var-200701-0392
Vulnerability from variot
Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML via (1) HTTP Expect headers or (2) image maps. Hitachi Web Server has vulnerabilities listed below: 1. A vulnerability that allows to roll back the Open SSL version when using the SSL. 2. 3. Cross-site scripting vulnerability due to inadequate processing of the Expect header.1. When using the SSL, there is the possibility an attacker could deceptively alter the protocol, forcing the use of SSL version 2. 2. and 3. An attacker could insert malicious script. ** Delete ** This case CVE-2005-2969 , CVE-2005-3352 , CVE-2006-3918 Contents of ( Both are Hitachi vendor information HS06-022) And was removed because it was found to be a duplicate. CVE-2005-2969 , CVE-2005-3352 , CVE-2006-3918 Please refer to. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user or to bypass certain security restrictions. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Secunia is proud to announce the availability of the Secunia Software Inspector.
The Secunia Software Inspector is a free service that detects insecure versions of software that you may have installed in your system. When insecure versions are detected, the Secunia Software Inspector also provides thorough guidelines for updating the software to the latest secure version from the vendor.
1) Input passed to certain parameters in various files in Hitachi Web Server is not properly sanitised before being returned to the user.
2) Input passed via the "Expect" header in Hitachi Web Server is not properly sanitised before being returned to the user.
3) An error in the way Hitachi Web Server handles SSL 3.0 or TLS 1.0 protocols can be exploited by attackers to replace the connection with a connection using SSL 2.0 protocol.
See the vendor advisory for a matrix of affected versions.
SOLUTION: Updates are available for some versions (please see vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY: Reported by the vendor.
ORIGINAL ADVISORY: http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200701-0392",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "cosminexus server - web edition",
"scope": null,
"trust": 1.4,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus server - web edition version 4",
"scope": null,
"trust": 1.4,
"vendor": "hitachi",
"version": null
},
{
"model": "web server",
"scope": null,
"trust": 1.4,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus application server smart edition",
"scope": null,
"trust": 1.4,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus application server standard",
"scope": null,
"trust": 1.4,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus developer light",
"scope": null,
"trust": 1.4,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus developer standard",
"scope": null,
"trust": 1.4,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus service architect",
"scope": null,
"trust": 1.4,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus service platform",
"scope": null,
"trust": 1.4,
"vendor": "hitachi",
"version": null
},
{
"model": "web server",
"scope": "ne",
"trust": 1.2,
"vendor": "hitachi",
"version": "03-00-01"
},
{
"model": "web server 02-04-/b",
"scope": "ne",
"trust": 1.2,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus developer standard version 6",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "cosminexus application server version 5",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "cosminexus server - standard edition version 4",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "cosminexus application server",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "6"
},
{
"model": "cosminexus server - web edition",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "ucosminexus application server smart edition",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "cosminexus developer version 5",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "cosminexus developer light version 6",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "cosminexus application server",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "cosminexus server - enterprise edition",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "cosminexus developer professional version 6",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "ucosminexus developer light",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "cosminexus server - web edition version 4",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "web server",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "cosminexus server - standard edition",
"scope": "eq",
"trust": 1.0,
"vendor": "hitachi",
"version": "*"
},
{
"model": "cosminexus application server enterprise",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 6"
},
{
"model": "cosminexus application server standard",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "version 6"
},
{
"model": "cosminexus application server version 5",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus developer light version 6",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus developer professional version 6",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus developer standard version 6",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus developer version 5",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus server - enterprise edition",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus server - standard edition",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus server - standard edition version 4",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "web server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "- custom edition"
