製品・ソフトウェアに関する情報

JVN脆弱性詳細

Hosting Controller の IIS/iibind.asp における任意の hosts のヘッダーを変更される脆弱性

Title	Hosting Controller の IIS/iibind.asp における任意の hosts のヘッダーを変更される脆弱性
Summary	Hosting Controller の IIS/iibind.asp には、hosts のヘッダーを変更される脆弱性が存在します。
Possible impacts	リモート認証されたユーザにより、パラメータを介して、hosts のヘッダを変更される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Dec. 20, 2007, midnight
Registration Date	Sept. 25, 2012, 4:59 p.m.
Last Update	Sept. 25, 2012, 4:59 p.m.

Affected System

hosting controller

hosting controller 6.1 Hot fix 3.3 およびそれ以前

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2007-6504	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6504
National Vulnerability Database (NVD)
2	CVE-2007-6504	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6504

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-264	https://jvndb.jvn.jp/ja/cwe/CWE-264.html

ベンダー情報

No	Name	URL
hosting controller
1	HC6.1: Release Notes for Post Hotfix 3.3 Security Patch	http://hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.html

Change Log

No	Changed Details	Date of change
0	[2012年09月25日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2007-6504

Summary	Unspecified vulnerability in IIS/iibind.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote authenticated users to change the headers of arbitrary hosts via an unspecified parameter.
Summary	Vulnerabilidad no especificada en IIS/iibind.asp de Hosting Controller 6.1 Hot fix 3.3. y anteriores permite a usuarios autenticados remotamente cambiar las cabeceras de anfitriones de su elección mediante un parámetro no especificado.
Publication Date	Dec. 21, 2007, 5:46 a.m.
Registration Date	Jan. 29, 2021, 2:25 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:a:hosting_controller:hosting_controller::::::::			6.1_hotfix_3.3

Related information, measures and tools

No	URL	refsource
1	http://hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.html	cve@mitre.org
2	http://secunia.com/advisories/28973	cve@mitre.org
3	http://securitytracker.com/id?1019222	cve@mitre.org
4	http://www.securityfocus.com/archive/1/485028/100/0/threaded	cve@mitre.org
5	http://www.securityfocus.com/bid/26862	cve@mitre.org
6	https://exchange.xforce.ibmcloud.com/vulnerabilities/39048	cve@mitre.org
7	https://www.exploit-db.com/exploits/4730	cve@mitre.org
8	http://hostingcontroller.com/english/logs/Post-Hotfix-3_3-sec-Patch-ReleaseNotes.html	af854a3a-2127-422b-91ae-364da2661108
9	http://secunia.com/advisories/28973	af854a3a-2127-422b-91ae-364da2661108
10	http://securitytracker.com/id?1019222	af854a3a-2127-422b-91ae-364da2661108
11	http://www.securityfocus.com/archive/1/485028/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
12	http://www.securityfocus.com/bid/26862	af854a3a-2127-422b-91ae-364da2661108
13	https://exchange.xforce.ibmcloud.com/vulnerabilities/39048	af854a3a-2127-422b-91ae-364da2661108
14	https://www.exploit-db.com/exploits/4730	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-264	認可・権限・アクセス制御	https://cwe.mitre.org/data/definitions/264.html