cvelistv5 - CVE-2007-0514

CVE-2007-0514

Vulnerability from cvelistv5

Published

2007-01-26 00:00

Modified

2024-08-07 12:19

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://osvdb.org/32997
cve@mitre.org	http://osvdb.org/32998
cve@mitre.org	http://secunia.com/advisories/23843
cve@mitre.org	http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html	Patch, Vendor Advisory
cve@mitre.org	http://www.vupen.com/english/advisories/2007/0326

Impacted products

▼	Vendor	Product
	n/a	n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T12:19:30.531Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "32998",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/32998"
          },
          {
            "name": "23843",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23843"
          },
          {
            "name": "ADV-2007-0326",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/0326"
          },
          {
            "name": "32997",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/32997"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-01-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML via (1) HTTP Expect headers or (2) image maps."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2007-02-01T10:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "32998",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/32998"
        },
        {
          "name": "23843",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23843"
        },
        {
          "name": "ADV-2007-0326",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/0326"
        },
        {
          "name": "32997",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/32997"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-0514",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML via (1) HTTP Expect headers or (2) image maps."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "32998",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/32998"
            },
            {
              "name": "23843",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/23843"
            },
            {
              "name": "ADV-2007-0326",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/0326"
            },
            {
              "name": "32997",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/32997"
            },
            {
              "name": "http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html",
              "refsource": "CONFIRM",
              "url": "http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2007-0514",
    "datePublished": "2007-01-26T00:00:00",
    "dateReserved": "2007-01-25T00:00:00",
    "dateUpdated": "2024-08-07T12:19:30.531Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2007-0514\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2007-01-26T00:28:00.000\",\"lastModified\":\"2011-03-08T02:49:59.453\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML via (1) HTTP Expect headers or (2) image maps.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Hitachi Web Server, uCosminexus, y productos Cosminexus anteriores al 24/01/2007 permiten a atacantes remotos inyectar secuencias de comandos web o HTML de su elecci\u00f3n mediante (1) cabeceras HTTP Expect o (2) im\u00e1genes de mapas.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":6.8},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_application_server:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72EB5501-8682-47C6-A09B-64D628C319CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_application_server:6:*:enterprise:*:*:*:*:*\",\"matchCriteriaId\":\"336AC0E8-01DB-4D75-8F9F-E1673BE7883A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_application_server_version_5:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5F49A94B-6343-4A24-8E8D-461192CD643A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_developer_light_version_6:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CB9CE4D-B179-488A-881B-EDDE858DF8C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_developer_professional_version_6:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"19698339-17FB-443A-A3A8-E6E364F6E892\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_developer_standard_version_6:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED7AB561-DC97-4ACB-8810-B8020F28B769\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_developer_version_5:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5976B0CF-D923-4D74-A599-028E20D14AF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_server_-_enterprise_edition:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6DBFEFD-4667-4487-B009-F5133260D6A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_server_-_standard_edition:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7B3B8F3B-156B-44B0-97EF-F2DF622D8398\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_server_-_standard_edition_version_4:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7CC5DA2A-6880-491A-A2FD-327CF952E977\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_server_-_web_edition:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"394A48A2-C95B-4B1F-A571-77FFD1DA9F0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:cosminexus_server_-_web_edition_version_4:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BC015FD-6D1D-4A6C-A480-326614BEB5BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:hitachi_web_server:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3721DE3-39EC-4C4A-B575-9F5CF2D21BE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:*:*:enterprise:*:*:*:*:*\",\"matchCriteriaId\":\"0B00BB4D-1C8A-4CFE-9EA4-5CBE055276DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_smart_edition:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"980D0920-2D78-4EAF-8C99-C9928708C825\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_application_server_standard:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88B1B8FF-8362-471C-85DB-01D675764DF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_developer_light:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7148FC73-6087-4F89-8832-7888D3502E85\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_developer_standard:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C937879-7AC4-4B36-BC3A-3C9B620A17F4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_service_architect:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"354BD4CE-7B1A-4442-9F87-08CD70D9499E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hitachi:ucosminexus_service_platform:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72E63548-3AB3-4B78-AA2D-5B2AC7E06DD7\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/32997\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://osvdb.org/32998\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/23843\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2007/0326\",\"source\":\"cve@mitre.org\"}]}}"
  }
}

CVE-2007-0514

Vulnerability from jvndb

Published

2009-02-04 17:42

Modified

2014-05-22 18:03

Severity ?

