製品・ソフトウェアに関する情報

JVN脆弱性詳細

Hitachi Web ServerのSSLクライアント認証における脆弱性

Title	Hitachi Web ServerのSSLクライアント認証における脆弱性
Summary	SSLクライアント認証において，Webサーバに接続しようとしているクライアントが送付するクライアント証明書が不正なものであっても，不当に正しい証明書として検証してしまう脆弱性が存在します。本脆弱性は、クライアント認証の機能を使用していない場合は影響を受けない事がベンダより報告されています。
Possible impacts	第三者によって不正な証明書を用いてアクセスされる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Oct. 5, 2007, midnight
Registration Date	Oct. 23, 2007, 3:55 p.m.
Last Update	May 23, 2014, 6:32 p.m.

CVSS2.0 : 警告
Score	5
Vector	AV:N/AC:L/Au:N/C:P/I:N/A:N

Affected System

日立

Cosminexus Application Server Enterprise Version 6

Cosminexus Application Server Standard Version 6

Cosminexus Application Server Version 5

Cosminexus Developer Light Version 6

Cosminexus Developer Professional Version 6

Cosminexus Developer Standard Version 6

Cosminexus Developer Version 5

Cosminexus Server - Enterprise Edition

Cosminexus Server - Standard Edition

Cosminexus Server - Standard Edition Version 4

Cosminexus Server - Web Edition

Cosminexus Server - Web Edition Version 4

Hitachi Web Server

uCosminexus Application Server Enterprise

uCosminexus Application Server Standard

uCosminexus Developer Professional

uCosminexus Developer Light

uCosminexus Developer Standard

uCosminexus Service Architect

uCosminexus Service Platform

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2006-4339	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
2	CVE-2007-5810	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5810
National Vulnerability Database (NVD)
3	CVE-2006-4339	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4339
4	CVE-2007-5810	http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5810

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-20	https://jvndb.jvn.jp/ja/cwe/CWE-20.html

ベンダー情報

No	Name	URL
Hitachi Software Vulnerability Information
1	HS07-034	http://www.hitachi-support.com/security_e/vuls_e/HS07-034_e/index-e.html
ソフトウェア製品セキュリティ情報
2	HS07-034	http://www.hitachi-support.com/security/vuls/HS07-034/index.html

その他

No	Name	URL
FrSIRT Advisories
1	FrSIRT/ADV-2007-3666	http://www.frsirt.com/english/advisories/2007/3666
ISS X-Force Database
2	28755	http://xforce.iss.net/xforce/xfdb/28755
Secunia Advisory
3	SA27421	http://secunia.com/advisories/27421

Change Log

No	Changed Details	Date of change
0	[2007年10月23日] 掲載 [2014年05月23日] 参考情報：Common Vulnerabilities and Exposures (CVE) (CVE-2006-4339) を追加参考情報：National Vulnerability Database (NVD) (CVE-2006-43394) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2006-4339

