All the vulnerabilites related to Hitachi, Ltd - uCosminexus Service
jvndb-2009-002475
Vulnerability from jvndb
Published
2010-02-09 14:03
Modified
2010-02-09 14:03
Summary
Buffer Overflow Vulnerability in Cosminexus, Processing Kit for XML and Hitachi Developer's Kit for Java
Details
Cosminexus, Processing Kit for XML and Hitachi Developer's Kit for Java have a buffer overflow vulnerability when processing image files in Java applications.
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-002475.html", "dc:date": "2010-02-09T14:03+09:00", "dcterms:issued": "2010-02-09T14:03+09:00", "dcterms:modified": "2010-02-09T14:03+09:00", "description": "Cosminexus, Processing Kit for XML and Hitachi Developer\u0027s Kit for Java have a buffer overflow vulnerability when processing image files in Java applications.", "link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-002475.html", "sec:cpe": [ { "#text": "cpe:/a:hitachi:cosminexus_application_server", "@product": "Cosminexus Application Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_client", "@product": "Cosminexus Client ", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_developer", "@product": "Cosminexus Developer", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_opentp1", "@product": "Cosminexus/OpenTP1", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_server", "@product": "Cosminexus Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_studio", "@product": "Cosminexus Studio", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:electronic_form_workflow", "@product": "Electronic Form Workflow", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:groupmax_collaboration", "@product": "Groupmax Collaboration", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:hitachi_developers_kit_for_java", "@product": "Hitachi Developer\u0027s Kit for Java", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:processing_kit_for_xml", "@product": "Processing Kit for XML", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_application_server", "@product": "uCosminexus Application Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_client", "@product": "uCosminexus Client", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_collaboration", "@product": "uCosminexus Collaboration", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_developer", "@product": "uCosminexus Developer", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_navigation", "@product": "uCosminexus Navigation", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_opentp1", "@product": "uCosminexus/OpenTP1 ", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_operator", "@product": "uCosminexus Operator", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_service", "@product": "uCosminexus Service", "@vendor": "Hitachi, Ltd", "@version": "2.2" } ], "sec:cvss": { "@score": "7.5", "@severity": "High", "@type": "Base", "@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "@version": "2.0" }, "sec:identifier": "JVNDB-2009-002475", "sec:references": { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-119", "@title": "Buffer Errors(CWE-119)" }, "title": "Buffer Overflow Vulnerability in Cosminexus, Processing Kit for XML and Hitachi Developer\u0027s Kit for Java" }
jvndb-2007-000710
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Cosminexus Denial of Service Vulnerability
Details
JSSE (Java Secure Socket Extension) in Cosminexua Developer's Kit for Java may fall into a denial of service condition when it handles an improper SSL/TLS handshake request. An attacker could exploit this vulnerability and cause a denial of service on the systems that establish an SSL/TLS connection using JSSE API.
References
▼ | Type | URL |
---|---|---|
CVE | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5281 | |
NVD | http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5281 | |
SECUNIA | http://secunia.com/advisories/27075 | |
BID | http://www.securityfocus.com/bid/25935 | |
XF | http://xforce.iss.net/xforce/xfdb/36965 | |
FRSIRT | http://www.frsirt.com/english/advisories/2007/3375 | |
No Mapping(CWE-DesignError) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html | |
Improper Input Validation(CWE-20) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000710.html", "dc:date": "2008-05-21T00:00+09:00", "dcterms:issued": "2008-05-21T00:00+09:00", "dcterms:modified": "2008-05-21T00:00+09:00", "description": "JSSE (Java Secure Socket Extension) in Cosminexua Developer\u0027s Kit for Java may fall into a denial of service condition when it handles an improper SSL/TLS handshake request. An attacker could exploit this vulnerability and cause a denial of service on the systems that establish an SSL/TLS connection using JSSE API.", "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000710.html", "sec:cpe": [ { "#text": "cpe:/a:hitachi:cosminexus_developers_kit_for_java", "@product": "Cosminexus Developer\u0027s Kit for Java(TM)", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_application_server", "@product": "uCosminexus Application Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_client", "@product": "uCosminexus Client", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_developer", "@product": "uCosminexus Developer", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_operator", "@product": "uCosminexus Operator", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_service", "@product": "uCosminexus Service", "@vendor": "Hitachi, Ltd", "@version": "2.2" } ], "sec:cvss": { "@score": "5.0", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "@version": "2.0" }, "sec:identifier": "JVNDB-2007-000710", "sec:references": [ { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5281", "@id": "CVE-2007-5281", "@source": "CVE" }, { "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5281", "@id": "CVE-2007-5281", "@source": "NVD" }, { "#text": "http://secunia.com/advisories/27075", "@id": "SA27075", "@source": "SECUNIA" }, { "#text": "http://www.securityfocus.com/bid/25935", "@id": "25935", "@source": "BID" }, { "#text": "http://xforce.iss.net/xforce/xfdb/36965", "@id": "36965", "@source": "XF" }, { "#text": "http://www.frsirt.com/english/advisories/2007/3375", "@id": "FrSIRT/ADV-2007-3375", "@source": "FRSIRT" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-DesignError", "@title": "No Mapping(CWE-DesignError)" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-20", "@title": "Improper Input Validation(CWE-20)" } ], "title": "Cosminexus Denial of Service Vulnerability" }
jvndb-2007-001133
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Cosminexus Component Container Session Handling Vulnerability
Details
The session failover function in Cosminexus Component Container may fail to handle session information properly and allow one user's session data to be used as aonther user's session data.