() - -

Summary

Multiple Vulnerabilities Concerning Hitachi Web Server

Details

Hitachi Web Server has vulnerabilities listed below: 1. A vulnerability that allows to roll back the Open SSL version when using the SSL. 2. Cross-site scripting vulnerability in contents created automatically by the Hitachi Web Server. 3. Cross-site scripting vulnerability due to inadequate processing of the Expect header.

References

▼	Type	URL
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3918
	CVE	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0514
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2969
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3352
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3918
	NVD	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0514
	JVNDB_Ja	http://jvndb.jvn.jp/ja/contents/2006/JVNDB-2006-000992.html
	Cross-site Scripting(CWE-79)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
	No Mapping(CWE-noinfo)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

▼	Vendor	Product
	Hitachi, Ltd	Cosminexus Application Server Enterprise
	Hitachi, Ltd	Cosminexus Application Server Standard
	Hitachi, Ltd	Cosminexus Application Server Version 5
	Hitachi, Ltd	Cosminexus Developer Light Version 6
	Hitachi, Ltd	Cosminexus Developer Professional Version 6
	Hitachi, Ltd	Cosminexus Developer Standard Version 6
	Hitachi, Ltd	Cosminexus Developer Version 5
	Hitachi, Ltd	Cosminexus Server - Enterprise Edition
	Hitachi, Ltd	Cosminexus Server - Standard Edition
	Hitachi, Ltd	Cosminexus Server - Standard Edition Version 4
	Hitachi, Ltd	Cosminexus Server - Web Edition
	Hitachi, Ltd	Cosminexus Server - Web Edition Version 4
	Hitachi, Ltd	Hitachi Web Server
	Hitachi, Ltd	uCosminexus Application Server Enterprise
	Hitachi, Ltd	uCosminexus Application Server Smart Edition
	Hitachi, Ltd	uCosminexus Application Server Standard
	Hitachi, Ltd	uCosminexus Developer
	Hitachi, Ltd	uCosminexus Developer Light
	Hitachi, Ltd	uCosminexus Developer Standard
	Hitachi, Ltd	uCosminexus Service Architect
	Hitachi, Ltd	uCosminexus Service Platform

