cvelistv5 - CVE-2007-0514

CVE-2007-0514 (GCVE-0-2007-0514)

Vulnerability from cvelistv5 – Published: 2007-01-26 00:00 – Updated: 2024-08-07 12:19

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

GSD-2007-0514

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2007-0514

Aliases

CVE-2007-0514

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-0514",
    "description": "Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML via (1) HTTP Expect headers or (2) image maps.",
    "id": "GSD-2007-0514"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-0514"
      ],
      "details": "Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML via (1) HTTP Expect headers or (2) image maps.",
      "id": "GSD-2007-0514",
      "modified": "2023-12-13T01:21:35.142415Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-0514",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML via (1) HTTP Expect headers or (2) image maps."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "32998",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/32998"
          },
          {
            "name": "23843",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/23843"
          },
          {
            "name": "ADV-2007-0326",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/0326"
          },
          {
            "name": "32997",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/32997"
          },
          {
            "name": "http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html",
            "refsource": "CONFIRM",
            "url": "http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_server_-_enterprise_edition:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_server_-_standard_edition:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_standard:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_developer_light:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_developer_standard_version_6:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_developer_version_5:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:*:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_smart_edition:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server:6:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server_version_5:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_server_-_standard_edition_version_4:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_server_-_web_edition:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_developer_standard:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_service_architect:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_service_platform:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_developer_light_version_6:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_developer_professional_version_6:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_server_-_web_edition_version_4:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:hitachi_web_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-0514"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML via (1) HTTP Expect headers or (2) image maps."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html"
            },
            {
              "name": "23843",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/23843"
            },
            {
              "name": "32997",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/32997"
            },
            {
              "name": "32998",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/32998"
            },
            {
              "name": "ADV-2007-0326",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/0326"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2011-03-08T02:49Z",
      "publishedDate": "2007-01-26T00:28Z"
    }
  }
}

GHSA-6V33-6R6Q-36X7

Vulnerability from github – Published: 2022-05-01 17:45 – Updated: 2022-05-01 17:45

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-0514"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-01-26T00:28:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML via (1) HTTP Expect headers or (2) image maps.",
  "id": "GHSA-6v33-6r6q-36x7",
  "modified": "2022-05-01T17:45:00Z",
  "published": "2022-05-01T17:45:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0514"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/32997"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/32998"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/23843"
    },
    {
      "type": "WEB",
      "url": "http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/0326"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

JVNDB-2006-000992

Vulnerability from jvndb - Published: 2009-02-04 17:42 - Updated:2014-05-22 18:03

Severity ?

() - -

Summary

Multiple Vulnerabilities Concerning Hitachi Web Server

Details

Hitachi Web Server has vulnerabilities listed below: 1. A vulnerability that allows to roll back the Open SSL version when using the SSL. 2. Cross-site scripting vulnerability in contents created automatically by the Hitachi Web Server. 3. Cross-site scripting vulnerability due to inadequate processing of the Expect header.

References

Type

URL

	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3918
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0514
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2969
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3352
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3918
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0514
	JVNDB_Ja	http://jvndb.jvn.jp/ja/contents/2006/JVNDB-2006-000992.html
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	No Mapping(CWE-noinfo)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

	Hitachi, Ltd	Cosminexus Application Server Enterprise
	Hitachi, Ltd	Cosminexus Application Server Standard
	Hitachi, Ltd	Cosminexus Application Server Version 5
	Hitachi, Ltd	Cosminexus Developer Light Version 6
	Hitachi, Ltd	Cosminexus Developer Professional Version 6
	Hitachi, Ltd	Cosminexus Developer Standard Version 6
	Hitachi, Ltd	Cosminexus Developer Version 5
	Hitachi, Ltd	Cosminexus Server - Enterprise Edition
	Hitachi, Ltd	Cosminexus Server - Standard Edition
	Hitachi, Ltd	Cosminexus Server - Standard Edition Version 4
	Hitachi, Ltd	Cosminexus Server - Web Edition
	Hitachi, Ltd	Cosminexus Server - Web Edition Version 4
	Hitachi, Ltd	Hitachi Web Server
	Hitachi, Ltd	uCosminexus Application Server Enterprise
	Hitachi, Ltd	uCosminexus Application Server Smart Edition
	Hitachi, Ltd	uCosminexus Application Server Standard
	Hitachi, Ltd	uCosminexus Developer
	Hitachi, Ltd	uCosminexus Developer Light
	Hitachi, Ltd	uCosminexus Developer Standard
	Hitachi, Ltd	uCosminexus Service Architect
	Hitachi, Ltd	uCosminexus Service Platform

