All the vulnerabilites related to Hitachi, Ltd - uCosminexus Operator
jvndb-2007-000710
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Cosminexus Denial of Service Vulnerability
Details
JSSE (Java Secure Socket Extension) in Cosminexua Developer's Kit for Java may fall into a denial of service condition when it handles an improper SSL/TLS handshake request. An attacker could exploit this vulnerability and cause a denial of service on the systems that establish an SSL/TLS connection using JSSE API.
References
| Type | URL |
|---|---|
| CVE | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5281 |
| NVD | http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5281 |
| SECUNIA | http://secunia.com/advisories/27075 |
| BID | http://www.securityfocus.com/bid/25935 |
| XF | http://xforce.iss.net/xforce/xfdb/36965 |
| FRSIRT | http://www.frsirt.com/english/advisories/2007/3375 |
| No Mapping(CWE-DesignError) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
| Improper Input Validation(CWE-20) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000710.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "JSSE (Java Secure Socket Extension) in Cosminexua Developer\u0027s Kit for Java may fall into a denial of service condition when it handles an improper SSL/TLS handshake request. An attacker could exploit this vulnerability and cause a denial of service on the systems that establish an SSL/TLS connection using JSSE API.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000710.html",
"sec:cpe": [
{
"#text": "cpe:/a:hitachi:cosminexus_developers_kit_for_java",
"@product": "Cosminexus Developer\u0027s Kit for Java(TM)",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server",
"@product": "uCosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_client",
"@product": "uCosminexus Client",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer",
"@product": "uCosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_operator",
"@product": "uCosminexus Operator",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service",
"@product": "uCosminexus Service",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "5.0",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000710",
"sec:references": [
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5281",
"@id": "CVE-2007-5281",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5281",
"@id": "CVE-2007-5281",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/27075",
"@id": "SA27075",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/25935",
"@id": "25935",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/36965",
"@id": "36965",
"@source": "XF"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/3375",
"@id": "FrSIRT/ADV-2007-3375",
"@source": "FRSIRT"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-DesignError",
"@title": "No Mapping(CWE-DesignError)"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "Cosminexus Denial of Service Vulnerability"
}
jvndb-2009-001544
Vulnerability from jvndb
Published
2009-07-07 11:12
Modified
2009-07-07 11:12
Summary
Cosminexus Processing Kit for XML and Hitachi Developer's Kit for Java Possible Unauthorized Access through Vulnerability in Encoding Process
Details
Cosminexus Processing Kit for XML and Hitachi Developer's Kit for Java have a vulnerability where UTF-8 output is not properly judged due to deficiency in encoding processing, which may lead to unauthorized access.
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-001544.html",
"dc:date": "2009-07-07T11:12+09:00",
"dcterms:issued": "2009-07-07T11:12+09:00",
"dcterms:modified": "2009-07-07T11:12+09:00",
"description": "Cosminexus Processing Kit for XML and Hitachi Developer\u0027s Kit for Java have a vulnerability where UTF-8 output is not properly judged due to deficiency in encoding processing, which may lead to unauthorized access.",
"link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-001544.html",
"sec:cpe": [
{
"#text": "cpe:/a:hitachi:cosminexus_application_server",
"@product": "Cosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_client",
"@product": "Cosminexus Client ",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_developer",
"@product": "Cosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_opentp1",
"@product": "Cosminexus/OpenTP1",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_server",
"@product": "Cosminexus Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_studio",
"@product": "Cosminexus Studio",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:electronic_form_workflow",
"@product": "Electronic Form Workflow",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:groupmax_collaboration",
"@product": "Groupmax Collaboration",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:hitachi_developers_kit_for_java",
"@product": "Hitachi Developer\u0027s Kit for Java",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:processing_kit_for_xml",
"@product": "Processing Kit for XML",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server",
"@product": "uCosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_client",
"@product": "uCosminexus Client",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_collaboration",
"@product": "uCosminexus Collaboration",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer",
"@product": "uCosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_opentp1",
"@product": "uCosminexus/OpenTP1 ",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_operator",
"@product": "uCosminexus Operator",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service",
"@product": "uCosminexus Service",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "10.0",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2009-001544",
"sec:references": {
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-noinfo",
"@title": "No Mapping(CWE-noinfo)"
},