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000992.html",
  "dc:date": "2014-05-22T18:03+09:00",
  "dcterms:issued": "2009-02-04T17:42+09:00",
  "dcterms:modified": "2014-05-22T18:03+09:00",
  "description": "Hitachi Web Server has vulnerabilities listed below:\r\n\r\n1. A vulnerability that allows to roll back the Open SSL version when using the SSL.\r\n\r\n2. Cross-site scripting vulnerability in contents created automatically by the Hitachi Web Server.\r\n\r\n3. Cross-site scripting vulnerability due to inadequate processing of the Expect header.",
  "link": "https://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000992.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:hitachi:cosminexus_application_server_enterprise",
      "@product": "Cosminexus Application Server Enterprise",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_application_server_standard",
      "@product": "Cosminexus Application Server Standard",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_application_server_version_5",
      "@product": "Cosminexus Application Server Version 5",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_light_version_6",
      "@product": "Cosminexus Developer Light Version 6",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_professional_version_6",
      "@product": "Cosminexus Developer Professional Version 6",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_standard_version_6",
      "@product": "Cosminexus Developer Standard Version 6",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_developer_version_5",
      "@product": "Cosminexus Developer Version 5",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_enterprise_edition",
      "@product": "Cosminexus Server - Enterprise Edition",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_standard_edition",
      "@product": "Cosminexus Server - Standard Edition",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_standard_edition_version_4",
      "@product": "Cosminexus Server - Standard Edition Version 4",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_web_edition",
      "@product": "Cosminexus Server - Web Edition",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:cosminexus_server_-_web_edition_version_4",
      "@product": "Cosminexus Server - Web Edition Version 4",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:hitachi_web_server",
      "@product": "Hitachi Web Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server_enterprise",
      "@product": "uCosminexus Application Server Enterprise",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server_smart_edition",
      "@product": "uCosminexus Application Server Smart Edition",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server_standard",
      "@product": "uCosminexus Application Server Standard",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer",
      "@product": "uCosminexus Developer",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer_light",
      "@product": "uCosminexus Developer Light",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer_standard",
      "@product": "uCosminexus Developer Standard",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_service_architect",
      "@product": "uCosminexus Service Architect",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_service_platform",
      "@product": "uCosminexus Service Platform",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "5.0",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2006-000992",
  "sec:references": [
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969",
      "@id": "CVE-2005-2969",
      "@source": "CVE"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352",
      "@id": "CVE-2005-3352",
      "@source": "CVE"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3918",
      "@id": "CVE-2006-3918",
      "@source": "CVE"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0514",
      "@id": "CVE-2007-0514",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2969",
      "@id": "CVE-2005-2969",
      "@source": "NVD"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3352",
      "@id": "CVE-2005-3352",
      "@source": "NVD"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3918",
      "@id": "CVE-2006-3918",
      "@source": "NVD"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0514",
      "@id": "CVE-2007-0514",
      "@source": "NVD"
    },
    {
      "#text": "http://jvndb.jvn.jp/ja/contents/2006/JVNDB-2006-000992.html",
      "@id": "JVNDB-2006-000992",
      "@source": "JVNDB_Ja"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-79",
      "@title": "Cross-site Scripting(CWE-79)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-noinfo",
      "@title": "No Mapping(CWE-noinfo)"
    }
  ],
  "title": "Multiple Vulnerabilities Concerning Hitachi Web Server"
}

var-200701-0392

Vulnerability from variot

Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML via (1) HTTP Expect headers or (2) image maps. Hitachi Web Server has vulnerabilities listed below: 1. A vulnerability that allows to roll back the Open SSL version when using the SSL. 2. 3. Cross-site scripting vulnerability due to inadequate processing of the Expect header.1. When using the SSL, there is the possibility an attacker could deceptively alter the protocol, forcing the use of SSL version 2. 2. and 3. An attacker could insert malicious script. ** Delete ** This case CVE-2005-2969 , CVE-2005-3352 , CVE-2006-3918 Contents of ( Both are Hitachi vendor information HS06-022) And was removed because it was found to be a duplicate. CVE-2005-2969 , CVE-2005-3352 , CVE-2006-3918 Please refer to. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user or to bypass certain security restrictions. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Secunia is proud to announce the availability of the Secunia Software Inspector.

The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor.

1) Input passed to certain parameters in various files in Hitachi Web Server is not properly sanitised before being returned to the user.

2) Input passed via the "Expect" header in Hitachi Web Server is not properly sanitised before being returned to the user.

3) An error in the way Hitachi Web Server handles SSL 3.0 or TLS 1.0 protocols can be exploited by attackers to replace the connection with a connection using SSL 2.0 protocol.

See the vendor advisory for a matrix of affected versions.

SOLUTION: Updates are available for some versions (please see vendor's advisory for details).

PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.