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000992.html",
  "dc:date": "2014-05-22T18:03+09:00",
  "dcterms:issued": "2009-02-04T17:42+09:00",
  "dcterms:modified": "2014-05-22T18:03+09:00",
  "description": "Hitachi Web Server has vulnerabilities listed below:\r\n\r\n1. A vulnerability that allows to roll back the Open SSL version when using the SSL.\r\n\r\n2. Cross-site scripting vulnerability in contents created automatically by the Hitachi Web Server.\r\n\r\n3. Cross-site scripting vulnerability due to inadequate processing of the Expect header.",
  "link": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000992.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:hitachi:cosminexus_application_server_enterprise",
      "@product": "Cosminexus Application Server Enterprise",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_application_server_standard",
      "@product": "Cosminexus Application Server Standard",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_application_server_version_5",
      "@product": "Cosminexus Application Server Version 5",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_light_version_6",
      "@product": "Cosminexus Developer Light Version 6",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_professional_version_6",
      "@product": "Cosminexus Developer Professional Version 6",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_standard_version_6",
      "@product": "Cosminexus Developer Standard Version 6",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_version_5",
      "@product": "Cosminexus Developer Version 5",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_enterprise_edition",
      "@product": "Cosminexus Server - Enterprise Edition",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_standard_edition",
      "@product": "Cosminexus Server - Standard Edition",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_standard_edition_version_4",
      "@product": "Cosminexus Server - Standard Edition Version 4",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_web_edition",
      "@product": "Cosminexus Server - Web Edition",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_web_edition_version_4",
      "@product": "Cosminexus Server - Web Edition Version 4",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:hitachi_web_server",
      "@product": "Hitachi Web Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server_enterprise",
      "@product": "uCosminexus Application Server Enterprise",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server_smart_edition",
      "@product": "uCosminexus Application Server Smart Edition",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server_standard",
      "@product": "uCosminexus Application Server Standard",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer",
      "@product": "uCosminexus Developer",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer_light",
      "@product": "uCosminexus Developer Light",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer_standard",
      "@product": "uCosminexus Developer Standard",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_service_architect",
      "@product": "uCosminexus Service Architect",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_service_platform",
      "@product": "uCosminexus Service Platform",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "5.0",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2006-000992",
  "sec:references": [
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969",
      "@id": "CVE-2005-2969",
      "@source": "CVE"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352",
      "@id": "CVE-2005-3352",
      "@source": "CVE"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3918",
      "@id": "CVE-2006-3918",
      "@source": "CVE"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0514",
      "@id": "CVE-2007-0514",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2969",
      "@id": "CVE-2005-2969",
      "@source": "NVD"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3352",
      "@id": "CVE-2005-3352",
      "@source": "NVD"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3918",
      "@id": "CVE-2006-3918",
      "@source": "NVD"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0514",
      "@id": "CVE-2007-0514",
      "@source": "NVD"
    },
    {
      "#text": "http://jvndb.jvn.jp/ja/contents/2006/JVNDB-2006-000992.html",
      "@id": "JVNDB-2006-000992",
      "@source": "JVNDB_Ja"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-noinfo",
      "@title": "No Mapping(CWE-noinfo)"
    }
  ],
  "title": "Multiple Vulnerabilities Concerning Hitachi Web Server"
}

VAR-200701-0392

Vulnerability from variot - Updated: 2023-12-18 11:28

Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML via (1) HTTP Expect headers or (2) image maps. Hitachi Web Server has vulnerabilities listed below: 1. A vulnerability that allows to roll back the Open SSL version when using the SSL. 2. 3. Cross-site scripting vulnerability due to inadequate processing of the Expect header.1. When using the SSL, there is the possibility an attacker could deceptively alter the protocol, forcing the use of SSL version 2. 2. and 3. An attacker could insert malicious script. ** Delete ** This case CVE-2005-2969 , CVE-2005-3352 , CVE-2006-3918 Contents of ( Both are Hitachi vendor information HS06-022) And was removed because it was found to be a duplicate. CVE-2005-2969 , CVE-2005-3352 , CVE-2006-3918 Please refer to. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user or to bypass certain security restrictions. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Secunia is proud to announce the availability of the Secunia Software Inspector.