Summary	OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents OpenSSL from correctly verifying X.509 and other certificates that use PKCS #1.
Publication Date	Sept. 6, 2006, 2:04 a.m.
Registration Date	Jan. 29, 2021, 3:44 p.m.
Last Update	Oct. 18, 2018, 6:35 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:openssl:openssl:0.9.1c:::::::*
cpe:2.3:a:openssl:openssl:0.9.2b:::::::*
cpe:2.3:a:openssl:openssl:0.9.3:::::::*
cpe:2.3:a:openssl:openssl:0.9.3a:::::::*
cpe:2.3:a:openssl:openssl:0.9.4:::::::*
cpe:2.3:a:openssl:openssl:0.9.5:::::::*
cpe:2.3:a:openssl:openssl:0.9.5:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.5:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.5a:::::::*
cpe:2.3:a:openssl:openssl:0.9.5a:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.5a:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.6:::::::*
cpe:2.3:a:openssl:openssl:0.9.6:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.6:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.6:beta3::::::
cpe:2.3:a:openssl:openssl:0.9.6a:::::::*
cpe:2.3:a:openssl:openssl:0.9.6a:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.6a:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.6a:beta3::::::
cpe:2.3:a:openssl:openssl:0.9.6b:::::::*
cpe:2.3:a:openssl:openssl:0.9.6c:::::::*
cpe:2.3:a:openssl:openssl:0.9.6d:::::::*
cpe:2.3:a:openssl:openssl:0.9.6e:::::::*
cpe:2.3:a:openssl:openssl:0.9.6f:::::::*
cpe:2.3:a:openssl:openssl:0.9.6g:::::::*
cpe:2.3:a:openssl:openssl:0.9.6h:::::::*
cpe:2.3:a:openssl:openssl:0.9.6i:::::::*
cpe:2.3:a:openssl:openssl:0.9.6j:::::::*
cpe:2.3:a:openssl:openssl:0.9.6k:::::::*
cpe:2.3:a:openssl:openssl:0.9.6l:::::::*
cpe:2.3:a:openssl:openssl:0.9.6m:::::::*
cpe:2.3:a:openssl:openssl::::::::		0.9.7
cpe:2.3:a:openssl:openssl:0.9.7a:::::::*
cpe:2.3:a:openssl:openssl:0.9.7b:::::::*
cpe:2.3:a:openssl:openssl:0.9.7c:::::::*
cpe:2.3:a:openssl:openssl:0.9.7d:::::::*
cpe:2.3:a:openssl:openssl:0.9.7e:::::::*
cpe:2.3:a:openssl:openssl:0.9.7f:::::::*
cpe:2.3:a:openssl:openssl:0.9.7g:::::::*
cpe:2.3:a:openssl:openssl:0.9.7h:::::::*
cpe:2.3:a:openssl:openssl:0.9.7i:::::::*
cpe:2.3:a:openssl:openssl:0.9.7j:::::::*
cpe:2.3:a:openssl:openssl:0.9.8:::::::*
cpe:2.3:a:openssl:openssl:0.9.8a:::::::*
cpe:2.3:a:openssl:openssl:0.9.8b:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	ftp://patches.sgi.com/support/free/security/advisories/20060901-01-P.asc	SGI
2	http://dev2dev.bea.com/pub/advisory/238	BEA
3	http://docs.info.apple.com/article.html?artnum=304829	CONFIRM
4	http://docs.info.apple.com/article.html?artnum=307177	MISC
5	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c01070495	HP
6	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771	HP
7	http://itrc.hp.com/service/cki/docDisplay.do?docId=c00849540	HP
8	http://jvn.jp/en/jp/JVN51615542/index.html	JVN
9	http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-000079.html	JVNDB
10	http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html	APPLE
11	http://lists.apple.com/archives/Security-announce/2007/Dec/msg00001.html	APPLE
12	http://lists.vmware.com/pipermail/security-announce/2008/000008.html	MLIST
13	http://marc.info/?l=bind-announce&m=116253119512445&w=2	MLIST
14	http://marc.info/?l=bugtraq&m=130497311408250&w=2	HP
15	http://openvpn.net/changelog.html	CONFIRM
16	http://secunia.com/advisories/21709	SECUNIA	Patch Vendor Advisory
17	http://secunia.com/advisories/21767	SECUNIA	Vendor Advisory
18	http://secunia.com/advisories/21776	SECUNIA	Vendor Advisory
19	http://secunia.com/advisories/21778	SECUNIA	Vendor Advisory
20	http://secunia.com/advisories/21785	SECUNIA	Vendor Advisory
21	http://secunia.com/advisories/21791	SECUNIA	Vendor Advisory
22	http://secunia.com/advisories/21812	SECUNIA	Vendor Advisory