ORIGINAL ADVISORY: http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200701-0392",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "cosminexus server - web edition",
        "scope": null,
        "trust": 1.4,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus server - web edition version 4",
        "scope": null,
        "trust": 1.4,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "web server",
        "scope": null,
        "trust": 1.4,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus application server smart edition",
        "scope": null,
        "trust": 1.4,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus application server standard",
        "scope": null,
        "trust": 1.4,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus developer light",
        "scope": null,
        "trust": 1.4,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus developer standard",
        "scope": null,
        "trust": 1.4,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus service architect",
        "scope": null,
        "trust": 1.4,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus service platform",
        "scope": null,
        "trust": 1.4,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "web server",
        "scope": "ne",
        "trust": 1.2,
        "vendor": "hitachi",
        "version": "03-00-01"
      },
      {
        "model": "web server 02-04-/b",
        "scope": "ne",
        "trust": 1.2,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus developer standard version 6",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "cosminexus application server version 5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "ucosminexus developer standard",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "cosminexus server - standard edition version 4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "cosminexus application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "6"
      },
      {
        "model": "cosminexus server - web edition",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "ucosminexus application server standard",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "ucosminexus application server smart edition",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "cosminexus developer version 5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "ucosminexus application server enterprise",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "ucosminexus service architect",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "cosminexus developer light version 6",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "cosminexus application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "ucosminexus service platform",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "cosminexus server - enterprise edition",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "cosminexus developer professional version 6",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "ucosminexus developer light",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "cosminexus server - web edition version 4",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "web server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "cosminexus server - standard edition",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "hitachi",
        "version": "*"
      },
      {
        "model": "cosminexus application server enterprise",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "version 6"
      },
      {
        "model": "cosminexus application server standard",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "version 6"
      },
      {
        "model": "cosminexus application server version 5",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus developer light version 6",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus developer professional version 6",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus developer standard version 6",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus developer version 5",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus server - enterprise edition",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus server - standard edition",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus server - standard edition version 4",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "web server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- custom edition"
      },
      {
        "model": "web server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "- security enhancement"
      },
      {
        "model": "web server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "for vos3"
      },
      {
        "model": "ucosminexus application server enterprise",
        "scope": null,
        "trust": 0.8,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "professional"
      },
      {
        "model": "cosminexus application server",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "20070124"
      },
      {
        "model": "cosminexus application server version 5",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "20070124"
      },
      {
        "model": "cosminexus developer light version 6",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "20070124"
      },
      {
        "model": "cosminexus developer professional version 6",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "20070124"
      },
      {
        "model": "cosminexus developer standard version 6",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "20070124"
      },
      {
        "model": "cosminexus developer version 5",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "20070124"
      },
      {
        "model": "cosminexus server - enterprise edition",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "20070124"
      },
      {
        "model": "cosminexus server - standard edition",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "20070124"
      },
      {
        "model": "cosminexus server - standard edition version 4",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "20070124"
      },
      {
        "model": "cosminexus server - web edition",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "20070124"
      },
      {
        "model": "cosminexus server - web edition version 4",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "20070124"
      },
      {
        "model": "web server",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "20070124"
      },
      {
        "model": "ucosminexus application server enterprise",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "20070124"
      },
      {
        "model": "ucosminexus application server smart edition",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "20070124"
      },
      {
        "model": "ucosminexus application server standard",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "20070124"
      },
      {
        "model": "ucosminexus developer light",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "20070124"
      },
      {
        "model": "ucosminexus developer standard",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "20070124"
      },
      {
        "model": "ucosminexus service architect",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "20070124"
      },
      {
        "model": "ucosminexus service platform",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "hitachi",
        "version": "20070124"
      },
      {
        "model": "web server",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "ucosminexus service platform",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "ucosminexus service architect",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "ucosminexus developer standard",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "ucosminexus developer light",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "ucosminexus application server standard",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "ucosminexus application server smart edition",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "cosminexus server enterprise edition",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hitachi",
