1. CVE-Search
  2. CVE-2007-0514
ID CVE-2007-0514
Summary Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML via (1) HTTP Expect headers or (2) image maps.
References
Vulnerable Configurations
  • cpe:2.3:a:hitachi:cosminexus_application_server:*:*:*:*:*:*:*:*
    cpe:2.3:a:hitachi:cosminexus_application_server:*:*:*:*:*:*:*:*
  • cpe:2.3:a:hitachi:cosminexus_application_server:6:*:enterprise:*:*:*:*:*
    cpe:2.3:a:hitachi:cosminexus_application_server:6:*:enterprise:*:*:*:*:*
  • cpe:2.3:a:hitachi:cosminexus_application_server_version_5:*:*:*:*:*:*:*:*
    cpe:2.3:a:hitachi:cosminexus_application_server_version_5:*:*:*:*:*:*:*:*
  • cpe:2.3:a:hitachi:cosminexus_developer_light_version_6:*:*:*:*:*:*:*:*
    cpe:2.3:a:hitachi:cosminexus_developer_light_version_6:*:*:*:*:*:*:*:*
  • cpe:2.3:a:hitachi:cosminexus_developer_professional_version_6:*:*:*:*:*:*:*:*
    cpe:2.3:a:hitachi:cosminexus_developer_professional_version_6:*:*:*:*:*:*:*:*
  • cpe:2.3:a:hitachi:cosminexus_developer_standard_version_6:*:*:*:*:*:*:*:*
    cpe:2.3:a:hitachi:cosminexus_developer_standard_version_6:*:*:*:*:*:*:*:*
  • cpe:2.3:a:hitachi:cosminexus_developer_version_5:*:*:*:*:*:*:*:*
    cpe:2.3:a:hitachi:cosminexus_developer_version_5:*:*:*:*:*:*:*:*
  • cpe:2.3:a:hitachi:cosminexus_server_-_enterprise_edition:*:*:*:*:*:*:*:*
    cpe:2.3:a:hitachi:cosminexus_server_-_enterprise_edition:*:*:*:*:*:*:*:*
  • cpe:2.3:a:hitachi:cosminexus_server_-_standard_edition:*:*:*:*:*:*:*:*
    cpe:2.3:a:hitachi:cosminexus_server_-_standard_edition:*:*:*:*:*:*:*:*
  • cpe:2.3:a:hitachi:cosminexus_server_-_standard_edition_version_4:*:*:*:*:*:*:*:*
    cpe:2.3:a:hitachi:cosminexus_server_-_standard_edition_version_4:*:*:*:*:*:*:*:*
  • cpe:2.3:a:hitachi:cosminexus_server_-_web_edition:*:*:*:*:*:*:*:*
    cpe:2.3:a:hitachi:cosminexus_server_-_web_edition:*:*:*:*:*:*:*:*
  • cpe:2.3:a:hitachi:cosminexus_server_-_web_edition_version_4:*:*:*:*:*:*:*:*
    cpe:2.3:a:hitachi:cosminexus_server_-_web_edition_version_4:*:*:*:*:*:*:*:*
  • cpe:2.3:a:hitachi:hitachi_web_server:*:*:*:*:*:*:*:*
    cpe:2.3:a:hitachi:hitachi_web_server:*:*:*:*:*:*:*:*
  • cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:*:*:enterprise:*:*:*:*:*
    cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:*:*:enterprise:*:*:*:*:*
  • cpe:2.3:a:hitachi:ucosminexus_application_server_smart_edition:*:*:*:*:*:*:*:*
    cpe:2.3:a:hitachi:ucosminexus_application_server_smart_edition:*:*:*:*:*:*:*:*
  • cpe:2.3:a:hitachi:ucosminexus_application_server_standard:*:*:*:*:*:*:*:*
    cpe:2.3:a:hitachi:ucosminexus_application_server_standard:*:*:*:*:*:*:*:*
  • cpe:2.3:a:hitachi:ucosminexus_developer_light:*:*:*:*:*:*:*:*
    cpe:2.3:a:hitachi:ucosminexus_developer_light:*:*:*:*:*:*:*:*
  • cpe:2.3:a:hitachi:ucosminexus_developer_standard:*:*:*:*:*:*:*:*
    cpe:2.3:a:hitachi:ucosminexus_developer_standard:*:*:*:*:*:*:*:*
  • cpe:2.3:a:hitachi:ucosminexus_service_architect:*:*:*:*:*:*:*:*
    cpe:2.3:a:hitachi:ucosminexus_service_architect:*:*:*:*:*:*:*:*
  • cpe:2.3:a:hitachi:ucosminexus_service_platform:*:*:*:*:*:*:*:*
    cpe:2.3:a:hitachi:ucosminexus_service_platform:*:*:*:*:*:*:*:*
CVSS
Base: 6.8 (as of 08-03-2011 - 02:49)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:P
refmap via4
confirm http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html
osvdb
  • 32997
  • 32998
secunia 23843
vupen ADV-2007-0326
Last major update 08-03-2011 - 02:49
Published 26-01-2007 - 00:28
Last modified 08-03-2011 - 02:49
Back to Top