CVE-2007-5809

Description

Cross-site scripting (XSS) vulnerability in Hitachi Web Server 01-00 through 03-10, as used by certain Cosminexus products, allows remote attackers to inject arbitrary web script or HTML via unspecified HTTP requests that trigger creation of a server-status page.

Affected products

• Hitachi / cosminexus_application_server_enterprise06_51_j
• Hitachi / cosminexus_application_server_standard06_51_j
• Hitachi / cosminexus_developer_light_version_606_51_j
• Hitachi / cosminexus_developer_professional_version_606_51_j
• Hitachi / cosminexus_developer_standard_version_606_51_j
• Hitachi / cosminexus_server04_01
• Hitachi / ucosminexus_application_server_enterprise07_50_01
• Hitachi / ucosminexus_application_server_standard07_50_01
• Hitachi / ucosminexus_developer_light06_71_d
• Hitachi / ucosminexus_developer_professional07_50_01
• Hitachi / ucosminexus_developer_standard07_50_01
• Hitachi / ucosminexus_service_architect07_50_01
• Hitachi / ucosminexus_service_platform07_50_01
• Hitachi / web_server01_00 – 01_00
• Hitachi / web_server01_00 – 01_00
• Hitachi / web_server01_01 – 01_01
• Hitachi / web_server01_01 – 01_01
• Hitachi / web_server01_01 – 01_01
• Hitachi / web_server01_01_d – 01_01_d
• Hitachi / web_server01_02_d – 01_02_d
• Hitachi / web_server01_02_d – 01_02_d
• Hitachi / web_server01_02_e – 01_02_e
• Hitachi / web_server02_00 – 02_00
• Hitachi / web_server02_00 – 02_00
• Hitachi / web_server02_00 – 02_00
• Hitachi / web_server02_00 – 02_00
• Hitachi / web_server02_00 – 02_00
• Hitachi / web_server02_00 – 02_00
• Hitachi / web_server02_00_a – 02_00_a
• Hitachi / web_server02_02 – 02_02
• Hitachi / web_server02_02 – 02_02
• Hitachi / web_server02_02 – 02_02
• Hitachi / web_server02_04_b – 02_04_b
• Hitachi / web_server02_04_b – 02_04_b
• Hitachi / web_server02_04_b – 02_04_b
• Hitachi / web_server02_04_b – 02_04_b
• Hitachi / web_server02_04_b – 02_04_b
• Hitachi / web_server02_06_a – 02_06_a
• Hitachi / web_server03_00 – 03_00
• Hitachi / web_server03_00 – 03_00
• Hitachi / web_server03_00 – 03_00
• Hitachi / web_server03_00 – 03_00
• Hitachi / web_server03_00_01 – 03_00_01
• Hitachi / web_server03_00_01 – 03_00_01

References

• VENDOR_ADVISORYhttp://secunia.com/advisories/27421
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2007/3666
• MISChttp://www.hitachi-support.com/security_e/vuls_e/HS07-035_e/index-e.html
• MISChttp://www.securityfocus.com/bid/26271
• MISChttp://osvdb.org/42027