製品・ソフトウェアに関する情報

JVN脆弱性詳細

Hitachi Web Server のステータス情報表示機能におけるクロスサイトスクリプティング脆弱性

タイトル	Hitachi Web Server のステータス情報表示機能におけるクロスサイトスクリプティング脆弱性
概要	Hitachi Web Server のステータス情報表示機能には、クロスサイトスクリプティングの脆弱性があります。
想定される影響	攻撃者に不正なスクリプトを含むリクエストを送信されることにより、クロスサイトスクリプティング攻撃を受ける可能性があります。ステータス情報表示機能を使用していない場合は，本脆弱性は発生しません。
対策	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
公表日	2008年7月4日0:00
登録日	2008年7月28日12:26
最終更新日	2014年5月21日18:18

CVSS2.0 : 警告
スコア	4.3
ベクター	AV:N/AC:M/Au:N/C:N/I:P/A:N

影響を受けるシステム

日立

Cosminexus Application Server Enterprise Version 6

Cosminexus Application Server Standard Version 6

Cosminexus Application Server Version 5

Cosminexus Developer Light Version 6

Cosminexus Developer Professional Version 6

Cosminexus Developer Standard Version 6

Cosminexus Developer Version 5

Cosminexus Server - Enterprise Edition

Cosminexus Server - Standard Edition

Cosminexus Server - Standard Edition Version 4

Cosminexus Server - Web Edition

Cosminexus Server - Web Edition Version 4

Hitachi Web Server

uCosminexus Application Server Enterprise

uCosminexus Application Server Standard

uCosminexus Developer Light

uCosminexus Developer Professional

uCosminexus Developer Standard

uCosminexus Service Architect

uCosminexus Service Platform

CVE (情報セキュリティ共通脆弱性識別子)

No	名前	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2007-6388	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388
National Vulnerability Database (NVD)
2	CVE-2007-6388	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6388

CWE (共通脆弱性タイプ一覧)

No	名前	URL
JVNDB
1	CWE-79	https://jvndb.jvn.jp/ja/cwe/CWE-79.html

ベンダー情報

No	名前	URL
Hitachi Software Vulnerability Information
1	HS08-016	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS08-016/index.html
ソフトウェア製品セキュリティ情報
2	HS08-016	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS08-016/

その他

No	名前	URL
JVN iPedia (English)
1	JVNDB-2008-001513	http://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-001513.html

変更履歴

No	変更内容	変更日
0	[2008年07月28日] 掲載 [2011年11月28日] 影響を受けるシステム：日立 (HS08-016) の情報を追加 [2014年05月21日] 参考情報：Common Vulnerabilities and Exposures (CVE) (CVE-2007-6388) を追加参考情報：National Vulnerability Database (NVD) (CVE-2007-6388) を追加	2018年2月17日10:37

NVD脆弱性情報

CVE-2007-6388

概要	Cross-site scripting (XSS) vulnerability in mod_status in the Apache HTTP Server 2.2.0 through 2.2.6, 2.0.35 through 2.0.61, and 1.3.2 through 1.3.39, when the server-status page is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
公表日	2008年1月9日3:46
登録日	2021年1月29日14:24
最終更新日	2024年2月3日1:16

影響を受けるソフトウェアの構成

構成1	以上	以下	より上	未満
cpe:2.3:a:apache:http_server::::::::	2.2.0	2.2.6
cpe:2.3:a:apache:http_server::::::::	2.0.35	2.0.61
cpe:2.3:a:apache:http_server::::::::	1.3.2	1.3.39