        "version": "-0"
      },
      {
        "model": "cosminexus application server enterprise",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hitachi",
        "version": "6"
      },
      {
        "model": "ucosminexus application server enterprise",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "hitachi",
        "version": "enterprise"
      },
      {
        "model": "web server for vos3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "web server security enhancement",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "-0"
      },
      {
        "model": "web server custom edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "-0"
      },
      {
        "model": "ucosminexus developer professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "ucosminexus application server enterprise )",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "09-80"
      },
      {
        "model": "cosminexus server web edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "4"
      },
      {
        "model": "cosminexus server web edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "cosminexus server standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "4"
      },
      {
        "model": "cosminexus server standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "0"
      },
      {
        "model": "cosminexus developer standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "6"
      },
      {
        "model": "cosminexus developer professional",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "6"
      },
      {
        "model": "cosminexus developer",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "5"
      },
      {
        "model": "cosminexus application server standard",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "6"
      },
      {
        "model": "cosminexus application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "5.0"
      },
      {
        "model": "web server 02-06-/a",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "web server 02-04-/a (windows ip",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "ucosminexus application server enterpris enterprise",
        "scope": null,
        "trust": 0.3,
        "vendor": "hitachi",
        "version": null
      },
      {
        "model": "cosminexus server web edition version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "-40"
      },
      {
        "model": "cosminexus server web edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "-0"
      },
      {
        "model": "cosminexus server standard edition version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "-40"
      },
      {
        "model": "cosminexus server standard edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "-0"
      },
      {
        "model": "cosminexus developer version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "50"
      },
      {
        "model": "cosminexus developer standard version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "60"
      },
      {
        "model": "cosminexus developer professional version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "60"
      },
      {
        "model": "cosminexus developer light version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "60"
      },
      {
        "model": "cosminexus application server version",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "50"
      },
      {
        "model": "cosminexus application server enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "hitachi",
        "version": "0"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "22234"
      },
      {
        "db": "BID",
        "id": "81987"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000992"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003272"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0514"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-449"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_server_-_enterprise_edition:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_server_-_standard_edition:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_standard:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_developer_light:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_developer_standard_version_6:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_developer_version_5:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:*:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_smart_edition:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server:6:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server_version_5:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_server_-_standard_edition_version_4:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_server_-_web_edition:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_developer_standard:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_service_architect:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_service_platform:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_developer_light_version_6:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_developer_professional_version_6:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_server_-_web_edition_version_4:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:hitachi_web_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-0514"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor disclosed these issues.",
    "sources": [
      {
        "db": "BID",
        "id": "22234"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2007-0514",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": true,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "None",
            "baseScore": 5.0,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "JVNDB-2006-000992",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2007-0514",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2006-000992",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200701-449",
            "trust": 0.6,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000992"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0514"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-449"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML via (1) HTTP Expect headers or (2) image maps. Hitachi Web Server has vulnerabilities listed below: 1. A vulnerability that allows to roll back the Open SSL version when using the SSL. 2. 3. Cross-site scripting vulnerability due to inadequate processing of the Expect header.1. When using the SSL, there is the possibility an attacker could deceptively alter the protocol, forcing the use of SSL version 2. 2. and 3. An attacker could insert malicious script. ** Delete ** This case CVE-2005-2969 , CVE-2005-3352 , CVE-2006-3918 Contents of ( Both are Hitachi vendor information HS06-022) And was removed because it was found to be a duplicate. CVE-2005-2969 , CVE-2005-3352 , CVE-2006-3918 Please refer to. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user or to bypass certain security restrictions. This may help the attacker steal cookie-based authentication credentials and launch other attacks. \n\n----------------------------------------------------------------------\n\nSecunia is proud to announce the availability of the Secunia Software\nInspector. \n\nThe Secunia Software Inspector is a free service that detects insecure\nversions of software that you may have installed in your system. When\ninsecure versions are detected, the Secunia Software Inspector also\nprovides thorough guidelines for updating the software to the latest\nsecure version from the vendor. \n\n1) Input passed to certain parameters in various files in Hitachi Web\nServer is not properly sanitised before being returned to the user. \n\n2) Input passed via the \"Expect\" header in Hitachi Web Server is not\nproperly sanitised before being returned to the user. \n\n3) An error in the way Hitachi Web Server handles SSL 3.0 or TLS 1.0\nprotocols can be exploited by attackers to replace the connection\nwith a connection using SSL 2.0 protocol. \n\nSee the vendor advisory for a matrix of affected versions. \n\nSOLUTION:\nUpdates are available for some versions (please see vendor\u0027s advisory\nfor details). \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2007-0514"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000992"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003272"
