": "uCosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_erp_integrator",
"@product": "uCosminexus ERP Integrator",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_opentp1",
"@product": "uCosminexus/OpenTP1 ",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service",
"@product": "uCosminexus Service",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.9",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-001133",
"sec:references": [
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4124",
"@id": "CVE-2007-4124",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4124",
"@id": "CVE-2007-4124",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/26250",
"@id": "SA26250",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/25145",
"@id": "25145",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/35706",
"@id": "35706",
"@source": "XF"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/2725",
"@id": "FrSIRT/ADV-2007-2725",
"@source": "FRSIRT"
}
],
"title": "Cosminexus Component Container Session Handling Vulnerability"
}
jvndb-2016-008607
Vulnerability from jvndb
Published
2017-06-30 15:55
Modified
2019-07-25 14:14
Severity ?
Summary
Vulnerability in Cosminexus HTTP Server and Hitachi Web Server
Details
A vulnerability (CVE-2016-8743) exists in Cosminexus HTTP Server and Hitachi Web Server.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-008607.html",
"dc:date": "2019-07-25T14:14+09:00",
"dcterms:issued": "2017-06-30T15:55+09:00",
"dcterms:modified": "2019-07-25T14:14+09:00",
"description": "A vulnerability (CVE-2016-8743) exists in Cosminexus HTTP Server and Hitachi Web Server.",
"link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-008607.html",
"sec:cpe": [
{
"#text": "cpe:/a:apache:http_server",
"@product": "Apache HTTP Server",
"@vendor": "Apache Software Foundation",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_http_server",
"@product": "Cosminexus HTTP Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:hitachi_application_server",
"@product": "Hitachi Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:hitachi_application_server_for_developers",
"@product": "Hitachi Application Server for Developers",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:hitachi_web_server",
"@product": "Hitachi Web Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:it_operations_director",
"@product": "Hitachi IT Operations Director",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:job_management_partner_1%2Fit_desktop_management",
"@product": "Job Management Partner 1/IT Desktop Management",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:job_management_partner_1%2Fit_desktop_management-manager",
"@product": "Job Management Partner 1/IT Desktop Management - Manager",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:job_management_partner_1_integrated_management",
"@product": "Job Management Partner 1/Integrated Management",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:job_management_partner_1_performance_management_web_console",
"@product": "Job Management Partner 1/Performance Management - Web Console",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:jp1%2fautomatic_operation",
"@product": "JP1/Automatic Operation",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:jp1%2Fit_desktop_management-manager",
"@product": "JP1/IT Desktop Management - Manager",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:jp1%2fperformance_management",
"@product": "JP1/Performance Management",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:jp1_automatic_job_management_system_3",
"@product": "JP1/Automatic Job Management System 3",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:jp1_integrated_management",
"@product": "JP1/Integrated Management",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:jp1_it_desktop_management",
"@product": "JP1/IT Desktop Management",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:jp1_operation_analytics",
"@product": "JP1/Operations Analytics",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:jp1_service_support",
"@product": "JP1/Service Support",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server",
"@product": "uCosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server_enterprise",
"@product": "uCosminexus Application Server Enterprise",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server_smart_edition",
"@product": "uCosminexus Application Server Smart Edition",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server_standard",
"@product": "uCosminexus Application Server Standard",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer",
"@product": "uCosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer_light",
"@product": "uCosminexus Developer Light",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer_standard",
"@product": "uCosminexus Developer Standard",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_primary_server",
"@product": "uCosminexus Primary Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service_architect",
"@product": "uCosminexus Service Architect",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service_platform",
"@product": "uCosminexus Service Platform",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
}
],
"sec:cvss": [
{
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
{
"@score": "4.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2016-008607",
"sec:references": [
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8743",
"@id": "CVE-2016-8743",
"@source": "CVE"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4975",
"@id": "CVE-2016-4975",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-8743",
"@id": "CVE-2016-8743",
"@source": "NVD"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2016-4975",
"@id": "CVE-2016-4975",
"@source": "NVD"
},
{
"#text": "https://cwe.mitre.org/data/definitions/19.html",
"@id": "CWE-19",
"@title": "Data Handling(CWE-19)"
}
],
"title": "Vulnerability in Cosminexus HTTP Server and Hitachi Web Server"
}
jvndb-2009-001544
Vulnerability from jvndb
Published
2009-07-07 11:12
Modified
2009-07-07 11:12
Summary
Cosminexus Processing Kit for XML and Hitachi Developer's Kit for Java Possible Unauthorized Access through Vulnerability in Encoding Process
Details
Cosminexus Processing Kit for XML and Hitachi Developer's Kit for Java have a vulnerability where UTF-8 output is not properly judged due to deficiency in encoding processing, which may lead to unauthorized access.