},
{
"model": "web server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "- security enhancement"
},
{
"model": "web server",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "for vos3"
},
{
"model": "ucosminexus application server enterprise",
"scope": null,
"trust": 0.8,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus developer",
"scope": "eq",
"trust": 0.8,
"vendor": "hitachi",
"version": "professional"
},
{
"model": "cosminexus application server",
"scope": "lt",
"trust": 0.8,
"vendor": "hitachi",
"version": "20070124"
},
{
"model": "cosminexus application server version 5",
"scope": "lt",
"trust": 0.8,
"vendor": "hitachi",
"version": "20070124"
},
{
"model": "cosminexus developer light version 6",
"scope": "lt",
"trust": 0.8,
"vendor": "hitachi",
"version": "20070124"
},
{
"model": "cosminexus developer professional version 6",
"scope": "lt",
"trust": 0.8,
"vendor": "hitachi",
"version": "20070124"
},
{
"model": "cosminexus developer standard version 6",
"scope": "lt",
"trust": 0.8,
"vendor": "hitachi",
"version": "20070124"
},
{
"model": "cosminexus developer version 5",
"scope": "lt",
"trust": 0.8,
"vendor": "hitachi",
"version": "20070124"
},
{
"model": "cosminexus server - enterprise edition",
"scope": "lt",
"trust": 0.8,
"vendor": "hitachi",
"version": "20070124"
},
{
"model": "cosminexus server - standard edition",
"scope": "lt",
"trust": 0.8,
"vendor": "hitachi",
"version": "20070124"
},
{
"model": "cosminexus server - standard edition version 4",
"scope": "lt",
"trust": 0.8,
"vendor": "hitachi",
"version": "20070124"
},
{
"model": "cosminexus server - web edition",
"scope": "lt",
"trust": 0.8,
"vendor": "hitachi",
"version": "20070124"
},
{
"model": "cosminexus server - web edition version 4",
"scope": "lt",
"trust": 0.8,
"vendor": "hitachi",
"version": "20070124"
},
{
"model": "web server",
"scope": "lt",
"trust": 0.8,
"vendor": "hitachi",
"version": "20070124"
},
{
"model": "ucosminexus application server enterprise",
"scope": "lt",
"trust": 0.8,
"vendor": "hitachi",
"version": "20070124"
},
{
"model": "ucosminexus application server smart edition",
"scope": "lt",
"trust": 0.8,
"vendor": "hitachi",
"version": "20070124"
},
{
"model": "ucosminexus application server standard",
"scope": "lt",
"trust": 0.8,
"vendor": "hitachi",
"version": "20070124"
},
{
"model": "ucosminexus developer light",
"scope": "lt",
"trust": 0.8,
"vendor": "hitachi",
"version": "20070124"
},
{
"model": "ucosminexus developer standard",
"scope": "lt",
"trust": 0.8,
"vendor": "hitachi",
"version": "20070124"
},
{
"model": "ucosminexus service architect",
"scope": "lt",
"trust": 0.8,
"vendor": "hitachi",
"version": "20070124"
},
{
"model": "ucosminexus service platform",
"scope": "lt",
"trust": 0.8,
"vendor": "hitachi",
"version": "20070124"
},
{
"model": "web server",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "0"
},
{
"model": "ucosminexus service platform",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "0"
},
{
"model": "ucosminexus service architect",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "0"
},
{
"model": "ucosminexus developer standard",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "0"
},
{
"model": "ucosminexus developer light",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "0"
},
{
"model": "ucosminexus application server standard",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "0"
},
{
"model": "ucosminexus application server smart edition",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "0"
},
{
"model": "cosminexus server enterprise edition",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "-0"
},
{
"model": "cosminexus application server enterprise",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "6"
},
{
"model": "ucosminexus application server enterprise",
"scope": "eq",
"trust": 0.6,
"vendor": "hitachi",
"version": "enterprise"
},
{
"model": "web server for vos3",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "web server security enhancement",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-0"
},
{
"model": "web server custom edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-0"
},
{
"model": "ucosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "ucosminexus application server enterprise )",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "09-80"
},
{
"model": "cosminexus server web edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "4"
},
{
"model": "cosminexus server web edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "cosminexus server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "4"
},
{
"model": "cosminexus server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
},
{
"model": "cosminexus developer standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
},
{
"model": "cosminexus developer professional",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
},
{
"model": "cosminexus developer",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "5"
},
{
"model": "cosminexus application server standard",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "6"
},
{
"model": "cosminexus application server",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "5.0"
},
{
"model": "web server 02-06-/a",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "web server 02-04-/a (windows ip",
"scope": "ne",
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "ucosminexus application server enterpris enterprise",
"scope": null,
"trust": 0.3,
"vendor": "hitachi",
"version": null
},
{
"model": "cosminexus server web edition version",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-40"
},
{
"model": "cosminexus server web edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-0"
