製品・ソフトウェアに関する情報

JVN脆弱性詳細

Hitachi Web Server における複数の脆弱性

Title	Hitachi Web Server における複数の脆弱性
Summary	Hitachi Web Server には下記の脆弱性が存在します。 1. SSL を使用している場合に、OpenSSL のバージョンをロールバックされる脆弱性があります。 2. Hitachi Web Server が自動作成したコンテンツにクロスサイトスクリプティングの脆弱性があります。 3. Expect ヘッダの処理に不備があるため、クロスサイトスクリプティングの脆弱性があります。
Possible impacts	1. SSLを使用している場合、攻撃者により、不当にSSLバージョン2の接続に変更される可能性があります。 2,3. 不正なスクリプトを挿入される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Dec. 21, 2006, midnight
Registration Date	Feb. 2, 2009, 3:46 p.m.
Last Update	May 22, 2014, 5:59 p.m.

CVSS2.0 : 警告
Score	5
Vector	AV:N/AC:L/Au:N/C:N/I:P/A:N

Affected System

日立

Cosminexus Application Server Enterprise Version 6

Cosminexus Application Server Standard Version 6

Cosminexus Application Server Version 5

Cosminexus Developer Light Version 6

Cosminexus Developer Professional Version 6

Cosminexus Developer Standard Version 6

Cosminexus Developer Version 5

Cosminexus Server - Enterprise Edition

Cosminexus Server - Standard Edition

Cosminexus Server - Standard Edition Version 4

Cosminexus Server - Web Edition

Cosminexus Server - Web Edition Version 4

Hitachi Web Server

Hitachi Web Server - Custom Edition

Hitachi Web Server - Security Enhancement

Hitachi Web Server for VOS3

uCosminexus Application Server Enterprise

uCosminexus Application Server Smart Edition

uCosminexus Application Server Standard

uCosminexus Developer Professional

uCosminexus Developer Light

uCosminexus Developer Standard

uCosminexus Service Architect

uCosminexus Service Platform

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2005-2969	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2969
2	CVE-2005-3352	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3352
3	CVE-2006-3918	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3918
4	CVE-2007-0514	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0514
National Vulnerability Database (NVD)
5	CVE-2005-2969	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2969
6	CVE-2005-3352	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-3352
7	CVE-2006-3918	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3918
8	CVE-2007-0514	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0514

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-79	https://jvndb.jvn.jp/ja/cwe/CWE-79.html
2	CWE-noinfo	https://www.ipa.go.jp/security/vuln/CWE.html#CWEnoinfo

ベンダー情報

No	Name	URL
Hitachi Software Vulnerability Information
1	HS06-022	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS06-022/index.html
ソフトウェア製品セキュリティ情報
2	HS06-022	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS06-022/index.html

その他

No	Name	URL
JVN iPedia (English)
1	JVNDB-2006-000992	http://jvndb.jvn.jp/en/contents/2006/JVNDB-2006-000992.html

Change Log

No	Changed Details	Date of change
0	[2009年02月02日] 掲載 [2014年05月22日] 参考情報：Common Vulnerabilities and Exposures (CVE) (CVE-2005-2969) を追加参考情報：Common Vulnerabilities and Exposures (CVE) (CVE-2006-3918) を追加参考情報：Common Vulnerabilities and Exposures (CVE) (CVE-2005-3352) を追加参考情報：Common Vulnerabilities and Exposures (CVE) (CVE-2007-0514) を追加参考情報：National Vulnerability Database (NVD) (CVE-2005-2969) を追加参考情報：National Vulnerability Database (NVD) (CVE-2006-3918) を追加参考情報：National Vulnerability Database (NVD) (CVE-2005-3352) を追加参考情報：National Vulnerability Database (NVD) (CVE-2007-0514) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2005-2969