"title": "Cosminexus Processing Kit for XML and Hitachi Developer\u0027s Kit for Java Possible Unauthorized Access through Vulnerability in Encoding Process"
}
jvndb-2007-000700
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Cosminexus javadoc Cross-Site Scripting Vulnerability
Details
The javadoc command of Cosminexus may generate an HTML file that contains cross-site scripting vulnerabilities.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000700.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "The javadoc command of Cosminexus may generate an HTML file that contains cross-site scripting vulnerabilities.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000700.html",
"sec:cpe": [
{
"#text": "cpe:/a:hitachi:cosminexus_developers_kit_for_java",
"@product": "Cosminexus Developer\u0027s Kit for Java(TM)",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:electronic_form_workflow",
"@product": "Electronic Form Workflow",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server",
"@product": "uCosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_client",
"@product": "uCosminexus Client",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer",
"@product": "uCosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_erp_integrator",
"@product": "uCosminexus ERP Integrator",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_operator",
"@product": "uCosminexus Operator",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service",
"@product": "uCosminexus Service",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000700",
"sec:references": [
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4760",
"@id": "CVE-2007-4760",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4760",
"@id": "CVE-2007-4760",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/26671",
"@id": "SA26671",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/25518",
"@id": "25518",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/36393",
"@id": "36393",
"@source": "XF"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/3033",
"@id": "FrSIRT/ADV-2007-3033",
"@source": "FRSIRT"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Cosminexus javadoc Cross-Site Scripting Vulnerability"
}
jvndb-2009-002475
Vulnerability from jvndb
Published
2010-02-09 14:03
Modified
2010-02-09 14:03
Summary
Buffer Overflow Vulnerability in Cosminexus, Processing Kit for XML and Hitachi Developer's Kit for Java
Details
Cosminexus, Processing Kit for XML and Hitachi Developer's Kit for Java have a buffer overflow vulnerability when processing image files in Java applications.
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-002475.html",
"dc:date": "2010-02-09T14:03+09:00",
"dcterms:issued": "2010-02-09T14:03+09:00",
"dcterms:modified": "2010-02-09T14:03+09:00",
"description": "Cosminexus, Processing Kit for XML and Hitachi Developer\u0027s Kit for Java have a buffer overflow vulnerability when processing image files in Java applications.",
"link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-002475.html",
"sec:cpe": [
{
"#text": "cpe:/a:hitachi:cosminexus_application_server",
"@product": "Cosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_client",
"@product": "Cosminexus Client ",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_developer",
"@product": "Cosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_opentp1",
"@product": "Cosminexus/OpenTP1",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_server",
"@product": "Cosminexus Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_studio",
"@product": "Cosminexus Studio",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:electronic_form_workflow",
"@product": "Electronic Form Workflow",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:groupmax_collaboration",
"@product": "Groupmax Collaboration",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:hitachi_developers_kit_for_java",
"@product": "Hitachi Developer\u0027s Kit for Java",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:processing_kit_for_xml",
"@product": "Processing Kit for XML",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server",
"@product": "uCosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_client",
"@product": "uCosminexus Client",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_collaboration",
"@product": "uCosminexus Collaboration",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer",
"@product": "uCosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_navigation",
"@product": "uCosminexus Navigation",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_opentp1",
"@product": "uCosminexus/OpenTP1 ",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_operator",
"@product": "uCosminexus Operator",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service",
"@product": "uCosminexus Service",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2009-002475",
"sec:references": {
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
},
"title": "Buffer Overflow Vulnerability in Cosminexus, Processing Kit for XML and Hitachi Developer\u0027s Kit for Java"
}
jvndb-2007-000701
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Cosminexus, Processing Kit for XML and Hitachi Developer's Kit for Java Buffer Overflow Vulnerabilities
Details
Cosminexus, Processing Kit for XML and Hitachi Developer's Kit for Java may suffer from buffer overflow when a Java application handles GIF images with the image-processing APIs.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000701.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "Cosminexus, Processing Kit for XML and Hitachi Developer\u0027s Kit for Java may suffer from buffer overflow when a Java application handles GIF images with the image-processing APIs.",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000701.html",
"sec:cpe": [
{
"#text": "cpe:/a:hitachi:cosminexus_application_server",
"@product": "Cosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_client",
