CVE-2007-0514

Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML via (1) HTTP Expect headers or (2) image maps.

CVSS v2.0 6.8 MEDIUM

6.8^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html	Patch Vendor Advisory
http://secunia.com/advisories/23843
http://osvdb.org/32997
http://osvdb.org/32998
http://www.vupen.com/english/advisories/2007/0326

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:hitachi:cosminexus_application_server::::::::
	cpe:2.3:a:hitachi:cosminexus_server_-_enterprise_edition::::::::
	cpe:2.3:a:hitachi:cosminexus_server_-_standard_edition::::::::
	cpe:2.3:a:hitachi:ucosminexus_application_server_standard::::::::
	cpe:2.3:a:hitachi:ucosminexus_developer_light::::::::
	cpe:2.3:a:hitachi:cosminexus_developer_standard_version_6::::::::
	cpe:2.3:a:hitachi:cosminexus_developer_version_5::::::::
	cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:::enterprise:::::*
	cpe:2.3:a:hitachi:ucosminexus_application_server_smart_edition::::::::
	cpe:2.3:a:hitachi:cosminexus_application_server:6::enterprise:::::
	cpe:2.3:a:hitachi:cosminexus_application_server_version_5::::::::
	cpe:2.3:a:hitachi:hitachi_web_server::::::::
	cpe:2.3:a:hitachi:ucosminexus_developer_standard::::::::
	cpe:2.3:a:hitachi:cosminexus_server_-_web_edition::::::::
	cpe:2.3:a:hitachi:ucosminexus_service_platform::::::::
	cpe:2.3:a:hitachi:cosminexus_server_-_web_edition_version_4::::::::
	cpe:2.3:a:hitachi:cosminexus_developer_light_version_6::::::::
	cpe:2.3:a:hitachi:ucosminexus_service_architect::::::::
	cpe:2.3:a:hitachi:cosminexus_server_-_standard_edition_version_4::::::::
	cpe:2.3:a:hitachi:cosminexus_developer_professional_version_6::::::::

Information

Published : 2007-01-25 16:28

Updated : 2011-03-07 18:49

NVD link : CVE-2007-0514

Mitre link : CVE-2007-0514

JSON object : View

CWE

NVD-CWE-Other

Products Affected

hitachi

ucosminexus_developer_standard
cosminexus_server_-_standard_edition
ucosminexus_service_platform
cosminexus_server_-_enterprise_edition
cosminexus_server_-_web_edition_version_4
cosminexus_developer_standard_version_6
cosminexus_developer_version_5
cosminexus_developer_professional_version_6
ucosminexus_application_server_enterprise
ucosminexus_developer_light
ucosminexus_application_server_standard
hitachi_web_server
ucosminexus_application_server_smart_edition
cosminexus_developer_light_version_6
cosminexus_server_-_standard_edition_version_4
cosminexus_application_server_version_5
cosminexus_server_-_web_edition
ucosminexus_service_architect
cosminexus_application_server

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html", "name": "http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/23843", "name": "23843", "tags": [], "refsource": "SECUNIA"}, {"url": "http://osvdb.org/32997", "name": "32997", "tags": [], "refsource": "OSVDB"}, {"url": "http://osvdb.org/32998", "name": "32998", "tags": [], "refsource": "OSVDB"}, {"url": "http://www.vupen.com/english/advisories/2007/0326", "name": "ADV-2007-0326", "tags": [], "refsource": "VUPEN"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML via (1) HTTP Expect headers or (2) image maps."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2007-0514", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2007-01-26T00:28Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_server_-_enterprise_edition:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_server_-_standard_edition:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_standard:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_developer_light:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_developer_standard_version_6:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_developer_version_5:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:*:*:enterprise:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_application_server_smart_edition:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server:6:*:enterprise:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_application_server_version_5:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hitachi:hitachi_web_server:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_developer_standard:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_server_-_web_edition:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_service_platform:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_server_-_web_edition_version_4:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_developer_light_version_6:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hitachi:ucosminexus_service_architect:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_server_-_standard_edition_version_4:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:hitachi:cosminexus_developer_professional_version_6:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2011-03-08T02:49Z"}

6.8 /10