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-001133.html", "dc:date": "2008-05-21T00:00+09:00", "dcterms:issued": "2008-05-21T00:00+09:00", "dcterms:modified": "2008-05-21T00:00+09:00", "description": "The session failover function in Cosminexus Component Container may fail to handle session information properly and allow one user\u0027s session data to be used as aonther user\u0027s session data.", "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-001133.html", "sec:cpe": [ { "#text": "cpe:/a:hitachi:cosminexus_application_server", "@product": "Cosminexus Application Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_collaboration", "@product": "Cosminexus Collaboration", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_component_container", "@product": "Cosminexus Component Container", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_developer", "@product": "Cosminexus Developer", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_erp_integrator", "@product": "Cosminexus ERP Integrator", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_opentp1", "@product": "Cosminexus/OpenTP1", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:electronic_form_workflow", "@product": "Electronic Form Workflow", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:groupmax_collaboration", "@product": "Groupmax Collaboration", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_application_server", "@product": "uCosminexus Application Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_collaboration", "@product": "uCosminexus Collaboration", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_developer", "@product": "uCosminexus Developer", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_erp_integrator", "@product": "uCosminexus ERP Integrator", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_opentp1", "@product": "uCosminexus/OpenTP1 ", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_service", "@product": "uCosminexus Service", "@vendor": "Hitachi, Ltd", "@version": "2.2" } ], "sec:cvss": { "@score": "4.9", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:M/Au:S/C:P/I:P/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2007-001133", "sec:references": [ { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4124", "@id": "CVE-2007-4124", "@source": "CVE" }, { "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4124", "@id": "CVE-2007-4124", "@source": "NVD" }, { "#text": "http://secunia.com/advisories/26250", "@id": "SA26250", "@source": "SECUNIA" }, { "#text": "http://www.securityfocus.com/bid/25145", "@id": "25145", "@source": "BID" }, { "#text": "http://xforce.iss.net/xforce/xfdb/35706", "@id": "35706", "@source": "XF" }, { "#text": "http://www.frsirt.com/english/advisories/2007/2725", "@id": "FrSIRT/ADV-2007-2725", "@source": "FRSIRT" } ], "title": "Cosminexus Component Container Session Handling Vulnerability" }
jvndb-2007-000700
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Cosminexus javadoc Cross-Site Scripting Vulnerability
Details
The javadoc command of Cosminexus may generate an HTML file that contains cross-site scripting vulnerabilities.