23	http://secunia.com/advisories/21823	SECUNIA	Vendor Advisory
24	http://secunia.com/advisories/21846	SECUNIA	Vendor Advisory
25	http://secunia.com/advisories/21852	SECUNIA	Vendor Advisory
26	http://secunia.com/advisories/21870	SECUNIA	Vendor Advisory
27	http://secunia.com/advisories/21873	SECUNIA	Vendor Advisory
28	http://secunia.com/advisories/21906	SECUNIA	Vendor Advisory
29	http://secunia.com/advisories/21927	SECUNIA	Vendor Advisory
30	http://secunia.com/advisories/21930	SECUNIA	Vendor Advisory
31	http://secunia.com/advisories/21982	SECUNIA	Vendor Advisory
32	http://secunia.com/advisories/22036	SECUNIA	Vendor Advisory
33	http://secunia.com/advisories/22044	SECUNIA
34	http://secunia.com/advisories/22066	SECUNIA
35	http://secunia.com/advisories/22161	SECUNIA	Vendor Advisory
36	http://secunia.com/advisories/22226	SECUNIA	Vendor Advisory
37	http://secunia.com/advisories/22232	SECUNIA	Vendor Advisory
38	http://secunia.com/advisories/22259	SECUNIA	Vendor Advisory
39	http://secunia.com/advisories/22260	SECUNIA	Vendor Advisory
40	http://secunia.com/advisories/22284	SECUNIA
41	http://secunia.com/advisories/22325	SECUNIA
42	http://secunia.com/advisories/22446	SECUNIA
43	http://secunia.com/advisories/22509	SECUNIA
44	http://secunia.com/advisories/22513	SECUNIA
45	http://secunia.com/advisories/22523	SECUNIA
46	http://secunia.com/advisories/22545	SECUNIA
47	http://secunia.com/advisories/22585	SECUNIA
48	http://secunia.com/advisories/22671	SECUNIA
49	http://secunia.com/advisories/22689	SECUNIA
50	http://secunia.com/advisories/22711	SECUNIA
51	http://secunia.com/advisories/22733	SECUNIA
52	http://secunia.com/advisories/22758	SECUNIA
53	http://secunia.com/advisories/22799	SECUNIA
54	http://secunia.com/advisories/22932	SECUNIA
55	http://secunia.com/advisories/22934	SECUNIA
56	http://secunia.com/advisories/22936	SECUNIA
57	http://secunia.com/advisories/22937	SECUNIA
58	http://secunia.com/advisories/22938	SECUNIA
59	http://secunia.com/advisories/22939	SECUNIA
60	http://secunia.com/advisories/22940	SECUNIA
61	http://secunia.com/advisories/22948	SECUNIA
62	http://secunia.com/advisories/22949	SECUNIA
63	http://secunia.com/advisories/23155	SECUNIA
64	http://secunia.com/advisories/23455	SECUNIA
65	http://secunia.com/advisories/23680	SECUNIA
66	http://secunia.com/advisories/23794	SECUNIA
67	http://secunia.com/advisories/23841	SECUNIA
68	http://secunia.com/advisories/23915	SECUNIA
69	http://secunia.com/advisories/24099	SECUNIA
70	http://secunia.com/advisories/24930	SECUNIA
71	http://secunia.com/advisories/24950	SECUNIA
72	http://secunia.com/advisories/25284	SECUNIA
73	http://secunia.com/advisories/25399	SECUNIA
74	http://secunia.com/advisories/25649	SECUNIA
75	http://secunia.com/advisories/26329	SECUNIA
76	http://secunia.com/advisories/26893	SECUNIA
77	http://secunia.com/advisories/28115	SECUNIA
78	http://secunia.com/advisories/31492	SECUNIA
79	http://secunia.com/advisories/38567	SECUNIA
80	http://secunia.com/advisories/38568	SECUNIA
81	http://secunia.com/advisories/41818	SECUNIA
82	http://secunia.com/advisories/60799	SECUNIA
83	http://security.freebsd.org/advisories/FreeBSD-SA-06:19.openssl.asc	FREEBSD
84	http://security.gentoo.org/glsa/glsa-200609-05.xml	GENTOO
85	http://security.gentoo.org/glsa/glsa-200609-18.xml	GENTOO
86	http://securitytracker.com/id?1016791	SECTRACK
87	http://securitytracker.com/id?1017522	SECTRACK
88	http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.566955	SLACKWARE
89	http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.605306	SLACKWARE
90	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102648-1	SUNALERT
91	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102656-1	SUNALERT
92	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102657-1	SUNALERT
