This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Hitachi First view 2007-08-27
Product Ucosminexus Application Server Standard Last view 2007-11-05
Version 06_72_b_1 Type Application
Update *  
Edition linux  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:hitachi:ucosminexus_application_server_standard

Activity : Overall

Related : CVE

  Date Alert Description
5 2007-11-05 CVE-2007-5810

Hitachi Web Server 01-00 through 03-00-01, as used by certain Cosminexus products, does not properly validate SSL client certificates, which might allow remote attackers to spoof authentication via a client certificate with a forged signature.

4.3 2007-11-05 CVE-2007-5809

Cross-site scripting (XSS) vulnerability in Hitachi Web Server 01-00 through 03-10, as used by certain Cosminexus products, allows remote attackers to inject arbitrary web script or HTML via unspecified HTTP requests that trigger creation of a server-status page.

4.6 2007-08-27 CVE-2007-4564

Cosminexus Manager in Cosminexus Application Server 07-00 and later might assign the wrong user's group permissions to logical user server processes, which allows local users to gain privileges.

4.4 2007-08-27 CVE-2007-4563

Cosminexus Manager in Cosminexus Application Server 06-50 and later might assign the wrong user's group permissions to logical J2EE server processes, which allows local users to gain privileges.

CWE : Common Weakness Enumeration

%idName
50% (2) CWE-264 Permissions, Privileges, and Access Controls
25% (1) CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting')
25% (1) CWE-20 Improper Input Validation

Open Source Vulnerability Database (OSVDB)

id Description
42027 Hitachi Web Server Server-status Page Creation Unspecified XSS
42026 Hitachi Web Server SSL Client Certification Validation Weakness
37855 Hitachi Cosminexus Application Server Manager Logical User Server Process Per...
37854 Hitachi Cosminexus Application Server Manager Logical J2EE Server Process Per...