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000700.html", "dc:date": "2008-05-21T00:00+09:00", "dcterms:issued": "2008-05-21T00:00+09:00", "dcterms:modified": "2008-05-21T00:00+09:00", "description": "The javadoc command of Cosminexus may generate an HTML file that contains cross-site scripting vulnerabilities.", "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000700.html", "sec:cpe": [ { "#text": "cpe:/a:hitachi:cosminexus_developers_kit_for_java", "@product": "Cosminexus Developer\u0027s Kit for Java(TM)", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:electronic_form_workflow", "@product": "Electronic Form Workflow", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_application_server", "@product": "uCosminexus Application Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_client", "@product": "uCosminexus Client", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_developer", "@product": "uCosminexus Developer", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_erp_integrator", "@product": "uCosminexus ERP Integrator", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_operator", "@product": "uCosminexus Operator", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_service", "@product": "uCosminexus Service", "@vendor": "Hitachi, Ltd", "@version": "2.2" } ], "sec:cvss": { "@score": "4.3", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2007-000700", "sec:references": [ { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4760", "@id": "CVE-2007-4760", "@source": "CVE" }, { "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4760", "@id": "CVE-2007-4760", "@source": "NVD" }, { "#text": "http://secunia.com/advisories/26671", "@id": "SA26671", "@source": "SECUNIA" }, { "#text": "http://www.securityfocus.com/bid/25518", "@id": "25518", "@source": "BID" }, { "#text": "http://xforce.iss.net/xforce/xfdb/36393", "@id": "36393", "@source": "XF" }, { "#text": "http://www.frsirt.com/english/advisories/2007/3033", "@id": "FrSIRT/ADV-2007-3033", "@source": "FRSIRT" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-79", "@title": "Cross-site Scripting(CWE-79)" } ], "title": "Cosminexus javadoc Cross-Site Scripting Vulnerability" }
jvndb-2007-000702
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Cosminexus Developer's Kit for Java Buffer Overflow and Denial of Service Vulnerabilities
Details
The image-processing APIs in Cosminexus Developer's Kit for Java is vulnerable to buffer overflow and a Denial od Service (DoS).
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000702.html", "dc:date": "2008-05-21T00:00+09:00", "dcterms:issued": "2008-05-21T00:00+09:00", "dcterms:modified": "2008-05-21T00:00+09:00", "description": "The image-processing APIs in Cosminexus Developer\u0027s Kit for Java is vulnerable to buffer overflow and a Denial od Service (DoS).", "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000702.html", "sec:cpe": [ { "#text": "cpe:/a:hitachi:cosminexus_application_server", "@product": "Cosminexus Application Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_client", "@product": "Cosminexus Client ", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_collaboration", "@product": "Cosminexus Collaboration", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_developer", "@product": "Cosminexus Developer", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_developers_kit_for_java", "@product": "Cosminexus Developer\u0027s Kit for Java(TM)", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_erp_integrator", "@product": "Cosminexus ERP Integrator", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_opentp1", "@product": "Cosminexus/OpenTP1", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_server", "@product": "Cosminexus Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_studio", "@product": "Cosminexus Studio", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:electronic_form_workflow", "@product": "Electronic Form Workflow", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:groupmax_collaboration", "@product": "Groupmax Collaboration", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:hitachi_developers_kit_for_java", "@product": "Hitachi Developer\u0027s Kit for Java", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:processing_kit_for_xml", "@product": "Processing Kit for XML", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_application_server", "@product": "uCosminexus Application Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_client", "@product": "uCosminexus Client", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_collaboration", "@product": "uCosminexus Collaboration", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_developer", "@product": "uCosminexus Developer", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_erp_integrator", "@product": "uCosminexus ERP Integrator", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_opentp1", "@product": "uCosminexus/OpenTP1 ", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_operator", "@product": "uCosminexus Operator", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_service", "@product": "uCosminexus Service", "@vendor": "Hitachi, Ltd", "@version": "2.2" } ], "sec:cvss": { "@score": "7.5", "@severity": "High", "@type": "Base", "@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "@version": "2.0" }, "sec:identifier": "JVNDB-2007-000702", "sec:references": [ { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4758", "@id": "CVE-2007-4758", "@source": "CVE" }, { "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4758", "@id": "CVE-2007-4758", "@source": "NVD" }, { "#text": "http://secunia.com/advisories/26538", "@id": "SA26538", "@source": "SECUNIA" }, { "#text": "http://xforce.iss.net/xforce/xfdb/36618", "@id": "36618", "@source": "XF" }, { "#text": "http://www.frsirt.com/english/advisories/2007/3034", "@id": "FrSIRT/ADV-2007-3034", "@source": "FRSIRT" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-119", "@title": "Buffer Errors(CWE-119)" } ], "title": "Cosminexus Developer\u0027s Kit for Java Buffer Overflow and Denial of Service Vulnerabilities" }
jvndb-2007-000297
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-07-11 13:47
Summary
Apache Tomcat Accept-Language Header Cross-Site Scripting Vulnerability
Details
Apache Tomcat from the Apache Software Foundation contains a cross-site scripting vulnerability in the Accept-Language header handling.
Apache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.
Apache Tomcat contains a cross-site scripting vulnerability. It occurs when the value of the Accept-Language header sent from a client is non-standard.
The vendor has confirmed that this vulnerability occurs when an outdated version of Flash is used.