93	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102686-1	SUNALERT
94	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102696-1	SUNALERT
95	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102722-1	SUNALERT
96	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102744-1	SUNALERT
97	http://sunsolve.sun.com/search/document.do?assetkey=1-26-102759-1	SUNALERT
98	http://sunsolve.sun.com/search/document.do?assetkey=1-66-200708-1	SUNALERT
99	http://sunsolve.sun.com/search/document.do?assetkey=1-66-201247-1	SUNALERT
100	http://sunsolve.sun.com/search/document.do?assetkey=1-66-201534-1	SUNALERT
101	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000148.1-1	SUNALERT
102	http://support.attachmate.com/techdocs/2127.html	CONFIRM
103	http://support.attachmate.com/techdocs/2128.html	CONFIRM
104	http://support.attachmate.com/techdocs/2137.html	CONFIRM
105	http://support.avaya.com/elmodocs2/security/ASA-2006-188.htm	CONFIRM
106	http://www.arkoon.fr/upload/alertes/40AK-2006-04-FR-1.1_SSL360_OPENSSL_RSA.pdf	CONFIRM
107	http://www.bluecoat.com/support/knowledge/openSSL_RSA_Signature_forgery.html	CONFIRM
108	http://www.cisco.com/en/US/products/hw/contnetw/ps4162/tsd_products_security_response09186a008077af1b.html	CISCO
109	http://www.cisco.com/warp/public/707/cisco-sr-20061108-openssl.shtml	CISCO
110	http://www.debian.org/security/2006/dsa-1174	DEBIAN	Patch
111	http://www.gentoo.org/security/en/glsa/glsa-200610-06.xml	GENTOO
112	http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml	GENTOO
113	http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html	MLIST
114	http://www.kb.cert.org/vuls/id/845620	CERT-VN	US Government Resource
115	http://www.mandriva.com/security/advisories?name=MDKSA-2006:161	MANDRIVA
116	http://www.mandriva.com/security/advisories?name=MDKSA-2006:177	MANDRIVA
117	http://www.mandriva.com/security/advisories?name=MDKSA-2006:178	MANDRIVA
118	http://www.mandriva.com/security/advisories?name=MDKSA-2006:207	MANDRIVA
119	http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/	MISC
120	http://www.novell.com/linux/security/advisories/2006_26_sr.html	SUSE
121	http://www.novell.com/linux/security/advisories/2006_55_ssl.html	SUSE
122	http://www.novell.com/linux/security/advisories/2006_61_opera.html	SUSE
123	http://www.novell.com/linux/security/advisories/2007_10_ibmjava.html	SUSE
124	http://www.openbsd.org/errata.html	OPENBSD
125	http://www.openoffice.org/security/cves/CVE-2006-4339.html	CONFIRM
126	http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.018.html	OPENPKG
127	http://www.openpkg.org/security/advisories/OpenPKG-SA-2006.029-bind.html	OPENPKG
128	http://www.openssl.org/news/secadv_20060905.txt	CONFIRM	Patch Vendor Advisory
129	http://www.opera.com/support/search/supsearch.dml?index=845	CONFIRM
130	http://www.oracle.com/technetwork/topics/security/cpujan2007-101493.html	CONFIRM
131	http://www.osvdb.org/28549	OSVDB
132	http://www.redhat.com/support/errata/RHSA-2006-0661.html	REDHAT	Vendor Advisory
133	http://www.redhat.com/support/errata/RHSA-2007-0062.html	REDHAT
134	http://www.redhat.com/support/errata/RHSA-2007-0072.html	REDHAT
135	http://www.redhat.com/support/errata/RHSA-2007-0073.html	REDHAT
136	http://www.redhat.com/support/errata/RHSA-2008-0629.html	REDHAT
137	http://www.securityfocus.com/archive/1/445231/100/0/threaded	BUGTRAQ
138	http://www.securityfocus.com/archive/1/445822/100/0/threaded	BUGTRAQ
139	http://www.securityfocus.com/archive/1/450327/100/0/threaded	HP
140	http://www.securityfocus.com/archive/1/456546/100/200/threaded	BUGTRAQ
141	http://www.securityfocus.com/archive/1/489739/100/0/threaded	BUGTRAQ
142	http://www.securityfocus.com/bid/19849	BID	Patch