The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor.

1) Input passed to certain parameters in various files in Hitachi Web Server is not properly sanitised before being returned to the user.

2) Input passed via the "Expect" header in Hitachi Web Server is not properly sanitised before being returned to the user.

3) An error in the way Hitachi Web Server handles SSL 3.0 or TLS 1.0 protocols can be exploited by attackers to replace the connection with a connection using SSL 2.0 protocol.

See the vendor advisory for a matrix of affected versions.

SOLUTION: Updates are available for some versions (please see vendor's advisory for details).

PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.

ORIGINAL ADVISORY: http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200701-0392",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "cosminexus server - web edition",
        "scope": null,
        "trust": 1.4,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus server - web edition version 4",
        "scope": null,
        "trust": 1.4,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "web server",
        "scope": null,
        "trust": 1.4,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus application server smart edition",
        "scope": null,
        "trust": 1.4,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus application server standard",
        "scope": null,
        "trust": 1.4,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus developer light",
        "scope": null,
        "trust": 1.4,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus developer standard",
        "scope": null,
        "trust": 1.4,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus service architect",
        "scope": null,
        "trust": 1.4,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus service platform",
        "scope": null,
        "trust": 1.4,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "web server",
        "scope": "ne",
        "trust": 1.2,
        "vendor": "hitachi",
        "version": "03-00-01"
      },
      {
        "model": "web server 02-04-/b",
        "scope": "ne",
        "trust": 1.2,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus developer standard version 6",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "cosminexus application server version 5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "ucosminexus developer standard",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "cosminexus server - standard edition version 4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "cosminexus application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "6"
      },
      {
        "model": "cosminexus server - web edition",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "ucosminexus application server standard",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "ucosminexus application server smart edition",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "cosminexus developer version 5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "ucosminexus application server enterprise",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "ucosminexus service architect",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "cosminexus developer light version 6",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "cosminexus application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "ucosminexus service platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "cosminexus server - enterprise edition",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "cosminexus developer professional version 6",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "ucosminexus developer light",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "cosminexus server - web edition version 4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "web server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "cosminexus server - standard edition",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "cosminexus application server enterprise",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "version 6"
      },
      {
        "model": "cosminexus application server standard",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "version 6"
      },
      {
        "model": "cosminexus application server version 5",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus developer light version 6",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus developer professional version 6",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus developer standard version 6",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus developer version 5",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus server - enterprise edition",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus server - standard edition",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus server - standard edition version 4",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "web server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- custom edition"
      },
      {
        "model": "web server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- security enhancement"
      },
      {
        "model": "web server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "for vos3"
      },
      {
        "model": "ucosminexus application server enterprise",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "professional"
      },
      {
        "model": "cosminexus application server",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "20070124"
      },
      {
        "model": "cosminexus application server version 5",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "20070124"
      },
      {
        "model": "cosminexus developer light version 6",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "20070124"
      },
      {
        "model": "cosminexus developer professional version 6",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "20070124"
      },
      {
        "model": "cosminexus developer standard version 6",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "20070124"
      },
      {
        "model": "cosminexus developer version 5",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "20070124"
      },
      {
        "model": "cosminexus server - enterprise edition",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "20070124"
      },
      {
        "model": "cosminexus server - standard edition",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "20070124"
      },
      {
        "model": "cosminexus server - standard edition version 4",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "20070124"
      },
      {
        "model": "cosminexus server - web edition",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "20070124"
      },
      {
        "model": "cosminexus server - web edition version 4",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "20070124"
      },
      {
        "model": "web server",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "20070124"
      },
      {
        "model": "ucosminexus application server enterprise",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "20070124"
      },
      {
        "model": "ucosminexus application server smart edition",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "20070124"
      },
      {
        "model": "ucosminexus application server standard",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "20070124"
      },
      {
        "model": "ucosminexus developer light",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "20070124"
      },
      {
        "model": "ucosminexus developer standard",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "20070124"
      },
      {