"@product": "Cosminexus Client ",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_collaboration",
"@product": "Cosminexus Collaboration",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_developer",
"@product": "Cosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_developers_kit_for_java",
"@product": "Cosminexus Developer\u0027s Kit for Java(TM)",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_erp_integrator",
"@product": "Cosminexus ERP Integrator",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_opentp1",
"@product": "Cosminexus/OpenTP1",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_server",
"@product": "Cosminexus Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_studio",
"@product": "Cosminexus Studio",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:electronic_form_workflow",
"@product": "Electronic Form Workflow",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:groupmax_collaboration",
"@product": "Groupmax Collaboration",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:hitachi_developers_kit_for_java",
"@product": "Hitachi Developer\u0027s Kit for Java",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:processing_kit_for_xml",
"@product": "Processing Kit for XML",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server",
"@product": "uCosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_client",
"@product": "uCosminexus Client",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_collaboration",
"@product": "uCosminexus Collaboration",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer",
"@product": "uCosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_erp_integrator",
"@product": "uCosminexus ERP Integrator",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_opentp1",
"@product": "uCosminexus/OpenTP1 ",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_operator",
"@product": "uCosminexus Operator",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service",
"@product": "uCosminexus Service",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000701",
"sec:references": [
{
"#text": "http://jvn.jp/cert/JVNTA07-022A/index.html",
"@id": "JVNTA07-022A",
"@source": "JVN"
},
{
"#text": "http://jvn.jp/tr/TRTA07-022A/index.html",
"@id": "TRTA07-022A",
"@source": "JVNTR"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3794",
"@id": "CVE-2007-3794",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3794",
"@id": "CVE-2007-3794",
"@source": "NVD"
},
{
"#text": "http://www.us-cert.gov/cas/alerts/SA07-022A.html",
"@id": "SA07-022A",
"@source": "CERT-SA"
},
{
"#text": "http://www.us-cert.gov/cas/techalerts/TA07-022A.html",
"@id": "TA07-022A",
"@source": "CERT-TA"
},
{
"#text": "http://secunia.com/advisories/26025",
"@id": "SA26025",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/24905",
"@id": "24905",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/36022",
"@id": "36022",
"@source": "XF"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/2534",
"@id": "FrSIRT/ADV-2007-2534",
"@source": "FRSIRT"
}
],
"title": "Cosminexus, Processing Kit for XML and Hitachi Developer\u0027s Kit for Java Buffer Overflow Vulnerabilities"
}
jvndb-2008-000016
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-10-09 13:35
Summary
Sun Java Runtime Environment (JRE) contains a vulnerability in processing XSLT transformations
Details
The Sun Microsystems Java Runtime Environment (JRE) contains a vulnerability that could allow privilege escalation in the processing of XSLT transformations.
The Sun Microsystems Java Runtime Environment (JRE) contains a vulnerability that could allow a remote attacker to elevate its privileges via an untrusted applet or application that is downloaded from a website to perform XSLT transformations on XML documents.
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000016.html",
"dc:date": "2008-10-09T13:35+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-10-09T13:35+09:00",
"description": "The Sun Microsystems Java Runtime Environment (JRE) contains a vulnerability that could allow privilege escalation in the processing of XSLT transformations.\r\n\r\nThe Sun Microsystems Java Runtime Environment (JRE) contains a vulnerability that could allow a remote attacker to elevate its privileges via an untrusted applet or application that is downloaded from a website to perform XSLT transformations on XML documents.",
"link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000016.html",
"sec:cpe": [
{
"#text": "cpe:/a:hitachi:electronic_form_workflow",
"@product": "Electronic Form Workflow",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server",
"@product": "uCosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_client",
"@product": "uCosminexus Client",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer",
"@product": "uCosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_operator",
"@product": "uCosminexus Operator",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service",
"@product": "uCosminexus Service",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:redhat:enterprise_linux",
"@product": "Red Hat Enterprise Linux Extras",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:redhat:rhel_desktop_supplementary",
"@product": "RHEL Desktop Supplementary",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:redhat:rhel_supplementary",
"@product": "RHEL Supplementary",
"@vendor": "Red Hat, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sun:jdk",
"@product": "JDK",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sun:jre",
"@product": "JRE",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:sun:sdk",
"@product": "SDK",
"@vendor": "Sun Microsystems, Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x",
"@product": "Apple Mac OS X",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:apple:mac_os_x_server",
"@product": "Apple Mac OS X Server",