Summary	The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack.
Publication Date	Oct. 19, 2005, 6:02 a.m.
Registration Date	Jan. 29, 2021, 5:59 p.m.
Last Update	May 3, 2018, 10:29 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:openssl:openssl:0.9.7:::::::*
cpe:2.3:a:openssl:openssl:0.9.7a:::::::*
cpe:2.3:a:openssl:openssl:0.9.7b:::::::*
cpe:2.3:a:openssl:openssl:0.9.7c:::::::*
cpe:2.3:a:openssl:openssl:0.9.7d:::::::*
cpe:2.3:a:openssl:openssl:0.9.7e:::::::*
cpe:2.3:a:openssl:openssl:0.9.7f:::::::*
cpe:2.3:a:openssl:openssl:0.9.7g:::::::*
cpe:2.3:a:openssl:openssl:0.9.8:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers/dir5.10.3_docs_relnotes.pdf	MISC
2	http://docs.info.apple.com/article.html?artnum=302847	APPLE
3	http://itrc.hp.com/service/cki/docDisplay.do?docId=c00805100	HP
4	http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540	HP
5	http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html	TRUSTIX
6	http://secunia.com/advisories/17146	SECUNIA
7	http://secunia.com/advisories/17151	SECUNIA
8	http://secunia.com/advisories/17153	SECUNIA
9	http://secunia.com/advisories/17169	SECUNIA
10	http://secunia.com/advisories/17178	SECUNIA
11	http://secunia.com/advisories/17180	SECUNIA
12	http://secunia.com/advisories/17189	SECUNIA
13	http://secunia.com/advisories/17191	SECUNIA
14	http://secunia.com/advisories/17210	SECUNIA
15	http://secunia.com/advisories/17259	SECUNIA
16	http://secunia.com/advisories/17288	SECUNIA
17	http://secunia.com/advisories/17335	SECUNIA
18	http://secunia.com/advisories/17344	SECUNIA
19	http://secunia.com/advisories/17389	SECUNIA
20	http://secunia.com/advisories/17409	SECUNIA
21	http://secunia.com/advisories/17432	SECUNIA
22	http://secunia.com/advisories/17466	SECUNIA
23	http://secunia.com/advisories/17589	SECUNIA
24	http://secunia.com/advisories/17617	SECUNIA
25	http://secunia.com/advisories/17632	SECUNIA
26	http://secunia.com/advisories/17813	SECUNIA
27	http://secunia.com/advisories/17888	SECUNIA
28	http://secunia.com/advisories/18045	SECUNIA
29	http://secunia.com/advisories/18123	SECUNIA
30	http://secunia.com/advisories/18165	SECUNIA
31	http://secunia.com/advisories/18663	SECUNIA
32	http://secunia.com/advisories/19185	SECUNIA
33	http://secunia.com/advisories/21827	SECUNIA
34	http://secunia.com/advisories/23280	SECUNIA
35	http://secunia.com/advisories/23340	SECUNIA
36	http://secunia.com/advisories/23843	SECUNIA
37	http://secunia.com/advisories/23915	SECUNIA
38	http://secunia.com/advisories/25973	SECUNIA
39	http://secunia.com/advisories/26893	SECUNIA
40	http://secunia.com/advisories/31492	SECUNIA
41	http://securitytracker.com/id?1015032	SECTRACK
42	http://sunsolve.sun.com/search/document.do?assetkey=1-26-101974-1	SUNALERT
43	http://support.avaya.com/elmodocs2/security/ASA-2006-031.htm	CONFIRM
44	http://support.avaya.com/elmodocs2/security/ASA-2006-260.htm	CONFIRM
45	http://www.cisco.com/warp/public/707/cisco-response-20051202-openssl.shtml	CISCO
46	http://www.debian.org/security/2005/dsa-875	DEBIAN
47	http://www.debian.org/security/2005/dsa-881	DEBIAN
48	http://www.debian.org/security/2005/dsa-882	DEBIAN
49	http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html	CONFIRM
50	http://www.hitachi-support.com/security_e/vuls_e/HS07-016_e/index-e.html	CONFIRM
51	http://www.juniper.net/support/security/alerts/PSN-2005-12-025.txt	MISC
52	http://www.mandriva.com/security/advisories?name=MDKSA-2005:179	MANDRIVA
53	http://www.novell.com/linux/security/advisories/2005_61_openssl.html	SUSE
54	http://www.openssl.org/news/secadv_20051011.txt	CONFIRM	Patch Vendor Advisory
55	http://www.redhat.com/support/errata/RHSA-2005-762.html	REDHAT
56	http://www.redhat.com/support/errata/RHSA-2005-800.html	REDHAT	Vendor Advisory
57	http://www.redhat.com/support/errata/RHSA-2008-0629.html	REDHAT
58	http://www.securityfocus.com/bid/15071	BID
59	http://www.securityfocus.com/bid/15647	BID
60	http://www.securityfocus.com/bid/24799	BID
61	http://www.vupen.com/english/advisories/2005/2036	VUPEN
62	http://www.vupen.com/english/advisories/2005/2659	VUPEN
63	http://www.vupen.com/english/advisories/2005/2710	VUPEN
64	http://www.vupen.com/english/advisories/2005/2908	VUPEN
65	http://www.vupen.com/english/advisories/2005/3002	VUPEN
66	http://www.vupen.com/english/advisories/2005/3056	VUPEN
67	http://www.vupen.com/english/advisories/2006/3531	VUPEN
68	http://www.vupen.com/english/advisories/2007/0326	VUPEN
69	http://www.vupen.com/english/advisories/2007/0343	VUPEN
70	http://www.vupen.com/english/advisories/2007/2457	VUPEN
71	http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754	MISC
72	https://exchange.xforce.ibmcloud.com/vulnerabilities/35287	XF
73	https://issues.rpath.com/browse/RPL-1633	CONFIRM
74	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11454	OVAL