},
{
"model": "cosminexus server standard edition version",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-40"
},
{
"model": "cosminexus server standard edition",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "-0"
},
{
"model": "cosminexus developer version",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "50"
},
{
"model": "cosminexus developer standard version",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "60"
},
{
"model": "cosminexus developer professional version",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "60"
},
{
"model": "cosminexus developer light version",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "60"
},
{
"model": "cosminexus application server version",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "50"
},
{
"model": "cosminexus application server enterprise",
"scope": "eq",
"trust": 0.3,
"vendor": "hitachi",
"version": "0"
}
],
"sources": [
{
"db": "BID",
"id": "22234"
},
{
"db": "BID",
"id": "81987"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000992"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003272"
},
{
"db": "NVD",
"id": "CVE-2007-0514"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-449"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_server_-_enterprise_edition:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_server_-_standard_edition:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_standard:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_developer_light:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_developer_standard_version_6:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_developer_version_5:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:*:*:enterprise:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_smart_edition:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server:6:*:enterprise:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server_version_5:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_server_-_standard_edition_version_4:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_server_-_web_edition:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_developer_standard:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_service_architect:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_service_platform:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_developer_light_version_6:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_developer_professional_version_6:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_server_-_web_edition_version_4:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:hitachi:hitachi_web_server:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0514"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor disclosed these issues.",
"sources": [
{
"db": "BID",
"id": "22234"
}
],
"trust": 0.3
},
"cve": "CVE-2007-0514",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "IPA",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2006-000992",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2007-0514",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "IPA",
"id": "JVNDB-2006-000992",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-200701-449",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-000992"
},
{
"db": "NVD",
"id": "CVE-2007-0514"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-449"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML via (1) HTTP Expect headers or (2) image maps. Hitachi Web Server has vulnerabilities listed below: 1. A vulnerability that allows to roll back the Open SSL version when using the SSL. 2. 3. Cross-site scripting vulnerability due to inadequate processing of the Expect header.1. When using the SSL, there is the possibility an attacker could deceptively alter the protocol, forcing the use of SSL version 2. 2. and 3. An attacker could insert malicious script. ** Delete ** This case CVE-2005-2969 , CVE-2005-3352 , CVE-2006-3918 Contents of ( Both are Hitachi vendor information HS06-022) And was removed because it was found to be a duplicate. CVE-2005-2969 , CVE-2005-3352 , CVE-2006-3918 Please refer to. \nAn attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user or to bypass certain security restrictions. This may help the attacker steal cookie-based authentication credentials and launch other attacks. \n\n----------------------------------------------------------------------\n\nSecunia is proud to announce the availability of the Secunia Software\nInspector. \n\nThe Secunia Software Inspector is a free service that detects insecure\nversions of software that you may have installed in your system. When\ninsecure versions are detected, the Secunia Software Inspector also\nprovides thorough guidelines for updating the software to the latest\nsecure version from the vendor. \n\n1) Input passed to certain parameters in various files in Hitachi Web\nServer is not properly sanitised before being returned to the user. \n\n2) Input passed via the \"Expect\" header in Hitachi Web Server is not\nproperly sanitised before being returned to the user. \n\n3) An error in the way Hitachi Web Server handles SSL 3.0 or TLS 1.0\nprotocols can be exploited by attackers to replace the connection\nwith a connection using SSL 2.0 protocol. \n\nSee the vendor advisory for a matrix of affected versions. \n\nSOLUTION:\nUpdates are available for some versions (please see vendor\u0027s advisory\nfor details). \n\nPROVIDED AND/OR DISCOVERED BY:\nReported by the vendor. \n\nORIGINAL ADVISORY:\nhttp://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2007-0514"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000992"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003272"
