NVD Vulnerability Detail

CVE-2007-0514

Summary	Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML via (1) HTTP Expect headers or (2) image maps.
Publication Date	Jan. 26, 2007, 9:28 a.m.
Registration Date	Jan. 29, 2021, 2:05 p.m.
Last Update	March 8, 2011, 11:49 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:hitachi:cosminexus_application_server::::::::
cpe:2.3:a:hitachi:cosminexus_application_server:6::enterprise:::::
cpe:2.3:a:hitachi:cosminexus_application_server_version_5::::::::
cpe:2.3:a:hitachi:cosminexus_developer_light_version_6::::::::
cpe:2.3:a:hitachi:cosminexus_developer_professional_version_6::::::::
cpe:2.3:a:hitachi:cosminexus_developer_standard_version_6::::::::
cpe:2.3:a:hitachi:cosminexus_developer_version_5::::::::
cpe:2.3:a:hitachi:cosminexus_server_-_enterprise_edition::::::::
cpe:2.3:a:hitachi:cosminexus_server_-_standard_edition::::::::
cpe:2.3:a:hitachi:cosminexus_server_-_standard_edition_version_4::::::::
cpe:2.3:a:hitachi:cosminexus_server_-_web_edition::::::::
cpe:2.3:a:hitachi:cosminexus_server_-_web_edition_version_4::::::::
cpe:2.3:a:hitachi:hitachi_web_server::::::::
cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:::enterprise:::::*
cpe:2.3:a:hitachi:ucosminexus_application_server_smart_edition::::::::
cpe:2.3:a:hitachi:ucosminexus_application_server_standard::::::::
cpe:2.3:a:hitachi:ucosminexus_developer_light::::::::
cpe:2.3:a:hitachi:ucosminexus_developer_standard::::::::
cpe:2.3:a:hitachi:ucosminexus_service_architect::::::::
cpe:2.3:a:hitachi:ucosminexus_service_platform::::::::

Related information, measures and tools

No	URL	refsource	タグ
1	http://osvdb.org/32997	OSVDB
2	http://osvdb.org/32998	OSVDB
3	http://secunia.com/advisories/23843	SECUNIA
4	http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html	CONFIRM	Patch Vendor Advisory
5	http://www.vupen.com/english/advisories/2007/0326	VUPEN

Common Vulnerabilities List

JVN Vulnerability Information

** 削除 ** 複数の Hitachi Web サーバなどにおけるクロスサイトスクリプティングの脆弱性

Title	削除複数の Hitachi Web サーバなどにおけるクロスサイトスクリプティングの脆弱性
Summary	削除本案件は、CVE-2005-2969、CVE-2005-3352、CVE-2006-3918 の内容 (いずれも日立ベンダ情報 HS06-022) と重複していることが判明したため削除されました。CVE-2005-2969、CVE-2005-3352、CVE-2006-3918 を参照してください。 JVNDB-2005-000601 (CVE-2005-2969) http://jvndb.jvn.jp/ja/contents/2005/JVNDB-2005-000601.html JVNDB-2005-000727 (CVE-2005-3352) http://jvndb.jvn.jp/ja/contents/2005/JVNDB-2005-000727.html JVNDB-2006-000441 (CVE-2006-3918) http://jvndb.jvn.jp/ja/contents/2006/JVNDB-2006-000441.html 複数の Hitachi Web サーバ、uCosminexus、および Cosminexus 製品には、クロスサイトスクリプティングの脆弱性が存在します。
Possible impacts	第三者により、(1) HTTP Expect ヘッダ、または (2) イメージマップを介して、任意の Web スクリプトまたは HTML を挿入される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Jan. 24, 2007, midnight
Registration Date	Sept. 25, 2012, 4:47 p.m.
Last Update	Sept. 25, 2012, 4:47 p.m.

Affected System

日立

Cosminexus Application Server 20070124 未満

Cosminexus Application Server Version 5 20070124 未満

Cosminexus Developer Light Version 6 20070124 未満

Cosminexus Developer Professional Version 6 20070124 未満

Cosminexus Developer Standard Version 6 20070124 未満

Cosminexus Developer Version 5 20070124 未満

Cosminexus Server - Enterprise Edition 20070124 未満

Cosminexus Server - Standard Edition 20070124 未満

Cosminexus Server - Standard Edition Version 4 20070124 未満

Cosminexus Server - Web Edition 20070124 未満

Cosminexus Server - Web Edition Version 4 20070124 未満

Hitachi Web Server 20070124 未満

uCosminexus Application Server Enterprise 20070124 未満

uCosminexus Application Server Smart Edition 20070124 未満

uCosminexus Application Server Standard 20070124 未満

uCosminexus Developer Light 20070124 未満

uCosminexus Developer Standard 20070124 未満

uCosminexus Service Architect 20070124 未満

uCosminexus Service Platform 20070124 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2007-0514	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0514
National Vulnerability Database (NVD)
2	CVE-2007-0514	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0514

ベンダー情報

No	Name	URL
Hitachi
1	HS06-022	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS06-022/index.html

Change Log

No	Changed Details	Date of change
0	[2012年09月25日] 掲載 [2014年05月22日] 概要に記載の理由により削除扱いに変更	Feb. 17, 2018, 10:37 a.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:hitachi:cosminexus_application_server::::::::
cpe:2.3:a:hitachi:cosminexus_application_server:6::enterprise:::::
cpe:2.3:a:hitachi:cosminexus_application_server_version_5::::::::
cpe:2.3:a:hitachi:cosminexus_developer_light_version_6::::::::
cpe:2.3:a:hitachi:cosminexus_developer_professional_version_6::::::::
cpe:2.3:a:hitachi:cosminexus_developer_standard_version_6::::::::
cpe:2.3:a:hitachi:cosminexus_developer_version_5::::::::
cpe:2.3:a:hitachi:cosminexus_server_-_enterprise_edition::::::::
cpe:2.3:a:hitachi:cosminexus_server_-_standard_edition::::::::
cpe:2.3:a:hitachi:cosminexus_server_-_standard_edition_version_4::::::::
cpe:2.3:a:hitachi:cosminexus_server_-_web_edition::::::::
cpe:2.3:a:hitachi:cosminexus_server_-_web_edition_version_4::::::::
cpe:2.3:a:hitachi:hitachi_web_server::::::::
cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:::enterprise:::::*
cpe:2.3:a:hitachi:ucosminexus_application_server_smart_edition::::::::
cpe:2.3:a:hitachi:ucosminexus_application_server_standard::::::::
cpe:2.3:a:hitachi:ucosminexus_developer_light::::::::
cpe:2.3:a:hitachi:ucosminexus_developer_standard::::::::
cpe:2.3:a:hitachi:ucosminexus_service_architect::::::::
cpe:2.3:a:hitachi:ucosminexus_service_platform::::::::