関連情報、対策とツール

No	URL	refsource	タグ
1	http://httpd.apache.org/security/vulnerabilities_13.html	CONFIRM	Third Party Advisory VDB Entry
2	http://httpd.apache.org/security/vulnerabilities_20.html	CONFIRM	Third Party Advisory VDB Entry
3	http://httpd.apache.org/security/vulnerabilities_22.html	CONFIRM	Third Party Advisory VDB Entry
4	http://securitytracker.com/id?1019154	SECTRACK	Third Party Advisory VDB Entry
5	http://www.mandriva.com/security/advisories?name=MDVSA-2008:014	MANDRIVA	Third Party Advisory
6	http://www.mandriva.com/security/advisories?name=MDVSA-2008:015	MANDRIVA	Third Party Advisory
7	http://www.redhat.com/support/errata/RHSA-2008-0004.html	REDHAT	Not Applicable
8	http://www.redhat.com/support/errata/RHSA-2008-0005.html	REDHAT	Not Applicable
9	http://www.redhat.com/support/errata/RHSA-2008-0006.html	REDHAT	Not Applicable
10	http://www.redhat.com/support/errata/RHSA-2008-0007.html	REDHAT	Not Applicable
11	http://www.redhat.com/support/errata/RHSA-2008-0008.html	REDHAT	Not Applicable
12	http://www.securityfocus.com/bid/27237	BID	Third Party Advisory VDB Entry
13	http://secunia.com/advisories/28467	SECUNIA	Third Party Advisory VDB Entry
14	http://secunia.com/advisories/28471	SECUNIA	Third Party Advisory VDB Entry
15	http://www.mandriva.com/security/advisories?name=MDVSA-2008:016	MANDRIVA	Patch Third Party Advisory
16	http://secunia.com/advisories/28526	SECUNIA	URL Repurposed
17	http://support.avaya.com/elmodocs2/security/ASA-2008-032.htm	CONFIRM	Third Party Advisory VDB Entry
18	http://secunia.com/advisories/28607	SECUNIA	URL Repurposed
19	http://www.ubuntu.com/usn/usn-575-1	UBUNTU	Third Party Advisory VDB Entry
20	http://secunia.com/advisories/28749	SECUNIA	URL Repurposed
21	http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&id=689039	CONFIRM	Broken Link
22	http://www116.nortel.com/pub/repository/CLARIFY/DOCUMENT/2008/05/023342-01.pdf	CONFIRM	Patch Third Party Advisory
23	http://secunia.com/advisories/28965	SECUNIA	URL Repurposed
24	https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00562.html	FEDORA	Patch Third Party Advisory
25	https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00541.html	FEDORA	Patch Third Party Advisory
26	http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.595748	SLACKWARE	Broken Link
27	http://secunia.com/advisories/28977	SECUNIA	URL Repurposed
28	http://secunia.com/advisories/28922	SECUNIA	URL Repurposed
29	http://sunsolve.sun.com/search/document.do?assetkey=1-26-233623-1	SUNALERT	Broken Link
30	http://docs.info.apple.com/article.html?artnum=307562	CONFIRM	Third Party Advisory VDB Entry
31	http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html	APPLE	Mailing List
32	http://secunia.com/advisories/29420	SECUNIA	URL Repurposed
33	http://www-1.ibm.com/support/search.wss?rs=0&q=PK59667&apar=only	AIXAPAR	Broken Link
34	http://www-1.ibm.com/support/docview.wss?uid=swg1PK62966	AIXAPAR	Broken Link
35	http://secunia.com/advisories/29504	SECUNIA	URL Repurposed
36	http://securityreason.com/securityalert/3541	SREASON	URL Repurposed
37	http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html	SUSE	Third Party Advisory
38	http://secunia.com/advisories/29640	SECUNIA	URL Repurposed
39	http://www-1.ibm.com/support/docview.wss?uid=swg1PK63273	AIXAPAR	Broken Link
40	http://secunia.com/advisories/29806	SECUNIA	URL Repurposed
41	http://www.redhat.com/support/errata/RHSA-2008-0009.html	REDHAT	Not Applicable
42	http://secunia.com/advisories/29988	SECUNIA	URL Repurposed
43	http://www-1.ibm.com/support/docview.wss?uid=swg24019245	AIXAPAR	Broken Link
44	http://www.redhat.com/support/errata/RHSA-2008-0261.html	REDHAT	Not Applicable
45	http://secunia.com/advisories/30356	SECUNIA	URL Repurposed
46	http://lists.apple.com/archives/security-announce/2008//May/msg00001.html	APPLE	Mailing List
47	http://www.us-cert.gov/cas/techalerts/TA08-150A.html	CERT	Third Party Advisory US Government Resource
48	http://secunia.com/advisories/30430	SECUNIA	URL Repurposed
49	http://secunia.com/advisories/31142	SECUNIA	URL Repurposed
50	http://secunia.com/advisories/30732	SECUNIA	URL Repurposed
