Lucene search

[email protected]CVE-2007-5809

HistoryNov 05, 2007 - 5:46 p.m.

CVE-2007-5809

2007-11-0517:46:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2007-5809

cross-site scripting

xss vulnerability

hitachi web server

remote attackers

web script injection

html injection

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

62.3%

JSON

Cross-site scripting (XSS) vulnerability in Hitachi Web Server 01-00 through 03-10, as used by certain Cosminexus products, allows remote attackers to inject arbitrary web script or HTML via unspecified HTTP requests that trigger creation of a server-status page.

Affected configurations

NVD

Node

hitachicosminexus_application_server_enterpriseRange≤06_51_j

hitachicosminexus_application_server_standardRange≤06_51_j

hitachicosminexus_developer_light_version_6Range≤06_51_j

hitachicosminexus_developer_professional_version_6Range≤06_51_j

hitachicosminexus_developer_standard_version_6Range≤06_51_j

hitachicosminexus_serverRange≤04_01

hitachiucosminexus_application_server_enterpriseRange≤07_50_01

hitachiucosminexus_application_server_standardRange≤07_50_01

hitachiucosminexus_developer_lightRange≤06_71_d

hitachiucosminexus_developer_professionalRange≤07_50_01

hitachiucosminexus_developer_standardRange≤07_50_01

hitachiucosminexus_service_architectRange≤07_50_01

hitachiucosminexus_service_platformRange≤07_50_01

hitachiweb_serverMatch01_00hpux

hitachiweb_serverMatch01_00solaris

hitachiweb_serverMatch01_01aix

hitachiweb_serverMatch01_01linux

hitachiweb_serverMatch01_01turbolinux

hitachiweb_serverMatch01_01_dlinux

hitachiweb_serverMatch01_02_dhpux

hitachiweb_serverMatch01_02_dsolaris

hitachiweb_serverMatch01_02_eaix

hitachiweb_serverMatch02_00aix

hitachiweb_serverMatch02_00hpux

hitachiweb_serverMatch02_00linux

hitachiweb_serverMatch02_00solaris

hitachiweb_serverMatch02_00turbolinux

hitachiweb_serverMatch02_00windows

hitachiweb_serverMatch02_00_alinux

hitachiweb_serverMatch02_02hpux

hitachiweb_serverMatch02_02hpux\(ipf\)

hitachiweb_serverMatch02_02linux

hitachiweb_serverMatch02_04_baix

hitachiweb_serverMatch02_04_bhpux

hitachiweb_serverMatch02_04_bhpux\(ipf\)

hitachiweb_serverMatch02_04_bsolaris

hitachiweb_serverMatch02_04_bwindows

hitachiweb_serverMatch02_06_alinux

hitachiweb_serverMatch03_00aix

hitachiweb_serverMatch03_00hpux\(ipf\)

hitachiweb_serverMatch03_00linux

hitachiweb_serverMatch03_00windows

hitachiweb_serverMatch03_00_01solaris

hitachiweb_serverMatch03_00_01windows

CPENameOperatorVersion
hitachi:cosminexus_application_server_enterprisehitachi cosminexus application server enterprisele06_51_j
hitachi:cosminexus_application_server_standardhitachi cosminexus application server standardle06_51_j
hitachi:cosminexus_developer_light_version_6hitachi cosminexus developer light version 6le06_51_j
hitachi:cosminexus_developer_professional_version_6hitachi cosminexus developer professional version 6le06_51_j
hitachi:cosminexus_developer_standard_version_6hitachi cosminexus developer standard version 6le06_51_j
hitachi:cosminexus_serverhitachi cosminexus serverle04_01
hitachi:ucosminexus_application_server_enterprisehitachi ucosminexus application server enterprisele07_50_01
hitachi:ucosminexus_application_server_standardhitachi ucosminexus application server standardle07_50_01
hitachi:ucosminexus_developer_lighthitachi ucosminexus developer lightle06_71_d
hitachi:ucosminexus_developer_professionalhitachi ucosminexus developer professionalle07_50_01

CPE	Name	Operator	Version
hitachi:cosminexus_application_server_enterprise	hitachi cosminexus application server enterprise	le	06_51_j
hitachi:cosminexus_application_server_standard	hitachi cosminexus application server standard	le	06_51_j
hitachi:cosminexus_developer_light_version_6	hitachi cosminexus developer light version 6	le	06_51_j
hitachi:cosminexus_developer_professional_version_6	hitachi cosminexus developer professional version 6	le	06_51_j
hitachi:cosminexus_developer_standard_version_6	hitachi cosminexus developer standard version 6	le	06_51_j
hitachi:cosminexus_server	hitachi cosminexus server	le	04_01
hitachi:ucosminexus_application_server_enterprise	hitachi ucosminexus application server enterprise	le	07_50_01
hitachi:ucosminexus_application_server_standard	hitachi ucosminexus application server standard	le	07_50_01
hitachi:ucosminexus_developer_light	hitachi ucosminexus developer light	le	06_71_d
hitachi:ucosminexus_developer_professional	hitachi ucosminexus developer professional	le	07_50_01

Rows per page:

1-10 of 251

References

osvdb.org/42027

secunia.com/advisories/27421

www.hitachi-support.com/security_e/vuls_e/HS07-035_e/index-e.html

www.securityfocus.com/bid/26271

www.vupen.com/english/advisories/2007/3666

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

62.3%

JSON

Related for CVE-2007-5809

prion1 cvelist1 nvd1