Vulnerability CVE-2007-0514
Published: 2007-01-25   Modified: 2012-02-12

Description:
Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML via (1) HTTP Expect headers or (2) image maps.

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
6.8/10
6.4/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Hitachi -> Ucosminexus developer light 
Hitachi -> Cosminexus application server 
Hitachi -> Ucosminexus developer standard 
Hitachi -> Cosminexus application server version 5 
Hitachi -> Ucosminexus service architect 
Hitachi -> Cosminexus developer light version 6 
Hitachi -> Ucosminexus service platform 
Hitachi -> Cosminexus developer professional version 6 
Hitachi -> Cosminexus developer standard version 6 
Hitachi -> Cosminexus developer version 5 
Hitachi -> Cosminexus server - enterprise edition 
Hitachi -> Cosminexus server - standard edition 
Hitachi -> Cosminexus server - standard edition version 4 
Hitachi -> Cosminexus server - web edition 
Hitachi -> Cosminexus server - web edition version 4 
Hitachi -> Hitachi web server 
Hitachi -> Ucosminexus application server enterprise 
Hitachi -> Ucosminexus application server smart edition 
Hitachi -> Ucosminexus application server standard 

 References:
http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html
http://www.vupen.com/english/advisories/2007/0326
http://osvdb.org/32998
http://osvdb.org/32997
http://secunia.com/advisories/23843
Copyright 2024, cxsecurity.com

 

Back to Top