      },
      {
        "db": "BID",
        "id": "22234"
      },
      {
        "db": "BID",
        "id": "81987"
      },
      {
        "db": "PACKETSTORM",
        "id": "53943"
      }
    ],
    "trust": 2.97
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2007-0514",
        "trust": 3.5
      },
      {
        "db": "HITACHI",
        "id": "HS06-022",
        "trust": 2.3
      },
      {
        "db": "SECUNIA",
        "id": "23843",
        "trust": 1.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000992",
        "trust": 1.6
      },
      {
        "db": "OSVDB",
        "id": "32998",
        "trust": 1.6
      },
      {
        "db": "OSVDB",
        "id": "32997",
        "trust": 1.6
      },
      {
        "db": "VUPEN",
        "id": "ADV-2007-0326",
        "trust": 1.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003272",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-449",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "22234",
        "trust": 0.3
      },
      {
        "db": "BID",
        "id": "81987",
        "trust": 0.3
      },
      {
        "db": "PACKETSTORM",
        "id": "53943",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "22234"
      },
      {
        "db": "BID",
        "id": "81987"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000992"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003272"
      },
      {
        "db": "PACKETSTORM",
        "id": "53943"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0514"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-449"
      }
    ]
  },
  "id": "VAR-200701-0392",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.316269845
  },
  "last_update_date": "2023-12-18T11:28:08.862000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HS06-022",
        "trust": 1.6,
        "url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs06-022/index.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000992"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003272"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-79",
        "trust": 0.8
      },
      {
        "problemtype": "CWE-noinfo",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000992"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0514"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "http://www.hitachi-support.com/security_e/vuls_e/hs06-022_e/01-e.html"
      },
      {
        "trust": 1.6,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0514"
      },
      {
        "trust": 1.6,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0514"
      },
      {
        "trust": 1.6,
        "url": "http://osvdb.org/32997"
      },
      {
        "trust": 1.6,
        "url": "http://osvdb.org/32998"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/23843"
      },
      {
        "trust": 1.0,
        "url": "http://www.vupen.com/english/advisories/2007/0326"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-2969"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3352"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3918"
      },
      {
        "trust": 0.8,
        "url": "http://jvndb.jvn.jp/ja/contents/2006/jvndb-2006-000992.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-3918"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2005-2969"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2005-3352"
      },
      {
        "trust": 0.6,
        "url": "http://www.frsirt.com/english/advisories/2007/0326"
      },
      {
        "trust": 0.3,
        "url": "http://www.hitachi.com/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/13338/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/23843/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/13335/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/software_inspector/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/13337/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/13333/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/13336/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/13334/"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "22234"
      },
      {
        "db": "BID",
        "id": "81987"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000992"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003272"
      },
      {
        "db": "PACKETSTORM",
        "id": "53943"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0514"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-449"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "22234"
      },
      {
        "db": "BID",
        "id": "81987"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000992"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2007-003272"
      },
      {
        "db": "PACKETSTORM",
        "id": "53943"
      },
      {
        "db": "NVD",
        "id": "CVE-2007-0514"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-449"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2007-01-25T00:00:00",
        "db": "BID",
        "id": "22234"
      },
      {
        "date": "2007-01-25T00:00:00",
        "db": "BID",
        "id": "81987"
      },
      {
        "date": "2009-02-04T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000992"
      },
      {
        "date": "2012-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-003272"
      },
      {
        "date": "2007-01-27T01:46:45",
        "db": "PACKETSTORM",
        "id": "53943"
      },
      {
        "date": "2007-01-26T00:28:00",
        "db": "NVD",
        "id": "CVE-2007-0514"
      },
      {
        "date": "2007-01-25T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200701-449"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-12-18T14:11:00",
        "db": "BID",
        "id": "22234"
      },
      {
        "date": "2007-01-25T00:00:00",
        "db": "BID",
        "id": "81987"
      },
      {
        "date": "2014-05-22T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2006-000992"
      },
      {
        "date": "2012-09-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2007-003272"
      },
      {
        "date": "2011-03-08T02:49:59.453000",
        "db": "NVD",
        "id": "CVE-2007-0514"
      },
      {
        "date": "2007-01-26T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200701-449"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "network",
    "sources": [
      {
        "db": "BID",
        "id": "22234"
      },
      {
        "db": "BID",
        "id": "81987"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple Vulnerabilities Concerning Hitachi Web Server",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2006-000992"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "xss",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "53943"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200701-449"
      }
    ],
    "trust": 0.7
  }
}