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000297.html", "dc:date": "2008-07-11T13:47+09:00", "dcterms:issued": "2008-05-21T00:00+09:00", "dcterms:modified": "2008-07-11T13:47+09:00", "description": "Apache Tomcat from the Apache Software Foundation contains a cross-site scripting vulnerability in the Accept-Language header handling.\r\n\r\nApache Tomcat from the Apache Software Foundation is an implementation of the Java Servlet and JavaServer Page (JSP) technologies.\r\n\r\nApache Tomcat contains a cross-site scripting vulnerability. It occurs when the value of the Accept-Language header sent from a client is non-standard.\r\n\r\nThe vendor has confirmed that this vulnerability occurs when an outdated version of Flash is used.", "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000297.html", "sec:cpe": [ { "#text": "cpe:/a:apache:tomcat", "@product": "Apache Tomcat", "@vendor": "Apache Software Foundation", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_application_framework_suite", "@product": "Interstage Application Framework Suite", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_application_server", "@product": "Interstage Application Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_apworks", "@product": "Interstage Apworks", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_business_application_server", "@product": "Interstage Business Application Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_job_workload_server", "@product": "Interstage Job Workload Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_web_server", "@product": "Interstage Web Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_application_server", "@product": "Cosminexus Application Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_developer", "@product": "Cosminexus Developer", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_application_server", "@product": "uCosminexus Application Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_developer", "@product": "uCosminexus Developer", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_service", "@product": "uCosminexus Service", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:nec:webotx_application_server", "@product": "WebOTX Application Server", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:apple:mac_os_x_server", "@product": "Apple Mac OS X Server", "@vendor": "Apple Inc.", "@version": "2.2" }, { "#text": "cpe:/o:hp:hp-ux", "@product": "HP-UX", "@vendor": "Hewlett-Packard Development Company,L.P", "@version": "2.2" }, { "#text": "cpe:/o:misc:miraclelinux_asianux_server", "@product": "Asianux Server", "@vendor": "Cybertrust Japan Co., Ltd.", "@version": "2.2" }, { "#text": "cpe:/o:sun:solaris", "@product": "Sun Solaris", "@vendor": "Sun Microsystems, Inc.", "@version": "2.2" } ], "sec:cvss": { "@score": "4.3", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2007-000297", "sec:references": [ { "#text": "http://jvn.jp/en/jp/JVN16535199/index.html", "@id": "JVN#16535199", "@source": "JVN" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1358", "@id": "CVE-2007-1358", "@source": "CVE" }, { "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-1358", "@id": "CVE-2007-1358", "@source": "NVD" }, { "#text": "http://secunia.com/advisories/25721", "@id": "SA25721", "@source": "SECUNIA" }, { "#text": "http://www.securityfocus.com/bid/24524", "@id": "24524", "@source": "BID" }, { "#text": "http://www.securitytracker.com/id?1018269", "@id": "1018269", "@source": "SECTRACK" }, { "#text": "http://www.frsirt.com/english/advisories/2007/1729", "@id": "FrSIRT/ADV-2007-1729", "@source": "FRSIRT" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-79", "@title": "Cross-site Scripting(CWE-79)" } ], "title": "Apache Tomcat Accept-Language Header Cross-Site Scripting Vulnerability" }
jvndb-2007-001022
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2009-11-16 11:52
Summary
Apache UTF-7 Encoding Cross-Site Scripting Vulnerability
Details
The mod_autoindex.c module in Apache HTTP Server is vulnerable to a cross-site scripting attack. When the charset on a server-generated page is undefined, the vulnerability allows attackers to inject arbitrary scripts or HTML via the P parameter using the UTF-7 charset.