Common Vulnerabilities List

CVE-2005-3352

Summary	Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
Publication Date	Dec. 14, 2005, 5:03 a.m.
Registration Date	Jan. 29, 2021, 5:59 p.m.
Last Update	Jan. 20, 2024, 12:12 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:apache:http_server:2.2:::::::*
cpe:2.3:a:apache:http_server::::::::				1.3.35
cpe:2.3:a:apache:http_server::::::::	2.0			2.0.56

Related information, measures and tools

No	URL	refsource	タグ
1	http://securitytracker.com/id?1015344	SECTRACK	Patch Third Party Advisory VDB Entry
2	http://www.securityfocus.com/bid/15834	BID	Third Party Advisory VDB Entry
3	http://secunia.com/advisories/18008	SECUNIA	Not Applicable
4	http://issues.apache.org/bugzilla/show_bug.cgi?id=37874	CONFIRM	Issue Tracking
5	http://www.openpkg.org/security/OpenPKG-SA-2005.029-apache.txt	OPENPKG	Third Party Advisory
6	http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:007	MANDRIVA	Third Party Advisory
7	http://rhn.redhat.com/errata/RHSA-2006-0159.html	REDHAT	Third Party Advisory
8	http://www.trustix.org/errata/2005/0074/	TRUSTIX	Third Party Advisory
9	http://secunia.com/advisories/18333	SECUNIA	Not Applicable
10	http://secunia.com/advisories/18339	SECUNIA	Not Applicable
11	http://secunia.com/advisories/18340	SECUNIA	Not Applicable
12	http://www.ubuntulinux.org/usn/usn-241-1	UBUNTU	Third Party Advisory
13	http://secunia.com/advisories/18429	SECUNIA	Not Applicable
14	http://www.redhat.com/archives/fedora-announce-list/2006-January/msg00060.html	FEDORA	Third Party Advisory
15	http://secunia.com/advisories/18585	SECUNIA	Not Applicable
16	ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U	SGI	Broken Link
17	http://secunia.com/advisories/18517	SECUNIA	Not Applicable
18	http://www.gentoo.org/security/en/glsa/glsa-200602-03.xml	GENTOO	Third Party Advisory
19	http://secunia.com/advisories/18743	SECUNIA	Not Applicable
20	http://www.redhat.com/support/errata/RHSA-2006-0158.html	REDHAT	Third Party Advisory
21	http://secunia.com/advisories/17319	SECUNIA	Not Applicable URL Repurposed
22	http://www-1.ibm.com/support/search.wss?rs=0&q=PK16139&apar=only	AIXAPAR	Third Party Advisory
23	http://lists.suse.de/archive/suse-security-announce/2006-Feb/0008.html	SUSE	Broken Link
24	http://secunia.com/advisories/18526	SECUNIA	Not Applicable
25	http://secunia.com/advisories/19012	SECUNIA	Not Applicable
26	http://www-1.ibm.com/support/search.wss?rs=0&q=PK25355&apar=only	AIXAPAR	Third Party Advisory
27	http://secunia.com/advisories/20670	SECUNIA	Not Applicable
28	http://www.novell.com/linux/security/advisories/2006_43_apache.html	SUSE	Third Party Advisory
29	http://www.debian.org/security/2006/dsa-1167	DEBIAN	Third Party Advisory
30	http://secunia.com/advisories/21744	SECUNIA	Not Applicable Third Party Advisory
31	http://rhn.redhat.com/errata/RHSA-2006-0692.html	REDHAT	Broken Link
32	http://secunia.com/advisories/22140	SECUNIA	Third Party Advisory
33	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102662-1	SUNALERT	Third Party Advisory
34	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102663-1	SUNALERT	Third Party Advisory
35	http://secunia.com/advisories/22368	SECUNIA	Third Party Advisory
36	http://secunia.com/advisories/22388	SECUNIA	Third Party Advisory
37	http://secunia.com/advisories/22669	SECUNIA	Third Party Advisory
38	http://secunia.com/advisories/23260	SECUNIA	Third Party Advisory
39	http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.685483	SLACKWARE	Third Party Advisory
40	http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.470158	SLACKWARE	Third Party Advisory
41	http://secunia.com/advisories/20046	SECUNIA	Not Applicable
42	http://lists.suse.com/archive/suse-security-announce/2007-May/0005.html	SUSE	Broken Link
43	http://secunia.com/advisories/25239	SECUNIA	Third Party Advisory
44	http://docs.info.apple.com/article.html?artnum=307562	CONFIRM	Broken Link