"@vendor": "Apple Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/o:misc:miraclelinux_asianux_server",
"@product": "Asianux Server",
"@vendor": "Cybertrust Japan Co., Ltd.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "6.8",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2008-000016",
"sec:references": [
{
"#text": "http://jvn.jp/cert/JVNTA08-066A/index.html",
"@id": "JVNTA08-066A",
"@source": "JVN"
},
{
"#text": "http://jvn.jp/en/jp/JVN04032535/index.html",
"@id": "JVN#04032535",
"@source": "JVN"
},
{
"#text": "http://jvn.jp/tr/TRTA08-066A/index.html",
"@id": "TRTA08-066A",
"@source": "JVNTR"
},
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1187",
"@id": "CVE-2008-1187",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1187",
"@id": "CVE-2008-1187",
"@source": "NVD"
},
{
"#text": "http://www.ipa.go.jp/security/english/vuln/200803_JRE_press_en.html",
"@id": "Security Alert for Vulnerability In Sun JRE (Java Runtime Environment) XSLT Transformations",
"@source": "IPA SECURITY ALERTS"
},
{
"#text": "https://www.us-cert.gov/cas/alerts/SA08-066A.html",
"@id": "SA08-066A",
"@source": "CERT-SA"
},
{
"#text": "http://www.us-cert.gov/cas/techalerts/TA08-066A.html",
"@id": "TA08-066A",
"@source": "CERT-TA"
},
{
"#text": "http://secunia.com/advisories/29273",
"@id": "SA29273",
"@source": "SECUNIA"
},
{
"#text": "http://www.securityfocus.com/bid/28083",
"@id": "28083",
"@source": "BID"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/41025",
"@id": "41025",
"@source": "XF"
},
{
"#text": "http://www.securitytracker.com/id?1019548",
"@id": "1019548",
"@source": "SECTRACK"
},
{
"#text": "http://www.frsirt.com/english/advisories/2008/0770",
"@id": "FrSIRT/ADV-2008-0770",
"@source": "FRSIRT"
},
{
"#text": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000016.html",
"@id": "JVNDB-2008-000016",
"@source": "JVNDB_Ja"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-264",
"@title": "Permissions(CWE-264)"
}
],
"title": "Sun Java Runtime Environment (JRE) contains a vulnerability in processing XSLT transformations"
}
jvndb-2007-000702
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Cosminexus Developer's Kit for Java Buffer Overflow and Denial of Service Vulnerabilities
Details
The image-processing APIs in Cosminexus Developer's Kit for Java is vulnerable to buffer overflow and a Denial od Service (DoS).
References
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000702.html",
"dc:date": "2008-05-21T00:00+09:00",
"dcterms:issued": "2008-05-21T00:00+09:00",
"dcterms:modified": "2008-05-21T00:00+09:00",
"description": "The image-processing APIs in Cosminexus Developer\u0027s Kit for Java is vulnerable to buffer overflow and a Denial od Service (DoS).",
"link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000702.html",
"sec:cpe": [
{
"#text": "cpe:/a:hitachi:cosminexus_application_server",
"@product": "Cosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_client",
"@product": "Cosminexus Client ",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_collaboration",
"@product": "Cosminexus Collaboration",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_developer",
"@product": "Cosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_developers_kit_for_java",
"@product": "Cosminexus Developer\u0027s Kit for Java(TM)",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_erp_integrator",
"@product": "Cosminexus ERP Integrator",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_opentp1",
"@product": "Cosminexus/OpenTP1",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_server",
"@product": "Cosminexus Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:cosminexus_studio",
"@product": "Cosminexus Studio",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:electronic_form_workflow",
"@product": "Electronic Form Workflow",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:groupmax_collaboration",
"@product": "Groupmax Collaboration",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:hitachi_developers_kit_for_java",
"@product": "Hitachi Developer\u0027s Kit for Java",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:processing_kit_for_xml",
"@product": "Processing Kit for XML",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_application_server",
"@product": "uCosminexus Application Server",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_client",
"@product": "uCosminexus Client",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_collaboration",
"@product": "uCosminexus Collaboration",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_developer",
"@product": "uCosminexus Developer",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_erp_integrator",
"@product": "uCosminexus ERP Integrator",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_opentp1",
"@product": "uCosminexus/OpenTP1 ",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_operator",
"@product": "uCosminexus Operator",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
{
"#text": "cpe:/a:hitachi:ucosminexus_service",
"@product": "uCosminexus Service",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "7.5",
"@severity": "High",
"@type": "Base",
"@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2007-000702",
"sec:references": [
{
"#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4758",
"@id": "CVE-2007-4758",
"@source": "CVE"
},
{
"#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4758",
"@id": "CVE-2007-4758",
"@source": "NVD"
},
{
"#text": "http://secunia.com/advisories/26538",
"@id": "SA26538",
"@source": "SECUNIA"
},
{
"#text": "http://xforce.iss.net/xforce/xfdb/36618",
"@id": "36618",
"@source": "XF"
},
{
"#text": "http://www.frsirt.com/english/advisories/2007/3034",
"@id": "FrSIRT/ADV-2007-3034",
"@source": "FRSIRT"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-119",
"@title": "Buffer Errors(CWE-119)"
}
],
"title": "Cosminexus Developer\u0027s Kit for Java Buffer Overflow and Denial of Service Vulnerabilities"
}