143	http://www.securityfocus.com/bid/22083	BID
144	http://www.securityfocus.com/bid/28276	BID
145	http://www.serv-u.com/releasenotes/	CONFIRM
146	http://www.sybase.com/detail?id=1047991	CONFIRM
147	http://www.ubuntu.com/usn/usn-339-1	UBUNTU	Patch
148	http://www.us.debian.org/security/2006/dsa-1173	DEBIAN	Patch
149	http://www.us-cert.gov/cas/techalerts/TA06-333A.html	CERT	US Government Resource
150	http://www.vmware.com/security/advisories/VMSA-2008-0005.html	CONFIRM
151	http://www.vmware.com/support/ace2/doc/releasenotes_ace2.html	CONFIRM
152	http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html	CONFIRM
153	http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html	CONFIRM
154	http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html	CONFIRM
155	http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html	CONFIRM
156	http://www.vmware.com/support/player/doc/releasenotes_player.html	CONFIRM
157	http://www.vmware.com/support/player2/doc/releasenotes_player2.html	CONFIRM
158	http://www.vmware.com/support/server/doc/releasenotes_server.html	CONFIRM
159	http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html	CONFIRM
160	http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html	CONFIRM
161	http://www.vmware.com/support/ws55/doc/releasenotes_ws55.html	CONFIRM
162	http://www.vmware.com/support/ws6/doc/releasenotes_ws6.html	CONFIRM
163	http://www.vupen.com/english/advisories/2006/3453	VUPEN
164	http://www.vupen.com/english/advisories/2006/3566	VUPEN
165	http://www.vupen.com/english/advisories/2006/3730	VUPEN
166	http://www.vupen.com/english/advisories/2006/3748	VUPEN
167	http://www.vupen.com/english/advisories/2006/3793	VUPEN
168	http://www.vupen.com/english/advisories/2006/3899	VUPEN
169	http://www.vupen.com/english/advisories/2006/3936	VUPEN
170	http://www.vupen.com/english/advisories/2006/4205	VUPEN
171	http://www.vupen.com/english/advisories/2006/4206	VUPEN
172	http://www.vupen.com/english/advisories/2006/4207	VUPEN
173	http://www.vupen.com/english/advisories/2006/4216	VUPEN
174	http://www.vupen.com/english/advisories/2006/4327	VUPEN
175	http://www.vupen.com/english/advisories/2006/4329	VUPEN
176	http://www.vupen.com/english/advisories/2006/4366	VUPEN
177	http://www.vupen.com/english/advisories/2006/4417	VUPEN
178	http://www.vupen.com/english/advisories/2006/4586	VUPEN
179	http://www.vupen.com/english/advisories/2006/4744	VUPEN
180	http://www.vupen.com/english/advisories/2006/4750	VUPEN
181	http://www.vupen.com/english/advisories/2006/5146	VUPEN
182	http://www.vupen.com/english/advisories/2007/0254	VUPEN
183	http://www.vupen.com/english/advisories/2007/0343	VUPEN
184	http://www.vupen.com/english/advisories/2007/1401	VUPEN
185	http://www.vupen.com/english/advisories/2007/1815	VUPEN
186	http://www.vupen.com/english/advisories/2007/1945	VUPEN
187	http://www.vupen.com/english/advisories/2007/2163	VUPEN
188	http://www.vupen.com/english/advisories/2007/2315	VUPEN
189	http://www.vupen.com/english/advisories/2007/2783	VUPEN
190	http://www.vupen.com/english/advisories/2007/4224	VUPEN
191	http://www.vupen.com/english/advisories/2008/0905/references	VUPEN
192	http://www.vupen.com/english/advisories/2010/0366	VUPEN
193	http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=c00771742	HP
194	http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117	CONFIRM
195	https://exchange.xforce.ibmcloud.com/vulnerabilities/28755	XF
196	https://issues.rpath.com/browse/RPL-1633	CONFIRM
197	https://issues.rpath.com/browse/RPL-616	CONFIRM
198	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11656	OVAL
199	https://secure-support.novell.com/KanisaPlatform/Publishing/41/3143224_f.SAL_Public.html	CONFIRM
200	https://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00967144	HP