45	http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html	APPLE	Mailing List
46	http://secunia.com/advisories/29420	SECUNIA	Third Party Advisory
47	http://secunia.com/advisories/29849	SECUNIA	Third Party Advisory
48	http://lists.apple.com/archives/security-announce/2008//May/msg00001.html	APPLE	Mailing List
49	http://www.us-cert.gov/cas/techalerts/TA08-150A.html	CERT	Third Party Advisory US Government Resource
50	http://secunia.com/advisories/30430	SECUNIA	Third Party Advisory
51	http://www.vupen.com/english/advisories/2006/3995	VUPEN	Third Party Advisory
52	http://www.vupen.com/english/advisories/2006/4300	VUPEN	Third Party Advisory
53	http://www.vupen.com/english/advisories/2008/1697	VUPEN	Third Party Advisory
54	http://www.vupen.com/english/advisories/2008/0924/references	VUPEN	Third Party Advisory
55	http://www.vupen.com/english/advisories/2006/2423	VUPEN	Third Party Advisory
56	http://www.vupen.com/english/advisories/2006/4015	VUPEN	Third Party Advisory
57	http://www.vupen.com/english/advisories/2005/2870	VUPEN	Third Party Advisory
58	http://www.vupen.com/english/advisories/2008/1246/references	VUPEN	Third Party Advisory
59	http://www.vupen.com/english/advisories/2006/4868	VUPEN	Third Party Advisory
60	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449	HP	Broken Link
61	http://marc.info/?l=bugtraq&m=130497311408250&w=2	HP	Mailing List Third Party Advisory
62	http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html	CONFIRM	Third Party Advisory
63	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10480	OVAL	Broken Link
64	http://www.securityfocus.com/archive/1/450321/100/0/threaded	HP	Third Party Advisory VDB Entry
65	http://www.securityfocus.com/archive/1/450315/100/0/threaded	HP	Third Party Advisory VDB Entry
66	http://www.securityfocus.com/archive/1/445206/100/0/threaded	HP	Third Party Advisory VDB Entry
67	http://www.securityfocus.com/archive/1/425399/100/0/threaded	FEDORA	Third Party Advisory VDB Entry
68	https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E		Third Party Advisory
69	https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E		Third Party Advisory
70	https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E		Third Party Advisory
71	https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E		Third Party Advisory
72	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E		Third Party Advisory
73	https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E		Third Party Advisory
74	https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E		Third Party Advisory
75	https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E		Third Party Advisory
76	https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E		Third Party Advisory
77	https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E		Third Party Advisory
78	https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E		Third Party Advisory
79	https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E		Third Party Advisory
80	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E		Third Party Advisory
81	https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E		Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html

CVE-2006-3918

Summary	http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
Publication Date	July 28, 2006, 9:04 a.m.
Registration Date	Jan. 29, 2021, 3:42 p.m.
Last Update	Nov. 7, 2023, 10:59 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:apache:http_server::::::::		1.3.3			1.3.35

Configuration2		or higher	or less	more than	less than
cpe:2.3:o:debian:debian_linux:3.1:::::::*

Configuration3	or higher	or less	more than	less than
cpe:2.3:o:canonical:ubuntu_linux:7.04:::::::*
cpe:2.3:o:canonical:ubuntu_linux:7.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:6.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*