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-001022.html", "dc:date": "2009-11-16T11:52+09:00", "dcterms:issued": "2008-05-21T00:00+09:00", "dcterms:modified": "2009-11-16T11:52+09:00", "description": "The mod_autoindex.c module in Apache HTTP Server is vulnerable to a cross-site scripting attack. When the charset on a server-generated page is undefined, the vulnerability allows attackers to inject arbitrary scripts or HTML via the P parameter using the UTF-7 charset.", "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-001022.html", "sec:cpe": [ { "#text": "cpe:/a:apache:http_server", "@product": "Apache HTTP Server", "@vendor": "Apache Software Foundation", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_application_framework_suite", "@product": "Interstage Application Framework Suite", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_application_server", "@product": "Interstage Application Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_apworks", "@product": "Interstage Apworks", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_business_application_server", "@product": "Interstage Business Application Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_job_workload_server", "@product": "Interstage Job Workload Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_studio", "@product": "Interstage Studio", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_web_server", "@product": "Interstage Web Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:systemwalker_resource_coordinator", "@product": "Systemwalker Resource Coordinator", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:hitachi_web_server", "@product": "Hitachi Web Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_application_server", "@product": "uCosminexus Application Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_service", "@product": "uCosminexus Service", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/o:apple:mac_os_x_server", "@product": "Apple Mac OS X Server", "@vendor": "Apple Inc.", "@version": "2.2" }, { "#text": "cpe:/o:hp:hp-ux", "@product": "HP-UX", "@vendor": "Hewlett-Packard Development Company,L.P", "@version": "2.2" }, { "#text": "cpe:/o:misc:miraclelinux_asianux_server", "@product": "Asianux Server", "@vendor": "Cybertrust Japan Co., Ltd.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux", "@product": "Red Hat Enterprise Linux", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux_desktop", "@product": "Red Hat Enterprise Linux Desktop", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:linux_advanced_workstation", "@product": "Red Hat Linux Advanced Workstation", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:rhel_desktop_workstation", "@product": "RHEL Desktop Workstation", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_appliance_server", "@product": "Turbolinux Appliance Server", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_fuji", "@product": "Turbolinux FUJI", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_multimedia", "@product": "Turbolinux Multimedia", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_personal", "@product": "Turbolinux Personal", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_server", "@product": "Turbolinux Server", "@vendor": "Turbolinux, Inc.", "@version": "2.2" } ], "sec:cvss": { "@score": "4.3", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2007-001022", "sec:references": [ { "#text": "http://jvn.jp/en/tr/TRTA08-150A/index.html", "@id": "TRTA08-150A", "@source": "JVNTR" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4465", "@id": "CVE-2007-4465", "@source": "CVE" }, { "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4465", "@id": "CVE-2007-4465", "@source": "NVD" }, { "#text": "http://www.us-cert.gov/cas/alerts/SA08-150A.html", "@id": "SA08-150A", "@source": "CERT-SA" }, { "#text": "http://www.us-cert.gov/cas/techalerts/TA08-150A.html", "@id": "TA08-150A", "@source": "CERT-TA" }, { "#text": "http://www.securityfocus.com/bid/25653", "@id": "25653", "@source": "BID" }, { "#text": "http://xforce.iss.net/xforce/xfdb/36586", "@id": "36586", "@source": "XF" }, { "#text": "http://www.securitytracker.com/id?1019194", "@id": "1019194", "@source": "SECTRACK" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-79", "@title": "Cross-site Scripting(CWE-79)" } ], "title": "Apache UTF-7 Encoding Cross-Site Scripting Vulnerability" }
jvndb-2007-001091
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Cosminexus Application Server Incorrect Group Permission Handling Vulnerability
Details
When a logical J2EE server or logical user server is started from Cosminexus Manager in Cosminexus Application Server, Cosminexus Manager may assign the wrong user's group permissions to an activated server process.
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-001091.html", "dc:date": "2008-05-21T00:00+09:00", "dcterms:issued": "2008-05-21T00:00+09:00", "dcterms:modified": "2008-05-21T00:00+09:00", "description": "When a logical J2EE server or logical user server is started from Cosminexus Manager in Cosminexus Application Server, Cosminexus Manager may assign the wrong user\u0027s group permissions to an activated server process.", "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-001091.html", "sec:cpe": [ { "#text": "cpe:/a:hitachi:cosminexus_application_server", "@product": "Cosminexus Application Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:electronic_form_workflow", "@product": "Electronic Form Workflow", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_application_server", "@product": "uCosminexus Application Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_service", "@product": "uCosminexus Service", "@vendor": "Hitachi, Ltd", "@version": "2.2" } ], "sec:cvss": { "@score": "4.6", "@severity": "Medium", "@type": "Base", "@vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "@version": "2.0" }, "sec:identifier": "JVNDB-2007-001091", "sec:references": [ { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4564", "@id": "CVE-2007-4564", "@source": "CVE" }, { "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-4564", "@id": "CVE-2007-4564", "@source": "NVD" }, { "#text": "http://secunia.com/advisories/26589", "@id": "SA26589", "@source": "SECUNIA" }, { "#text": "http://www.securityfocus.com/bid/25434", "@id": "25434", "@source": "BID" }, { "#text": "http://xforce.iss.net/xforce/xfdb/36245", "@id": "36245", "@source": "XF" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-264", "@title": "Permissions(CWE-264)" } ], "title": "Cosminexus Application Server Incorrect Group Permission Handling Vulnerability" }
jvndb-2009-001544
Vulnerability from jvndb
Published
2009-07-07 11:12
Modified
2009-07-07 11:12
Summary
Cosminexus Processing Kit for XML and Hitachi Developer's Kit for Java Possible Unauthorized Access through Vulnerability in Encoding Process
Details
Cosminexus Processing Kit for XML and Hitachi Developer's Kit for Java have a vulnerability where UTF-8 output is not properly judged due to deficiency in encoding processing, which may lead to unauthorized access.
