This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Hitachi First view 2005-10-06
Product Cosminexus Application Server Last view 2010-04-21
Version Type Application
Update  
Edition  
Language  
Sofware Edition  
Target Software  
Target Hardware  
Other  

Activity : Overall

COMMON PLATFORM ENUMERATION: Repartition per Version

CPE Name Affected CVE
cpe:2.3:a:hitachi:cosminexus_application_server:05_00_05_05_k:*:*:*:*:*:*:* 2
cpe:2.3:a:hitachi:cosminexus_application_server:6:*:enterprise:*:*:*:*:* 2
cpe:2.3:a:hitachi:cosminexus_application_server:06_02_06_02_f:*:enterprise:*:*:*:*:* 1
cpe:2.3:a:hitachi:cosminexus_application_server:06_50_06_50_d:*:enterprise:*:*:*:*:* 1
cpe:2.3:a:hitachi:cosminexus_application_server:06_00_06_00_d:*:standard:*:*:*:*:* 1
cpe:2.3:a:hitachi:cosminexus_application_server:06_51_06_51_c:*:*:*:*:*:*:* 1
cpe:2.3:a:hitachi:cosminexus_application_server:06_00_06_00_g:*:standard:*:*:*:*:* 1
cpe:2.3:a:hitachi:cosminexus_application_server:05_02_05_02_e:*:*:*:*:*:*:* 1
cpe:2.3:a:hitachi:cosminexus_application_server:06_51_06_51_g:*:standard:*:*:*:*:* 1
cpe:2.3:a:hitachi:cosminexus_application_server:05_05_05_00_o:*:*:*:*:*:*:* 1
cpe:2.3:a:hitachi:cosminexus_application_server:05_01_05_01_k:*:*:*:*:*:*:* 1
cpe:2.3:a:hitachi:cosminexus_application_server:05_05_05_05_h:*:*:*:*:*:*:* 1
cpe:2.3:a:hitachi:cosminexus_application_server:06_00_06_00_b:*:enterprise:*:*:*:*:* 1
cpe:2.3:a:hitachi:cosminexus_application_server:06_00_06_00_e:*:enterprise:*:*:*:*:* 1
cpe:2.3:a:hitachi:cosminexus_application_server:06_02_06_02_f:*:standard:*:*:*:*:* 1
cpe:2.3:a:hitachi:cosminexus_application_server:06_00_06_00_e:*:standard:*:*:*:*:* 1
cpe:2.3:a:hitachi:cosminexus_application_server:06_00_06_00_a:*:standard:*:*:*:*:* 1
cpe:2.3:a:hitachi:cosminexus_application_server:06_00_06_00_d:*:*:*:*:*:*:* 1
cpe:2.3:a:hitachi:cosminexus_application_server:05_00_05_05_e:*:*:*:*:*:*:* 1
cpe:2.3:a:hitachi:cosminexus_application_server:05_00_05_05_f:*:*:*:*:*:*:* 1
cpe:2.3:a:hitachi:cosminexus_application_server:05_00_05_05_h:*:*:*:*:*:*:* 1
cpe:2.3:a:hitachi:cosminexus_application_server:*:*:*:*:*:*:*:* 1
cpe:2.3:a:hitachi:cosminexus_application_server:6:*:standard:*:*:*:*:* 1
cpe:2.3:a:hitachi:cosminexus_application_server:05-00-/s:*:*:*:*:*:*:* 1
cpe:2.3:a:hitachi:cosminexus_application_server:05-01-/l:*:*:*:*:*:*:* 1
cpe:2.3:a:hitachi:cosminexus_application_server:6:-:enterprise:*:*:*:*:* 1
cpe:2.3:a:hitachi:cosminexus_application_server:06_50_06_50_d:*:standard:*:*:*:*:* 1
cpe:2.3:a:hitachi:cosminexus_application_server:06_00_06_50_f:*:standard:*:*:*:*:* 1
cpe:2.3:a:hitachi:cosminexus_application_server:05_00_05_00_q:*:*:*:*:*:*:* 1
cpe:2.3:a:hitachi:cosminexus_application_server:05_00_05_00_h:*:*:*:*:*:*:* 1
cpe:2.3:a:hitachi:cosminexus_application_server:06_50_06_50_e:*:enterprise:*:*:*:*:* 1
cpe:2.3:a:hitachi:cosminexus_application_server:06_51_06_51_b:*:standard:*:*:*:*:* 1
cpe:2.3:a:hitachi:cosminexus_application_server:06_51_06_51_b:*:*:*:*:*:*:* 1
cpe:2.3:a:hitachi:cosminexus_application_server:06_50_06_50_c:*:standard:*:*:*:*:* 1
cpe:2.3:a:hitachi:cosminexus_application_server:06_50_06_50_b:*:standard:*:*:*:*:* 1
cpe:2.3:a:hitachi:cosminexus_application_server:06_50_06_50_c:*:*:*:*:*:*:* 1
cpe:2.3:a:hitachi:cosminexus_application_server:06_50_06_50_f:*:standard:*:*:*:*:* 1
cpe:2.3:a:hitachi:cosminexus_application_server:06_00_06_00_b:*:standard:*:*:*:*:* 1
cpe:2.3:a:hitachi:cosminexus_application_server:06_50_06_50_c:*:enterprise:*:*:*:*:* 1
cpe:2.3:a:hitachi:cosminexus_application_server:06_00_06_00_d:*:enterprise:*:*:*:*:* 1
cpe:2.3:a:hitachi:cosminexus_application_server:06_50_06_50_e:*:standard:*:*:*:*:* 1
cpe:2.3:a:hitachi:cosminexus_application_server:06_51_06_51_b:*:enterprise:*:*:*:*:* 1
cpe:2.3:a:hitachi:cosminexus_application_server:06_51_06_51_g:*:enterprise:*:*:*:*:* 1
cpe:2.3:a:hitachi:cosminexus_application_server:05_05_05_05_l:*:*:*:*:*:*:* 1
cpe:2.3:a:hitachi:cosminexus_application_server:05_00_05_00_r:*:*:*:*:*:*:* 1
cpe:2.3:a:hitachi:cosminexus_application_server:06_00_06_00_g:*:enterprise:*:*:*:*:* 1
cpe:2.3:a:hitachi:cosminexus_application_server:06_02_06_02_f:*:*:*:*:*:*:* 1
cpe:2.3:a:hitachi:cosminexus_application_server:06_00_06_00_a:*:enterprise:*:*:*:*:* 1
cpe:2.3:a:hitachi:cosminexus_application_server:06_50_06_50_b:*:enterprise:*:*:*:*:* 1
cpe:2.3:a:hitachi:cosminexus_application_server:06_50_06_50_f:*:enterprise:*:*:*:*:* 1