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-310	暗号の問題	https://cwe.mitre.org/data/definitions/310.html

CVE-2007-5810

Summary	Hitachi Web Server 01-00 through 03-00-01, as used by certain Cosminexus products, does not properly validate SSL client certificates, which might allow remote attackers to spoof authentication via a client certificate with a forged signature.
Summary	Hitachi Web Server 01-00 hasta 03-00-01, tal y como se usa en determinados productos Cosminexus, no valida apropiadamente certificados SSL cliente, lo cual podría permitir a atacantes remotos suplantar autenticación mediante un certificado cliente con una firma falsificada.
Publication Date	Nov. 6, 2007, 2:46 a.m.
Registration Date	Jan. 29, 2021, 2:23 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:hitachi:cosminexus_application_server_enterprise::::::::		06_51_j
cpe:2.3:a:hitachi:cosminexus_application_server_standard::::::::		06_51_j
cpe:2.3:a:hitachi:cosminexus_developer_light_version_6::::::::		06_51_j
cpe:2.3:a:hitachi:cosminexus_developer_professional_version_6::::::::		06_51_j
cpe:2.3:a:hitachi:cosminexus_developer_standard_version_6::::::::		06_51_j
cpe:2.3:a:hitachi:cosminexus_server::::::::		04_01
cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise::::::::		07_50_01
cpe:2.3:a:hitachi:ucosminexus_application_server_standard::::::::		07_50_01
cpe:2.3:a:hitachi:ucosminexus_developer_light::::::::		06_71_d
cpe:2.3:a:hitachi:ucosminexus_developer_professional::::::::		07_50_01
cpe:2.3:a:hitachi:ucosminexus_developer_standard::::::::		07_50_01
cpe:2.3:a:hitachi:ucosminexus_service_architect::::::::		07_50_01
cpe:2.3:a:hitachi:ucosminexus_service_platform::::::::		07_50_01
cpe:2.3:a:hitachi:web_server:01_00::hpux:::::
cpe:2.3:a:hitachi:web_server:01_00::solaris:::::
cpe:2.3:a:hitachi:web_server:01_01::aix:::::
cpe:2.3:a:hitachi:web_server:01_01::linux:::::
cpe:2.3:a:hitachi:web_server:01_01::turbolinux:::::
cpe:2.3:a:hitachi:web_server:01_01_d::linux:::::
cpe:2.3:a:hitachi:web_server:01_02_d::hpux:::::
cpe:2.3:a:hitachi:web_server:01_02_d::solaris:::::
cpe:2.3:a:hitachi:web_server:01_02_e::aix:::::
cpe:2.3:a:hitachi:web_server:02_00::aix:::::
cpe:2.3:a:hitachi:web_server:02_00::hpux:::::
cpe:2.3:a:hitachi:web_server:02_00::linux:::::
cpe:2.3:a:hitachi:web_server:02_00::solaris:::::
cpe:2.3:a:hitachi:web_server:02_00::turbolinux:::::
cpe:2.3:a:hitachi:web_server:02_00::windows:::::
cpe:2.3:a:hitachi:web_server:02_00_a::linux:::::
cpe:2.3:a:hitachi:web_server:02_02::hpux:::::
cpe:2.3:a:hitachi:web_server:02_02::hpux\(ipf\):::::
cpe:2.3:a:hitachi:web_server:02_02::linux:::::
cpe:2.3:a:hitachi:web_server:02_04_b::aix:::::
cpe:2.3:a:hitachi:web_server:02_04_b::hpux:::::
cpe:2.3:a:hitachi:web_server:02_04_b::hpux\(ipf\):::::
cpe:2.3:a:hitachi:web_server:02_04_b::solaris:::::
cpe:2.3:a:hitachi:web_server:02_04_b::windows:::::
cpe:2.3:a:hitachi:web_server:02_06_a::linux:::::
cpe:2.3:a:hitachi:web_server:03_00::aix:::::
cpe:2.3:a:hitachi:web_server:03_00::hpux\(ipf\):::::
cpe:2.3:a:hitachi:web_server:03_00::linux:::::
cpe:2.3:a:hitachi:web_server:03_00::windows:::::
cpe:2.3:a:hitachi:web_server:03_00_01::solaris:::::
cpe:2.3:a:hitachi:web_server:03_00_01::windows:::::