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-001544.html", "dc:date": "2009-07-07T11:12+09:00", "dcterms:issued": "2009-07-07T11:12+09:00", "dcterms:modified": "2009-07-07T11:12+09:00", "description": "Cosminexus Processing Kit for XML and Hitachi Developer\u0027s Kit for Java have a vulnerability where UTF-8 output is not properly judged due to deficiency in encoding processing, which may lead to unauthorized access.", "link": "https://jvndb.jvn.jp/en/contents/2009/JVNDB-2009-001544.html", "sec:cpe": [ { "#text": "cpe:/a:hitachi:cosminexus_application_server", "@product": "Cosminexus Application Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_client", "@product": "Cosminexus Client ", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_developer", "@product": "Cosminexus Developer", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_opentp1", "@product": "Cosminexus/OpenTP1", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_server", "@product": "Cosminexus Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_studio", "@product": "Cosminexus Studio", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:electronic_form_workflow", "@product": "Electronic Form Workflow", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:groupmax_collaboration", "@product": "Groupmax Collaboration", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:hitachi_developers_kit_for_java", "@product": "Hitachi Developer\u0027s Kit for Java", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:processing_kit_for_xml", "@product": "Processing Kit for XML", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_application_server", "@product": "uCosminexus Application Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_client", "@product": "uCosminexus Client", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_collaboration", "@product": "uCosminexus Collaboration", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_developer", "@product": "uCosminexus Developer", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_opentp1", "@product": "uCosminexus/OpenTP1 ", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_operator", "@product": "uCosminexus Operator", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_service", "@product": "uCosminexus Service", "@vendor": "Hitachi, Ltd", "@version": "2.2" } ], "sec:cvss": { "@score": "10.0", "@severity": "High", "@type": "Base", "@vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "@version": "2.0" }, "sec:identifier": "JVNDB-2009-001544", "sec:references": { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-noinfo", "@title": "No Mapping(CWE-noinfo)" }, "title": "Cosminexus Processing Kit for XML and Hitachi Developer\u0027s Kit for Java Possible Unauthorized Access through Vulnerability in Encoding Process" }
jvndb-2010-001874
Vulnerability from jvndb
Published
2010-09-01 14:11
Modified
2010-09-01 14:11
Summary
Denial of Service (DoS) Vulnerability in Cosminexus
Details
Cosminexus series products contain a vulnerability that could cause a denial of service (DoS) condition when receiving unexpected data.
After it abends, the service can be restarted by rebooting the system.
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-001874.html", "dc:date": "2010-09-01T14:11+09:00", "dcterms:issued": "2010-09-01T14:11+09:00", "dcterms:modified": "2010-09-01T14:11+09:00", "description": "Cosminexus series products contain a vulnerability that could cause a denial of service (DoS) condition when receiving unexpected data.\r\nAfter it abends, the service can be restarted by rebooting the system.", "link": "https://jvndb.jvn.jp/en/contents/2010/JVNDB-2010-001874.html", "sec:cpe": [ { "#text": "cpe:/a:hitachi:cosminexus_developer", "@product": "Cosminexus Developer", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:documentbroker", "@product": "DocumentBroker", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:electronic_form_workflow", "@product": "Electronic Form Workflow", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_developer", "@product": "uCosminexus Developer", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_navigation", "@product": "uCosminexus Navigation", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_reporting_base", "@product": "uCosminexus Reporting Base", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_service", "@product": "uCosminexus Service", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_si_navigation_system", "@product": "uCosminexus SI Navigation System", "@vendor": "Hitachi, Ltd", "@version": "2.2" } ], "sec:cvss": { "@score": "7.8", "@severity": "High", "@type": "Base", "@vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "@version": "2.0" }, "sec:identifier": "JVNDB-2010-001874", "sec:references": { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-noinfo", "@title": "No Mapping(CWE-noinfo)" }, "title": "Denial of Service (DoS) Vulnerability in Cosminexus" }
jvndb-2007-000701
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-05-21 00:00
Summary
Cosminexus, Processing Kit for XML and Hitachi Developer's Kit for Java Buffer Overflow Vulnerabilities
Details
Cosminexus, Processing Kit for XML and Hitachi Developer's Kit for Java may suffer from buffer overflow when a Java application handles GIF images with the image-processing APIs.