        "model": "ucosminexus service architect",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "20070124"
      },
      {
        "model": "ucosminexus service platform",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "20070124"
      },
      {
        "model": "web server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "ucosminexus service platform",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "ucosminexus service architect",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "ucosminexus developer standard",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "ucosminexus developer light",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "ucosminexus application server standard",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "ucosminexus application server smart edition",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "cosminexus server enterprise edition",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hitachi",
        "version": "-0"
      },
      {
        "model": "cosminexus application server enterprise",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hitachi",
        "version": "6"
      },
      {
        "model": "ucosminexus application server enterprise",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hitachi",
        "version": "enterprise"
      },
      {
        "model": "web server for vos3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "web server security enhancement",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "-0"
      },
      {
        "model": "web server custom edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "-0"
      },
      {
        "model": "ucosminexus developer professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "ucosminexus application server enterprise )",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "09-80"
      },
      {
        "model": "cosminexus server web edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "4"
      },
      {
        "model": "cosminexus server web edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "cosminexus server standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "4"
      },
      {
        "model": "cosminexus server standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "cosminexus developer standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "6"
      },
      {
        "model": "cosminexus developer professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "6"
      },
      {
        "model": "cosminexus developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "5"
      },
      {
        "model": "cosminexus application server standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "6"
      },
      {
        "model": "cosminexus application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "5.0"
      },
      {
        "model": "web server 02-06-/a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "web server 02-04-/a (windows ip",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus application server enterpris enterprise",
        "scope": null,
        "trust": 0.3,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus server web edition version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "-40"
      },
      {
        "model": "cosminexus server web edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "-0"
      },
      {
        "model": "cosminexus server standard edition version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "-40"
      },
      {
        "model": "cosminexus server standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "-0"
      },
      {
        "model": "cosminexus developer version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "50"
      },
      {
        "model": "cosminexus developer standard version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "60"
      },
      {
        "model": "cosminexus developer professional version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "60"
      },
      {
        "model": "cosminexus developer light version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "60"
      },
      {
        "model": "cosminexus application server version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "50"
      },
      {
        "model": "cosminexus application server enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "22234"
      },
      {
        "db": "BID",
        "id": "81987"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000992"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003272"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0514"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-449"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_server_-_enterprise_edition:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_server_-_standard_edition:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_standard:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_developer_light:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_developer_standard_version_6:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_developer_version_5:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:*:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_smart_edition:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server:6:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server_version_5:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_server_-_standard_edition_version_4:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_server_-_web_edition:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_developer_standard:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_service_architect:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_service_platform:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_developer_light_version_6:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_developer_professional_version_6:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_server_-_web_edition_version_4:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:hitachi_web_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-0514"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor disclosed these issues.",
    "sources": [
      {
        "db": "BID",
        "id": "22234"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2007-0514",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": true,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2006-000992",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2007-0514",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2006-000992",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200701-449",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000992"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0514"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-449"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML via (1) HTTP Expect headers or (2) image maps. Hitachi Web Server has vulnerabilities listed below: 1. A vulnerability that allows to roll back the Open SSL version when using the SSL. 2. 3. Cross-site scripting vulnerability due to inadequate processing of the Expect header.1. When using the SSL, there is the possibility an attacker could deceptively alter the protocol, forcing the use of SSL version 2. 2. and 3. An attacker could insert malicious script. ** Delete ** This case CVE-2005-2969 , CVE-2005-3352 , CVE-2006-3918 Contents of ( Both are Hitachi vendor information HS06-022) And was removed because it was found to be a duplicate. CVE-2005-2969 , CVE-2005-3352 , CVE-2006-3918 Please refer to. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user or to bypass certain security restrictions. This may help the attacker steal cookie-based authentication credentials and launch other attacks. \n\n----------------------------------------------------------------------\n\nSecunia is proud to announce the availability of the Secunia Software\nInspector. \n\nThe Secunia Software Inspector is a free service that detects insecure\nversions of software that you may have installed in your system. When\ninsecure versions are detected, the Secunia Software Inspector also\nprovides thorough guidelines for updating the software to the latest\nsecure version from the vendor. \n\n1) Input passed to certain parameters in various files in Hitachi Web\nServer is not properly sanitised before being returned to the user. \n\n2) Input passed via the \"Expect\" header in Hitachi Web Server is not\nproperly sanitised before being returned to the user. \n\n3) An error in the way Hitachi Web Server handles SSL 3.0 or TLS 1.0\nprotocols can be exploited by attackers to replace the connection\nwith a connection using SSL 2.0 protocol. \n\nSee the vendor advisory for a matrix of affected versions. \n\nSOLUTION:\nUpdates are available for some versions (please see vendor\u0027s advisory\nfor details). \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-0514"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000992"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003272"
      },
      {
        "db": "BID",
        "id": "22234"
      },
      {
        "db": "BID",
        "id": "81987"
      },
      {
        "db": "PACKETSTORM",
        "id": "53943"
      }
    ],
    "trust": 2.97
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-0514",
        "trust": 3.5
      },
      {
        "db": "HITACHI",
        "id": "HS06-022",
        "trust": 2.3
      },
      {
        "db": "SECUNIA",
        "id": "23843",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000992",
        "trust": 1.6
      },
      {
        "db": "OSVDB",
        "id": "32998",
        "trust": 1.6
      },
      {
        "db": "OSVDB",
        "id": "32997",
        "trust": 1.6
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0326",
        "trust": 1.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003272",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-449",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "22234",
        "trust": 0.3
      },
      {
        "db": "BID",
        "id": "81987",
        "trust": 0.3
      },
      {
        "db": "PACKETSTORM",
        "id": "53943",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "22234"
      },
      {
        "db": "BID",
        "id": "81987"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000992"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003272"
      },
      {
        "db": "PACKETSTORM",
        "id": "53943"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0514"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-449"
      }
    ]
  },
  "id": "VAR-200701-0392",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.316269845
  },
  "last_update_date": "2023-12-18T11:28:08.862000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HS06-022",
        "trust": 1.6,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs06-022/index.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000992"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003272"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-79",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-noinfo",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000992"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0514"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "http://www.hitachi-support.com/security_e/vuls_e/hs06-022_e/01-e.html"
      },
      {
        "trust": 1.6,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0514"
      },
      {
        "trust": 1.6,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0514"
      },
      {
        "trust": 1.6,
        "url": "http://osvdb.org/32997"
      },
      {
        "trust": 1.6,
        "url": "http://osvdb.org/32998"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/23843"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0326"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-2969"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3352"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3918"
      },
      {
        "trust": 0.8,
        "url": "http://jvndb.jvn.jp/ja/contents/2006/jvndb-2006-000992.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-3918"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2005-2969"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2005-3352"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2007/0326"
      },
      {
        "trust": 0.3,
        "url": "http://www.hitachi.com/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/13338/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/23843/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/13335/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/software_inspector/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/13337/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/13333/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/13336/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/13334/"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "22234"
      },
      {
        "db": "BID",
        "id": "81987"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000992"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003272"
      },
      {
        "db": "PACKETSTORM",
        "id": "53943"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0514"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-449"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "22234"
      },
      {
        "db": "BID",
        "id": "81987"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000992"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003272"
      },
      {
        "db": "PACKETSTORM",
        "id": "53943"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0514"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-449"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-01-25T00:00:00",
        "db": "BID",
        "id": "22234"
      },
      {
        "date": "2007-01-25T00:00:00",
        "db": "BID",
        "id": "81987"
      },
      {
        "date": "2009-02-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000992"
      },
      {
        "date": "2012-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-003272"
      },
      {
        "date": "2007-01-27T01:46:45",
        "db": "PACKETSTORM",
        "id": "53943"
      },
      {
        "date": "2007-01-26T00:28:00",
        "db": "NVD",
        "id": "CVE-2007-0514"
      },
      {
        "date": "2007-01-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200701-449"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-12-18T14:11:00",
        "db": "BID",
        "id": "22234"
      },
      {
        "date": "2007-01-25T00:00:00",
        "db": "BID",
        "id": "81987"
      },
      {
        "date": "2014-05-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000992"
      },
      {
        "date": "2012-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-003272"
      },
      {
        "date": "2011-03-08T02:49:59.453000",
        "db": "NVD",
        "id": "CVE-2007-0514"
      },
      {
        "date": "2007-01-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200701-449"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "22234"
      },
      {
        "db": "BID",
        "id": "81987"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple Vulnerabilities Concerning Hitachi Web Server",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000992"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "xss",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "53943"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-449"
      }
    ],
    "trust": 0.7
  }
}