Related information, measures and tools

No	URL	refsource
1	http://osvdb.org/42026	cve@mitre.org
2	http://secunia.com/advisories/27421	cve@mitre.org
3	http://www.hitachi-support.com/security_e/vuls_e/HS07-034_e/index-e.html	cve@mitre.org
4	http://www.securityfocus.com/bid/26271	cve@mitre.org
5	http://www.vupen.com/english/advisories/2007/3666	cve@mitre.org
6	http://osvdb.org/42026	af854a3a-2127-422b-91ae-364da2661108
7	http://secunia.com/advisories/27421	af854a3a-2127-422b-91ae-364da2661108
8	http://www.hitachi-support.com/security_e/vuls_e/HS07-034_e/index-e.html	af854a3a-2127-422b-91ae-364da2661108
9	http://www.securityfocus.com/bid/26271	af854a3a-2127-422b-91ae-364da2661108
10	http://www.vupen.com/english/advisories/2007/3666	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-20	不適切な入力確認	https://cwe.mitre.org/data/definitions/20.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:openssl:openssl:0.9.1c:::::::*
cpe:2.3:a:openssl:openssl:0.9.2b:::::::*
cpe:2.3:a:openssl:openssl:0.9.3:::::::*
cpe:2.3:a:openssl:openssl:0.9.3a:::::::*
cpe:2.3:a:openssl:openssl:0.9.4:::::::*
cpe:2.3:a:openssl:openssl:0.9.5:::::::*
cpe:2.3:a:openssl:openssl:0.9.5:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.5:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.5a:::::::*
cpe:2.3:a:openssl:openssl:0.9.5a:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.5a:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.6:::::::*
cpe:2.3:a:openssl:openssl:0.9.6:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.6:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.6:beta3::::::
cpe:2.3:a:openssl:openssl:0.9.6a:::::::*
cpe:2.3:a:openssl:openssl:0.9.6a:beta1::::::
cpe:2.3:a:openssl:openssl:0.9.6a:beta2::::::
cpe:2.3:a:openssl:openssl:0.9.6a:beta3::::::
cpe:2.3:a:openssl:openssl:0.9.6b:::::::*
cpe:2.3:a:openssl:openssl:0.9.6c:::::::*
cpe:2.3:a:openssl:openssl:0.9.6d:::::::*
cpe:2.3:a:openssl:openssl:0.9.6e:::::::*
cpe:2.3:a:openssl:openssl:0.9.6f:::::::*
cpe:2.3:a:openssl:openssl:0.9.6g:::::::*
cpe:2.3:a:openssl:openssl:0.9.6h:::::::*
cpe:2.3:a:openssl:openssl:0.9.6i:::::::*
cpe:2.3:a:openssl:openssl:0.9.6j:::::::*
cpe:2.3:a:openssl:openssl:0.9.6k:::::::*
cpe:2.3:a:openssl:openssl:0.9.6l:::::::*
cpe:2.3:a:openssl:openssl:0.9.6m:::::::*
cpe:2.3:a:openssl:openssl::::::::		0.9.7
cpe:2.3:a:openssl:openssl:0.9.7a:::::::*
cpe:2.3:a:openssl:openssl:0.9.7b:::::::*
cpe:2.3:a:openssl:openssl:0.9.7c:::::::*
cpe:2.3:a:openssl:openssl:0.9.7d:::::::*
cpe:2.3:a:openssl:openssl:0.9.7e:::::::*
cpe:2.3:a:openssl:openssl:0.9.7f:::::::*
cpe:2.3:a:openssl:openssl:0.9.7g:::::::*
cpe:2.3:a:openssl:openssl:0.9.7h:::::::*
cpe:2.3:a:openssl:openssl:0.9.7i:::::::*
cpe:2.3:a:openssl:openssl:0.9.7j:::::::*
cpe:2.3:a:openssl:openssl:0.9.8:::::::*
cpe:2.3:a:openssl:openssl:0.9.8a:::::::*
cpe:2.3:a:openssl:openssl:0.9.8b:::::::*