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000701.html", "dc:date": "2008-05-21T00:00+09:00", "dcterms:issued": "2008-05-21T00:00+09:00", "dcterms:modified": "2008-05-21T00:00+09:00", "description": "Cosminexus, Processing Kit for XML and Hitachi Developer\u0027s Kit for Java may suffer from buffer overflow when a Java application handles GIF images with the image-processing APIs.", "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000701.html", "sec:cpe": [ { "#text": "cpe:/a:hitachi:cosminexus_application_server", "@product": "Cosminexus Application Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_client", "@product": "Cosminexus Client ", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_collaboration", "@product": "Cosminexus Collaboration", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_developer", "@product": "Cosminexus Developer", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_developers_kit_for_java", "@product": "Cosminexus Developer\u0027s Kit for Java(TM)", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_erp_integrator", "@product": "Cosminexus ERP Integrator", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_opentp1", "@product": "Cosminexus/OpenTP1", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_server", "@product": "Cosminexus Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_studio", "@product": "Cosminexus Studio", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:electronic_form_workflow", "@product": "Electronic Form Workflow", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:groupmax_collaboration", "@product": "Groupmax Collaboration", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:hitachi_developers_kit_for_java", "@product": "Hitachi Developer\u0027s Kit for Java", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:processing_kit_for_xml", "@product": "Processing Kit for XML", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_application_server", "@product": "uCosminexus Application Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_client", "@product": "uCosminexus Client", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_collaboration", "@product": "uCosminexus Collaboration", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_developer", "@product": "uCosminexus Developer", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_erp_integrator", "@product": "uCosminexus ERP Integrator", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_opentp1", "@product": "uCosminexus/OpenTP1 ", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_operator", "@product": "uCosminexus Operator", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_service", "@product": "uCosminexus Service", "@vendor": "Hitachi, Ltd", "@version": "2.2" } ], "sec:cvss": { "@score": "7.5", "@severity": "High", "@type": "Base", "@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "@version": "2.0" }, "sec:identifier": "JVNDB-2007-000701", "sec:references": [ { "#text": "http://jvn.jp/cert/JVNTA07-022A/index.html", "@id": "JVNTA07-022A", "@source": "JVN" }, { "#text": "http://jvn.jp/tr/TRTA07-022A/index.html", "@id": "TRTA07-022A", "@source": "JVNTR" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3794", "@id": "CVE-2007-3794", "@source": "CVE" }, { "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3794", "@id": "CVE-2007-3794", "@source": "NVD" }, { "#text": "http://www.us-cert.gov/cas/alerts/SA07-022A.html", "@id": "SA07-022A", "@source": "CERT-SA" }, { "#text": "http://www.us-cert.gov/cas/techalerts/TA07-022A.html", "@id": "TA07-022A", "@source": "CERT-TA" }, { "#text": "http://secunia.com/advisories/26025", "@id": "SA26025", "@source": "SECUNIA" }, { "#text": "http://www.securityfocus.com/bid/24905", "@id": "24905", "@source": "BID" }, { "#text": "http://xforce.iss.net/xforce/xfdb/36022", "@id": "36022", "@source": "XF" }, { "#text": "http://www.frsirt.com/english/advisories/2007/2534", "@id": "FrSIRT/ADV-2007-2534", "@source": "FRSIRT" } ], "title": "Cosminexus, Processing Kit for XML and Hitachi Developer\u0027s Kit for Java Buffer Overflow Vulnerabilities" }
jvndb-2019-010374
Vulnerability from jvndb
Published
2019-10-18 14:18
Modified
2019-10-18 14:18
Summary
Vulnerability in Cosminexus HTTP Server and Hitachi Web Server
Details
A vulnerability (CVE-2019-10092) exists in Cosminexus HTTP Server and Hitachi Web Server.