51	http://www.fujitsu.com/global/support/software/security/products-f/interstage-200808e.html	CONFIRM	Third Party Advisory
52	http://secunia.com/advisories/33200	SECUNIA	URL Repurposed
53	http://lists.vmware.com/pipermail/security-announce/2009/000062.html	MLIST	Third Party Advisory
54	http://www.vupen.com/english/advisories/2008/1697	VUPEN	Permissions Required Third Party Advisory
55	http://www.vupen.com/english/advisories/2008/0924/references	VUPEN	Permissions Required Third Party Advisory
56	http://www.vupen.com/english/advisories/2008/0809/references	VUPEN	Permissions Required Third Party Advisory
57	http://www.vupen.com/english/advisories/2008/0554	VUPEN	Permissions Required Third Party Advisory
58	http://www.vupen.com/english/advisories/2008/0986/references	VUPEN	Permissions Required Third Party Advisory
59	http://www.vupen.com/english/advisories/2008/0047	VUPEN	Permissions Required Third Party Advisory
60	http://www.vupen.com/english/advisories/2008/1224/references	VUPEN	Broken Link
61	http://www.vupen.com/english/advisories/2008/0447/references	VUPEN	Permissions Required Third Party Advisory
62	http://www.vupen.com/english/advisories/2008/1623/references	VUPEN	Permissions Required Third Party Advisory
63	http://marc.info/?l=bugtraq&m=130497311408250&w=2	HP	Third Party Advisory VDB Entry
64	http://secunia.com/advisories/32800	SECUNIA	URL Repurposed
65	http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html	CONFIRM	Not Applicable
66	https://exchange.xforce.ibmcloud.com/vulnerabilities/39472	XF	Third Party Advisory VDB Entry
67	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10272	OVAL	Broken Link
68	http://www.securityfocus.com/archive/1/505990/100/0/threaded	BUGTRAQ	Third Party Advisory VDB Entry
69	http://www.securityfocus.com/archive/1/498523/100/0/threaded	HP	Third Party Advisory VDB Entry
70	http://www.securityfocus.com/archive/1/494428/100/0/threaded	BUGTRAQ	Broken Link
71	http://www.securityfocus.com/archive/1/488082/100/0/threaded	HP	Broken Link
72	https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E		Third Party Advisory
73	https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E		Third Party Advisory
74	https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E		Third Party Advisory
75	https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E		Third Party Advisory
76	https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E		Third Party Advisory
77	https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E		Third Party Advisory
78	https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E		Third Party Advisory
79	https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E		Third Party Advisory
80	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E		Third Party Advisory
81	https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E		Third Party Advisory
82	https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E		Third Party Advisory
83	https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E		Third Party Advisory
84	https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E		Third Party Advisory
85	https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E		Third Party Advisory
86	https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E		Third Party Advisory
87	https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E		Third Party Advisory
88	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E		Third Party Advisory
89	https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E		Third Party Advisory
90	https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E		Third Party Advisory
91	https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E		Third Party Advisory
92	https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E		Third Party Advisory
93	https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E		Third Party Advisory
94	https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E		Third Party Advisory

共通脆弱性一覧

No	CWE	名前	URL
1	CWE-79	クロスサイト・スクリプティング（XSS）	https://cwe.mitre.org/data/definitions/79.html