},
{
"db": "BID",
"id": "22234"
},
{
"db": "BID",
"id": "81987"
},
{
"db": "PACKETSTORM",
"id": "53943"
}
],
"trust": 2.97
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2007-0514",
"trust": 3.5
},
{
"db": "HITACHI",
"id": "HS06-022",
"trust": 2.3
},
{
"db": "SECUNIA",
"id": "23843",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000992",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "32998",
"trust": 1.6
},
{
"db": "OSVDB",
"id": "32997",
"trust": 1.6
},
{
"db": "VUPEN",
"id": "ADV-2007-0326",
"trust": 1.6
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003272",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200701-449",
"trust": 0.6
},
{
"db": "BID",
"id": "22234",
"trust": 0.3
},
{
"db": "BID",
"id": "81987",
"trust": 0.3
},
{
"db": "PACKETSTORM",
"id": "53943",
"trust": 0.1
}
],
"sources": [
{
"db": "BID",
"id": "22234"
},
{
"db": "BID",
"id": "81987"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000992"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003272"
},
{
"db": "PACKETSTORM",
"id": "53943"
},
{
"db": "NVD",
"id": "CVE-2007-0514"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-449"
}
]
},
"id": "VAR-200701-0392",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.316269845
},
"last_update_date": "2023-12-18T11:28:08.862000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HS06-022",
"trust": 1.6,
"url": "http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs06-022/index.html"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-000992"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003272"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
},
{
"problemtype": "CWE-79",
"trust": 0.8
},
{
"problemtype": "CWE-noinfo",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-000992"
},
{
"db": "NVD",
"id": "CVE-2007-0514"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "http://www.hitachi-support.com/security_e/vuls_e/hs06-022_e/01-e.html"
},
{
"trust": 1.6,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2007-0514"
},
{
"trust": 1.6,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2007-0514"
},
{
"trust": 1.6,
"url": "http://osvdb.org/32997"
},
{
"trust": 1.6,
"url": "http://osvdb.org/32998"
},
{
"trust": 1.6,
"url": "http://secunia.com/advisories/23843"
},
{
"trust": 1.0,
"url": "http://www.vupen.com/english/advisories/2007/0326"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-2969"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3352"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2006-3918"
},
{
"trust": 0.8,
"url": "http://jvndb.jvn.jp/ja/contents/2006/jvndb-2006-000992.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2006-3918"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2005-2969"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2005-3352"
},
{
"trust": 0.6,
"url": "http://www.frsirt.com/english/advisories/2007/0326"
},
{
"trust": 0.3,
"url": "http://www.hitachi.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/13338/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/23843/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/13335/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/software_inspector/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/13337/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/13333/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/13336/"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/13334/"
}
],
"sources": [
{
"db": "BID",
"id": "22234"
},
{
"db": "BID",
"id": "81987"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000992"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003272"
},
{
"db": "PACKETSTORM",
"id": "53943"
},
{
"db": "NVD",
"id": "CVE-2007-0514"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-449"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "BID",
"id": "22234"
},
{
"db": "BID",
"id": "81987"
},
{
"db": "JVNDB",
"id": "JVNDB-2006-000992"
},
{
"db": "JVNDB",
"id": "JVNDB-2007-003272"
},
{
"db": "PACKETSTORM",
"id": "53943"
},
{
"db": "NVD",
"id": "CVE-2007-0514"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-449"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2007-01-25T00:00:00",
"db": "BID",
"id": "22234"
},
{
"date": "2007-01-25T00:00:00",
"db": "BID",
"id": "81987"
},
{
"date": "2009-02-04T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-000992"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-003272"
},
{
"date": "2007-01-27T01:46:45",
"db": "PACKETSTORM",
"id": "53943"
},
{
"date": "2007-01-26T00:28:00",
"db": "NVD",
"id": "CVE-2007-0514"
},
{
"date": "2007-01-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200701-449"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-12-18T14:11:00",
"db": "BID",
"id": "22234"
},
{
"date": "2007-01-25T00:00:00",
"db": "BID",
"id": "81987"
},
{
"date": "2014-05-22T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2006-000992"
},
{
"date": "2012-09-25T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2007-003272"
},
{
"date": "2011-03-08T02:49:59.453000",
"db": "NVD",
"id": "CVE-2007-0514"
},
{
"date": "2007-01-26T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200701-449"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "22234"
},
{
"db": "BID",
"id": "81987"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple Vulnerabilities Concerning Hitachi Web Server",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2006-000992"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "xss",
"sources": [
{
"db": "PACKETSTORM",
"id": "53943"
},
{
"db": "CNNVD",
"id": "CNNVD-200701-449"
}
],
"trust": 0.7
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.