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:hitachi:cosminexus_application_server_enterprise::::::::		06_51_j
cpe:2.3:a:hitachi:cosminexus_application_server_standard::::::::		06_51_j
cpe:2.3:a:hitachi:cosminexus_developer_light_version_6::::::::		06_51_j
cpe:2.3:a:hitachi:cosminexus_developer_professional_version_6::::::::		06_51_j
cpe:2.3:a:hitachi:cosminexus_developer_standard_version_6::::::::		06_51_j
cpe:2.3:a:hitachi:cosminexus_server::::::::		04_01
cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise::::::::		07_50_01
cpe:2.3:a:hitachi:ucosminexus_application_server_standard::::::::		07_50_01
cpe:2.3:a:hitachi:ucosminexus_developer_light::::::::		06_71_d
cpe:2.3:a:hitachi:ucosminexus_developer_professional::::::::		07_50_01
cpe:2.3:a:hitachi:ucosminexus_developer_standard::::::::		07_50_01
cpe:2.3:a:hitachi:ucosminexus_service_architect::::::::		07_50_01
cpe:2.3:a:hitachi:ucosminexus_service_platform::::::::		07_50_01
cpe:2.3:a:hitachi:web_server:01_00::hpux:::::
cpe:2.3:a:hitachi:web_server:01_00::solaris:::::
cpe:2.3:a:hitachi:web_server:01_01::aix:::::
cpe:2.3:a:hitachi:web_server:01_01::linux:::::
cpe:2.3:a:hitachi:web_server:01_01::turbolinux:::::
cpe:2.3:a:hitachi:web_server:01_01_d::linux:::::
cpe:2.3:a:hitachi:web_server:01_02_d::hpux:::::
cpe:2.3:a:hitachi:web_server:01_02_d::solaris:::::
cpe:2.3:a:hitachi:web_server:01_02_e::aix:::::
cpe:2.3:a:hitachi:web_server:02_00::aix:::::
cpe:2.3:a:hitachi:web_server:02_00::hpux:::::
cpe:2.3:a:hitachi:web_server:02_00::linux:::::
cpe:2.3:a:hitachi:web_server:02_00::solaris:::::
cpe:2.3:a:hitachi:web_server:02_00::turbolinux:::::
cpe:2.3:a:hitachi:web_server:02_00::windows:::::
cpe:2.3:a:hitachi:web_server:02_00_a::linux:::::
cpe:2.3:a:hitachi:web_server:02_02::hpux:::::
cpe:2.3:a:hitachi:web_server:02_02::hpux\(ipf\):::::
cpe:2.3:a:hitachi:web_server:02_02::linux:::::
cpe:2.3:a:hitachi:web_server:02_04_b::aix:::::
cpe:2.3:a:hitachi:web_server:02_04_b::hpux:::::
cpe:2.3:a:hitachi:web_server:02_04_b::hpux\(ipf\):::::
cpe:2.3:a:hitachi:web_server:02_04_b::solaris:::::
cpe:2.3:a:hitachi:web_server:02_04_b::windows:::::
cpe:2.3:a:hitachi:web_server:02_06_a::linux:::::
cpe:2.3:a:hitachi:web_server:03_00::aix:::::
cpe:2.3:a:hitachi:web_server:03_00::hpux\(ipf\):::::
cpe:2.3:a:hitachi:web_server:03_00::linux:::::
cpe:2.3:a:hitachi:web_server:03_00::windows:::::
cpe:2.3:a:hitachi:web_server:03_00_01::solaris:::::
cpe:2.3:a:hitachi:web_server:03_00_01::windows:::::