Configuration4	or higher	or less	more than	less than
cpe:2.3:o:redhat:enterprise_linux_server:2.0:::::::*
cpe:2.3:o:redhat:enterprise_linux_workstation:2.0:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://archives.neohapsis.com/archives/bugtraq/2006-05/0151.html	BUGTRAQ	Broken Link Exploit
2	http://archives.neohapsis.com/archives/bugtraq/2006-07/0425.html	BUGTRAQ	Broken Link Exploit
3	http://svn.apache.org/viewvc?view=rev&revision=394965	CONFIRM	Exploit Vendor Advisory
4	http://www-1.ibm.com/support/docview.wss?uid=swg1PK24631	AIXAPAR	Third Party Advisory
5	http://secunia.com/advisories/21172	SECUNIA	Not Applicable Patch Vendor Advisory
6	http://secunia.com/advisories/21174	SECUNIA	Not Applicable Patch Vendor Advisory
7	http://securitytracker.com/id?1016569	SECTRACK	Broken Link Third Party Advisory VDB Entry
8	http://www-1.ibm.com/support/docview.wss?uid=swg24013080	AIXAPAR	Third Party Advisory
9	http://rhn.redhat.com/errata/RHSA-2006-0618.html	REDHAT	Third Party Advisory
10	http://www.redhat.com/support/errata/RHSA-2006-0619.html	REDHAT	Third Party Advisory
11	http://secunia.com/advisories/21399	SECUNIA	Not Applicable
12	http://secunia.com/advisories/21478	SECUNIA	Not Applicable
13	http://www.debian.org/security/2006/dsa-1167	DEBIAN	Third Party Advisory
14	ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P	SGI	Broken Link
15	http://secunia.com/advisories/21848	SECUNIA	Not Applicable
16	http://secunia.com/advisories/21598	SECUNIA	Not Applicable
17	http://secunia.com/advisories/21744	SECUNIA	Not Applicable
18	http://www.novell.com/linux/security/advisories/2006_51_apache.html	SUSE	Third Party Advisory
19	http://support.avaya.com/elmodocs2/security/ASA-2006-194.htm	CONFIRM	Third Party Advisory
20	http://secunia.com/advisories/21986	SECUNIA	Not Applicable
21	http://rhn.redhat.com/errata/RHSA-2006-0692.html	REDHAT	Third Party Advisory
22	http://secunia.com/advisories/22140	SECUNIA	Not Applicable
23	http://openbsd.org/errata.html#httpd2	OPENBSD	Third Party Advisory
24	http://www.securityfocus.com/bid/19661	BID	Third Party Advisory VDB Entry
25	http://secunia.com/advisories/22317	SECUNIA	Not Applicable
26	http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117	CONFIRM	Broken Link
27	http://secunia.com/advisories/22523	SECUNIA	Not Applicable
28	http://kb.vmware.com/KanisaPlatform/Publishing/466/5915871_f.SAL_Public.html	CONFIRM	Third Party Advisory
29	http://securityreason.com/securityalert/1294	SREASON	Exploit Third Party Advisory
30	http://www.ubuntu.com/usn/usn-575-1	UBUNTU	Third Party Advisory
31	http://secunia.com/advisories/28749	SECUNIA	Not Applicable
32	http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html	SUSE	Mailing List Third Party Advisory
33	http://secunia.com/advisories/29640	SECUNIA	Not Applicable
34	http://marc.info/?l=bugtraq&m=125631037611762&w=2	HP	Issue Tracking Mailing List Third Party Advisory
35	http://marc.info/?l=bugtraq&m=129190899612998&w=2	HP	Issue Tracking Mailing List Third Party Advisory
36	http://www.vupen.com/english/advisories/2006/2964	VUPEN	Permissions Required
37	http://www.vupen.com/english/advisories/2006/5089	VUPEN	Permissions Required
38	http://www.vupen.com/english/advisories/2006/3264	VUPEN	Permissions Required
39	http://www.vupen.com/english/advisories/2006/2963	VUPEN	Permissions Required
40	http://www.vupen.com/english/advisories/2006/4207	VUPEN	Permissions Required
41	http://marc.info/?l=bugtraq&m=130497311408250&w=2	HP	Issue Tracking Mailing List Third Party Advisory
42	http://www.vupen.com/english/advisories/2010/1572	VUPEN	Permissions Required
43	http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-2.html	CONFIRM	Third Party Advisory
44	http://www.securitytracker.com/id?1024144	SECTRACK	Broken Link Third Party Advisory VDB Entry
45	http://secunia.com/advisories/40256	SECUNIA	Not Applicable
46	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12238	OVAL	Third Party Advisory
47	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10352	OVAL	Third Party Advisory
48	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
49	https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
50	https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E
51	https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E
52	https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E
53	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
54	https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
55	https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
56	https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html