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-001544.html",
"dc:date": "2009-07-07T11:12+09:00",
"dcterms:issued": "2009-07-07T11:12+09:00",
"dcterms:modified": "2009-07-07T11:12+09:00",
"description": "Cosminexus Processing Kit for XML and Hitachi Developer\u0027s Kit for Java have a vulnerability where UTF-8 output is not properly judged due to deficiency in encoding processing, which may lead to unauthorized access.",
"link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-001544.html",
"sec:cpe": [
{
"#text": "cpe:/a:hitachi:cosminexus_application_server",
"@product": "Cosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_client",
"@product": "Cosminexus Client ",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_developer",
"@product": "Cosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_opentp1",
"@product": "Cosminexus/OpenTP1",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_server",
"@product": "Cosminexus Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_studio",
"@product": "Cosminexus Studio",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:electronic_form_workflow",
"@product": "Electronic Form Workflow",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:groupmax_collaboration",
"@product": "Groupmax Collaboration",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:hitachi_developers_kit_for_java",
"@product": "Hitachi Developer\u0027s Kit for Java",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:processing_kit_for_xml",
"@product": "Processing Kit for XML",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server",
"@product": "uCosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_client",
"@product": "uCosminexus Client",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_collaboration",
"@product": "uCosminexus Collaboration",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer",
"@product": "uCosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_opentp1",
"@product": "uCosminexus/OpenTP1 ",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_operator",
"@product": "uCosminexus Operator",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service",
"@product": "uCosminexus Service",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "10.0",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2009-001544",
"sec:references": {
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
},
"title": "Cosminexus Processing Kit for XML and Hitachi Developer\u0027s Kit for Java Possible Unauthorized Access through Vulnerability in Encoding Process"
}
jvndb-2007-000700
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Cosminexus javadoc Cross-Site Scripting Vulnerability
Details
The javadoc command of Cosminexus may generate an HTML file that contains cross-site scripting vulnerabilities.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000700.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "The javadoc command of Cosminexus may generate an HTML file that contains cross-site scripting vulnerabilities.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000700.html",
"sec:cpe": [
{
"#text": "cpe:/a:hitachi:cosminexus_developers_kit_for_java",
"@product": "Cosminexus Developer\u0027s Kit for Java(TM)",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:electronic_form_workflow",
"@product": "Electronic Form Workflow",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server",
"@product": "uCosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_client",
"@product": "uCosminexus Client",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer",
"@product": "uCosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_erp_integrator",
"@product": "uCosminexus ERP Integrator",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_operator",
"@product": "uCosminexus Operator",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service",
"@product": "uCosminexus Service",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000700",
"sec:references": [
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4760",
"@id": "CVE-2007-4760",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4760",
"@id": "CVE-2007-4760",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/26671",
"@id": "SA26671",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/25518",
"@id": "25518",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/36393",
"@id": "36393",
"@source": "XF"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/3033",
"@id": "FrSIRT/ADV-2007-3033",
"@source": "FRSIRT"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Cosminexus javadoc Cross-Site Scripting Vulnerability"
}
jvndb-2007-001022
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2009-11-16 11:52
Summary
Apache UTF-7 Encoding Cross-Site Scripting Vulnerability
Details
The mod_autoindex.c module in Apache HTTP Server is vulnerable to a cross-site scripting attack. When the charset on a server-generated page is undefined, the vulnerability allows attackers to inject arbitrary scripts or HTML via the P parameter using the UTF-7 charset.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-001022.html",
"dc:date": "2009-11-16T11:52+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2009-11-16T11:52+09:00",
"description": "The mod_autoindex.c module in Apache HTTP Server is vulnerable to a cross-site scripting attack. When the charset on a server-generated page is undefined, the vulnerability allows attackers to inject arbitrary scripts or HTML via the P parameter using the UTF-7 charset.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-001022.html",
"sec:cpe": [
{
"#text": "cpe:/a:apache:http_server",
"@product": "Apache HTTP Server",
"@vendor": "Apache Software Foundation",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_application_framework_suite",
"@product": "Interstage Application Framework Suite",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_application_server",
"@product": "Interstage Application Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_apworks",
"@product": "Interstage Apworks",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_business_application_server",
"@product": "Interstage Business Application Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_job_workload_server",
"@product": "Interstage Job Workload Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_studio",
"@product": "Interstage Studio",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:interstage_web_server",
"@product": "Interstage Web Server",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:fujitsu:systemwalker_resource_coordinator",
"@product": "Systemwalker Resource Coordinator",
"@vendor": "FUJITSU",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:hitachi_web_server",
"@product": "Hitachi Web Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server",
"@product": "uCosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service",
"@product": "uCosminexus Service",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x_server",
"@product": "Apple Mac OS X Server",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:hp:hp-ux",
"@product": "HP-UX",
"@vendor": "Hewlett-Packard Development Company,L.P",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:enterprise_linux_desktop",
"@product": "Red Hat Enterprise Linux Desktop",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:linux_advanced_workstation",
"@product": "Red Hat Linux Advanced Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:redhat:rhel_desktop_workstation",
"@product": "RHEL Desktop Workstation",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_appliance_server",
"@product": "Turbolinux Appliance Server",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_fuji",
"@product": "Turbolinux FUJI",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_multimedia",
"@product": "Turbolinux Multimedia",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_personal",
"@product": "Turbolinux Personal",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:turbolinux:turbolinux_server",
"@product": "Turbolinux Server",
"@vendor": "Turbolinux, Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-001022",
"sec:references": [
{
"#text": "http://jvn.jp/en/tr/TRTA08-150A/index.html",
"@id": "TRTA08-150A",
"@source": "JVNTR"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465",
"@id": "CVE-2007-4465",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4465",
"@id": "CVE-2007-4465",
"@source": "NVD"
},
{
"#text": "http://www.us-cert.gov/cas/alerts/SA08-150A.html",
"@id": "SA08-150A",
"@source": "CERT-SA"
},
{
"#text": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html",
"@id": "TA08-150A",
"@source": "CERT-TA"
},
{
"#text": "http://www.securityfocus.com/bid/25653",
"@id": "25653",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/36586",
"@id": "36586",
"@source": "XF"
},
{
"#text": "http://www.securitytracker.com/id?1019194",
"@id": "1019194",
"@source": "SECTRACK"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Apache UTF-7 Encoding Cross-Site Scripting Vulnerability"
}