ghsa-6v33-6r6q-36x7

Vulnerability from github

Published

2022-05-01 17:45

Modified

2022-05-01 17:45

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2007-0514"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2007-01-26T00:28:00Z",
    "severity": "MODERATE"
  },
  "details": "Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML via (1) HTTP Expect headers or (2) image maps.",
  "id": "GHSA-6v33-6r6q-36x7",
  "modified": "2022-05-01T17:45:00Z",
  "published": "2022-05-01T17:45:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2007-0514"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/32997"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/32998"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/23843"
    },
    {
      "type": "WEB",
      "url": "http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2007/0326"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2007-0514

Vulnerability from gsd

Modified

2023-12-13 01:21

Details

Aliases

CVE-2007-0514

Aliases

CVE-2007-0514

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2007-0514",
    "description": "Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML via (1) HTTP Expect headers or (2) image maps.",
    "id": "GSD-2007-0514"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2007-0514"
      ],
      "details": "Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML via (1) HTTP Expect headers or (2) image maps.",
      "id": "GSD-2007-0514",
      "modified": "2023-12-13T01:21:35.142415Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2007-0514",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML via (1) HTTP Expect headers or (2) image maps."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "32998",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/32998"
          },
          {
            "name": "23843",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/23843"
          },
          {
            "name": "ADV-2007-0326",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2007/0326"
          },
          {
            "name": "32997",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/32997"
          },
          {
            "name": "http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html",
            "refsource": "CONFIRM",
            "url": "http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_server_-_enterprise_edition:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_server_-_standard_edition:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_standard:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_developer_light:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_developer_standard_version_6:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_developer_version_5:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:*:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_smart_edition:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server:6:*:enterprise:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server_version_5:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_server_-_standard_edition_version_4:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_server_-_web_edition:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_developer_standard:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_service_architect:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_service_platform:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_developer_light_version_6:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_developer_professional_version_6:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_server_-_web_edition_version_4:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hitachi:hitachi_web_server:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2007-0514"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML via (1) HTTP Expect headers or (2) image maps."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html"
            },
            {
              "name": "23843",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/23843"
            },
            {
              "name": "32997",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/32997"
            },
            {
              "name": "32998",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/32998"
            },
            {
              "name": "ADV-2007-0326",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2007/0326"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": true,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2011-03-08T02:49Z",
      "publishedDate": "2007-01-26T00:28Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2007-0514

Vulnerability from cvelistv5

CVE-2007-0514

Vulnerability from jvndb

var-200701-0392

Vulnerability from variot

ghsa-6v33-6r6q-36x7

Vulnerability from github

gsd-2007-0514

Vulnerability from gsd

Tags

Sightings

Nomenclature