FKIE_CVE-2007-0514

Vulnerability from fkie_nvd - Published: 2007-01-26 00:28 - Updated: 2025-04-09 00:30

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://osvdb.org/32997
cve@mitre.org	http://osvdb.org/32998
cve@mitre.org	http://secunia.com/advisories/23843
cve@mitre.org	http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html	Patch, Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2007/0326
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/32997
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/32998
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/23843
af854a3a-2127-422b-91ae-364da2661108	http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2007/0326

Impacted products

Vendor	Product	Version
hitachi	cosminexus_application_server	*
hitachi	cosminexus_application_server	6
hitachi	cosminexus_application_server_version_5	*
hitachi	cosminexus_developer_light_version_6	*
hitachi	cosminexus_developer_professional_version_6	*
hitachi	cosminexus_developer_standard_version_6	*
hitachi	cosminexus_developer_version_5	*
hitachi	cosminexus_server_-_enterprise_edition	*
hitachi	cosminexus_server_-_standard_edition	*
hitachi	cosminexus_server_-_standard_edition_version_4	*
hitachi	cosminexus_server_-_web_edition	*
hitachi	cosminexus_server_-_web_edition_version_4	*
hitachi	hitachi_web_server	*
hitachi	ucosminexus_application_server_enterprise	*
hitachi	ucosminexus_application_server_smart_edition	*
hitachi	ucosminexus_application_server_standard	*
hitachi	ucosminexus_developer_light	*
hitachi	ucosminexus_developer_standard	*
hitachi	ucosminexus_service_architect	*
hitachi	ucosminexus_service_platform	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hitachi:cosminexus_application_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "72EB5501-8682-47C6-A09B-64D628C319CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:cosminexus_application_server:6:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "336AC0E8-01DB-4D75-8F9F-E1673BE7883A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:cosminexus_application_server_version_5:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F49A94B-6343-4A24-8E8D-461192CD643A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:cosminexus_developer_light_version_6:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CB9CE4D-B179-488A-881B-EDDE858DF8C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:cosminexus_developer_professional_version_6:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "19698339-17FB-443A-A3A8-E6E364F6E892",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:cosminexus_developer_standard_version_6:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED7AB561-DC97-4ACB-8810-B8020F28B769",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:cosminexus_developer_version_5:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5976B0CF-D923-4D74-A599-028E20D14AF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:cosminexus_server_-_enterprise_edition:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6DBFEFD-4667-4487-B009-F5133260D6A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:cosminexus_server_-_standard_edition:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B3B8F3B-156B-44B0-97EF-F2DF622D8398",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:cosminexus_server_-_standard_edition_version_4:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CC5DA2A-6880-491A-A2FD-327CF952E977",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:cosminexus_server_-_web_edition:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "394A48A2-C95B-4B1F-A571-77FFD1DA9F0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:cosminexus_server_-_web_edition_version_4:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BC015FD-6D1D-4A6C-A480-326614BEB5BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:hitachi_web_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3721DE3-39EC-4C4A-B575-9F5CF2D21BE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:*:*:enterprise:*:*:*:*:*",
              "matchCriteriaId": "0B00BB4D-1C8A-4CFE-9EA4-5CBE055276DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:ucosminexus_application_server_smart_edition:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "980D0920-2D78-4EAF-8C99-C9928708C825",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:ucosminexus_application_server_standard:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "88B1B8FF-8362-471C-85DB-01D675764DF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:ucosminexus_developer_light:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7148FC73-6087-4F89-8832-7888D3502E85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:ucosminexus_developer_standard:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C937879-7AC4-4B36-BC3A-3C9B620A17F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:ucosminexus_service_architect:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "354BD4CE-7B1A-4442-9F87-08CD70D9499E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hitachi:ucosminexus_service_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "72E63548-3AB3-4B78-AA2D-5B2AC7E06DD7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML via (1) HTTP Expect headers or (2) image maps."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Hitachi Web Server, uCosminexus, y productos Cosminexus anteriores al 24/01/2007 permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante (1) cabeceras HTTP Expect o (2) im\u00e1genes de mapas."
    }
  ],
  "id": "CVE-2007-0514",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-01-26T00:28:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/32997"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://osvdb.org/32998"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/23843"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2007/0326"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/32997"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/32998"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/23843"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/0326"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2007-0514 (GCVE-0-2007-0514)

GSD-2007-0514

GHSA-6V33-6R6Q-36X7

JVNDB-2006-000992

VAR-200701-0392

FKIE_CVE-2007-0514

Tags

Sightings

Nomenclature