jvndb-2007-000710
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Severity ?
() - -
Summary
Cosminexus Denial of Service Vulnerability
Details
JSSE (Java Secure Socket Extension) in Cosminexua Developer's Kit for Java may fall into a denial of service condition when it handles an improper SSL/TLS handshake request. An attacker could exploit this vulnerability and cause a denial of service on the systems that establish an SSL/TLS connection using JSSE API.
References
CVE http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5281
NVD http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5281
SECUNIA http://secunia.com/advisories/27075
BID http://www.securityfocus.com/bid/25935
XF http://xforce.iss.net/xforce/xfdb/36965
FRSIRT http://www.frsirt.com/english/advisories/2007/3375
No Mapping(CWE-DesignError) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Improper Input Validation(CWE-20) https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html
Impacted products
Hitachi, LtdCosminexus Developer's Kit for Java(TM)
Hitachi, LtduCosminexus Application Server
Hitachi, LtduCosminexus Client
Hitachi, LtduCosminexus Developer
Hitachi, LtduCosminexus Operator
Hitachi, LtduCosminexus Service
Show details on JVN DB website

To clipboard 

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000710.html",
  "dc:date": "2008-05-21T00:00+09:00",
  "dcterms:issued": "2008-05-21T00:00+09:00",
  "dcterms:modified": "2008-05-21T00:00+09:00",
  "description": "JSSE (Java Secure Socket Extension) in Cosminexua Developer\u0027s Kit for Java may fall into a denial of service condition when it handles an improper SSL/TLS handshake request. An attacker could exploit this vulnerability and cause a denial of service on the systems that establish an SSL/TLS connection using JSSE API.",
  "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000710.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:hitachi:cosminexus_developers_kit_for_java",
      "@product": "Cosminexus Developer\u0027s Kit for Java(TM)",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_application_server",
      "@product": "uCosminexus Application Server",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_client",
      "@product": "uCosminexus Client",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_developer",
      "@product": "uCosminexus Developer",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_operator",
      "@product": "uCosminexus Operator",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:hitachi:ucosminexus_service",
      "@product": "uCosminexus Service",
      "@vendor": "Hitachi, Ltd",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "5.0",
    "@severity": "Medium",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2007-000710",
  "sec:references": [
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5281",
      "@id": "CVE-2007-5281",
      "@source": "CVE"
    },
    {
      "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5281",
      "@id": "CVE-2007-5281",
      "@source": "NVD"
    },
    {
      "#text": "http://secunia.com/advisories/27075",
      "@id": "SA27075",
      "@source": "SECUNIA"
    },
    {
      "#text": "http://www.securityfocus.com/bid/25935",
      "@id": "25935",
      "@source": "BID"
    },
    {
      "#text": "http://xforce.iss.net/xforce/xfdb/36965",
      "@id": "36965",
      "@source": "XF"
    },
    {
      "#text": "http://www.frsirt.com/english/advisories/2007/3375",
      "@id": "FrSIRT/ADV-2007-3375",
      "@source": "FRSIRT"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-DesignError",
      "@title": "No Mapping(CWE-DesignError)"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-20",
      "@title": "Improper Input Validation(CWE-20)"
    }
  ],
  "title": "Cosminexus Denial of Service Vulnerability"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.