CVE-2007-0514

Summary	Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML via (1) HTTP Expect headers or (2) image maps.
Publication Date	Jan. 26, 2007, 9:28 a.m.
Registration Date	Jan. 29, 2021, 2:05 p.m.
Last Update	March 8, 2011, 11:49 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:hitachi:cosminexus_application_server::::::::
cpe:2.3:a:hitachi:cosminexus_application_server:6::enterprise:::::
cpe:2.3:a:hitachi:cosminexus_application_server_version_5::::::::
cpe:2.3:a:hitachi:cosminexus_developer_light_version_6::::::::
cpe:2.3:a:hitachi:cosminexus_developer_professional_version_6::::::::
cpe:2.3:a:hitachi:cosminexus_developer_standard_version_6::::::::
cpe:2.3:a:hitachi:cosminexus_developer_version_5::::::::
cpe:2.3:a:hitachi:cosminexus_server_-_enterprise_edition::::::::
cpe:2.3:a:hitachi:cosminexus_server_-_standard_edition::::::::
cpe:2.3:a:hitachi:cosminexus_server_-_standard_edition_version_4::::::::
cpe:2.3:a:hitachi:cosminexus_server_-_web_edition::::::::
cpe:2.3:a:hitachi:cosminexus_server_-_web_edition_version_4::::::::
cpe:2.3:a:hitachi:hitachi_web_server::::::::
cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:::enterprise:::::*
cpe:2.3:a:hitachi:ucosminexus_application_server_smart_edition::::::::
cpe:2.3:a:hitachi:ucosminexus_application_server_standard::::::::
cpe:2.3:a:hitachi:ucosminexus_developer_light::::::::
cpe:2.3:a:hitachi:ucosminexus_developer_standard::::::::
cpe:2.3:a:hitachi:ucosminexus_service_architect::::::::
cpe:2.3:a:hitachi:ucosminexus_service_platform::::::::

Related information, measures and tools

No	URL	refsource	タグ
1	http://osvdb.org/32997	OSVDB
2	http://osvdb.org/32998	OSVDB
3	http://secunia.com/advisories/23843	SECUNIA
4	http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html	CONFIRM	Patch Vendor Advisory
5	http://www.vupen.com/english/advisories/2007/0326	VUPEN

Common Vulnerabilities List

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:openssl:openssl:0.9.7:::::::*
cpe:2.3:a:openssl:openssl:0.9.7a:::::::*
cpe:2.3:a:openssl:openssl:0.9.7b:::::::*
cpe:2.3:a:openssl:openssl:0.9.7c:::::::*
cpe:2.3:a:openssl:openssl:0.9.7d:::::::*
cpe:2.3:a:openssl:openssl:0.9.7e:::::::*
cpe:2.3:a:openssl:openssl:0.9.7f:::::::*
cpe:2.3:a:openssl:openssl:0.9.7g:::::::*
cpe:2.3:a:openssl:openssl:0.9.8:::::::*

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:hitachi:cosminexus_application_server::::::::
cpe:2.3:a:hitachi:cosminexus_application_server:6::enterprise:::::
cpe:2.3:a:hitachi:cosminexus_application_server_version_5::::::::
cpe:2.3:a:hitachi:cosminexus_developer_light_version_6::::::::
cpe:2.3:a:hitachi:cosminexus_developer_professional_version_6::::::::
cpe:2.3:a:hitachi:cosminexus_developer_standard_version_6::::::::
cpe:2.3:a:hitachi:cosminexus_developer_version_5::::::::
cpe:2.3:a:hitachi:cosminexus_server_-_enterprise_edition::::::::
cpe:2.3:a:hitachi:cosminexus_server_-_standard_edition::::::::
cpe:2.3:a:hitachi:cosminexus_server_-_standard_edition_version_4::::::::
cpe:2.3:a:hitachi:cosminexus_server_-_web_edition::::::::
cpe:2.3:a:hitachi:cosminexus_server_-_web_edition_version_4::::::::
cpe:2.3:a:hitachi:hitachi_web_server::::::::
cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:::enterprise:::::*
cpe:2.3:a:hitachi:ucosminexus_application_server_smart_edition::::::::
cpe:2.3:a:hitachi:ucosminexus_application_server_standard::::::::
cpe:2.3:a:hitachi:ucosminexus_developer_light::::::::
cpe:2.3:a:hitachi:ucosminexus_developer_standard::::::::
cpe:2.3:a:hitachi:ucosminexus_service_architect::::::::
cpe:2.3:a:hitachi:ucosminexus_service_platform::::::::