Related : CVE

  Date Alert Description
9.3 2010-04-21 CVE-2009-4776

Buffer overflow in Hitachi Cosminexus V4 through V8, Processing Kit for XML, and Developer's Kit for Java, as used in products such as uCosminexus, Electronic Form Workflow, Groupmax, and IBM XL C/C++ Enterprise Edition 7 and 8, allows remote attackers to have an unknown impact via vectors related to the use of GIF image processing APIs by a Java application, and a different issue from CVE-2007-3794.
4.9 2007-08-01 CVE-2007-4124

The session failover function in Cosminexus Component Container in Cosminexus 6, 6.7, and 7 before 20070731, as used in multiple Hitachi products, can use session data for the wrong user under unspecified conditions, which might allow remote authenticated users to obtain sensitive information, corrupt another user's session data, and possibly gain privileges.
10 2007-07-15 CVE-2007-3794

Buffer overflow in Hitachi Cosminexus V4 through V7, Processing Kit for XML before 20070511, Developer's Kit for Java before 20070312, and third-party products that use this software, allows attackers to have an unknown impact via certain GIF images, related to use of GIF image processing APIs by a Java application.
7.8 2007-07-09 CVE-2007-3626

Unspecified vulnerability in the ADM daemon in Hitachi TPBroker before 20070706 allows remote attackers to cause a denial of service (daemon crash) via a certain request.
6.8 2007-01-25 CVE-2007-0514

Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML via (1) HTTP Expect headers or (2) image maps.
2.6 2005-10-06 CVE-2005-3164

The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.

CWE : Common Weakness Enumeration

%idName
50% (1) CWE-200 Information Exposure
50% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

Open Source Vulnerability Database (OSVDB)

id Description
57834 Hitachi Multiple Products GIF Processing Overflow
37852 Hitachi Multiple Products Cosminexus Component Container Session Data Handli...
37851 Hitachi Multiple Products GIF Processing Unspecified Overflow
37847 Hitachi TPBroker ADM Daemon Unspecified Remote DoS
32998 Hitachi Web Server Image Maps XSS
32997 Hitachi Web Server HTTP Expect Header XSS
19821 Apache Tomcat Malformed Post Request Information Disclosure

OpenVAS Exploits

id Description
2010-05-12 Name : Mac OS X 10.5.4 Update / Mac OS X Security Update 2008-004
File : nvt/macosx_upd_10_5_4_secupd_2008-004.nasl

Nessus® Vulnerability Scanner

id Description
2010-06-16 Name: The remote Apache Tomcat server is affected by multiple vulnerabilities.
File: tomcat_4_1_37.nasl - Type: ACT_GATHER_INFO
2008-07-01 Name: The remote host is missing a Mac OS X update that fixes various security issues.
File: macosx_10_5_4.nasl - Type: ACT_GATHER_INFO
2008-07-01 Name: The remote host is missing a Mac OS X update that fixes various security issues.
File: macosx_SecUpd2008-004.nasl - Type: ACT_GATHER_INFO