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-010374.html", "dc:date": "2019-10-18T14:18+09:00", "dcterms:issued": "2019-10-18T14:18+09:00", "dcterms:modified": "2019-10-18T14:18+09:00", "description": "A vulnerability (CVE-2019-10092) exists in Cosminexus HTTP Server and Hitachi Web Server.", "link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-010374.html", "sec:cpe": [ { "#text": "cpe:/a:hitachi:cosminexus_http_server", "@product": "Cosminexus HTTP Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:hitachi_application_server", "@product": "Hitachi Application Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:hitachi_application_server_for_developers", "@product": "Hitachi Application Server for Developers", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:hitachi_web_server", "@product": "Hitachi Web Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_application_server", "@product": "uCosminexus Application Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_developer", "@product": "uCosminexus Developer", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_primary_server", "@product": "uCosminexus Primary Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_service", "@product": "uCosminexus Service", "@vendor": "Hitachi, Ltd", "@version": "2.2" } ], "sec:identifier": "JVNDB-2019-010374", "sec:references": { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-noinfo", "@title": "No Mapping(CWE-noinfo)" }, "title": "Vulnerability in Cosminexus HTTP Server and Hitachi Web Server" }
jvndb-2019-004441
Vulnerability from jvndb
Published
2019-06-03 13:55
Modified
2019-06-03 13:55
Summary
Vulnerability in Cosminexus HTTP Server and Hitachi Web Server
Details
A vulnerability (CVE-2019-0220) exists in Cosminexus HTTP Server and Hitachi Web Server.
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-004441.html", "dc:date": "2019-06-03T13:55+09:00", "dcterms:issued": "2019-06-03T13:55+09:00", "dcterms:modified": "2019-06-03T13:55+09:00", "description": "A vulnerability (CVE-2019-0220) exists in Cosminexus HTTP Server and Hitachi Web Server.", "link": "https://jvndb.jvn.jp/en/contents/2019/JVNDB-2019-004441.html", "sec:cpe": [ { "#text": "cpe:/a:hitachi:cosminexus_http_server", "@product": "Cosminexus HTTP Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:hitachi_application_server", "@product": "Hitachi Application Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:hitachi_application_server_for_developers", "@product": "Hitachi Application Server for Developers", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:hitachi_web_server", "@product": "Hitachi Web Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_application_server", "@product": "uCosminexus Application Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_developer", "@product": "uCosminexus Developer", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_primary_server", "@product": "uCosminexus Primary Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_service", "@product": "uCosminexus Service", "@vendor": "Hitachi, Ltd", "@version": "2.2" } ], "sec:identifier": "JVNDB-2019-004441", "sec:references": { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-noinfo", "@title": "No Mapping(CWE-noinfo)" }, "title": "Vulnerability in Cosminexus HTTP Server and Hitachi Web Server" }
jvndb-2008-000016
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2008-10-09 13:35
Summary
Sun Java Runtime Environment (JRE) contains a vulnerability in processing XSLT transformations
Details
The Sun Microsystems Java Runtime Environment (JRE) contains a vulnerability that could allow privilege escalation in the processing of XSLT transformations.
The Sun Microsystems Java Runtime Environment (JRE) contains a vulnerability that could allow a remote attacker to elevate its privileges via an untrusted applet or application that is downloaded from a website to perform XSLT transformations on XML documents.
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000016.html", "dc:date": "2008-10-09T13:35+09:00", "dcterms:issued": "2008-05-21T00:00+09:00", "dcterms:modified": "2008-10-09T13:35+09:00", "description": "The Sun Microsystems Java Runtime Environment (JRE) contains a vulnerability that could allow privilege escalation in the processing of XSLT transformations.\r\n\r\nThe Sun Microsystems Java Runtime Environment (JRE) contains a vulnerability that could allow a remote attacker to elevate its privileges via an untrusted applet or application that is downloaded from a website to perform XSLT transformations on XML documents.", "link": "https://jvndb.jvn.jp/en/contents/2008/JVNDB-2008-000016.html", "sec:cpe": [ { "#text": "cpe:/a:hitachi:electronic_form_workflow", "@product": "Electronic Form Workflow", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_application_server", "@product": "uCosminexus Application Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_client", "@product": "uCosminexus Client", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_developer", "@product": "uCosminexus Developer", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_operator", "@product": "uCosminexus Operator", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_service", "@product": "uCosminexus Service", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:redhat:enterprise_linux", "@product": "Red Hat Enterprise Linux Extras", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/a:redhat:rhel_desktop_supplementary", "@product": "RHEL Desktop Supplementary", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/a:redhat:rhel_supplementary", "@product": "RHEL Supplementary", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/a:sun:jdk", "@product": "JDK", "@vendor": "Sun Microsystems, Inc.", "@version": "2.2" }, { "#text": "cpe:/a:sun:jre", "@product": "JRE", "@vendor": "Sun Microsystems, Inc.", "@version": "2.2" }, { "#text": "cpe:/a:sun:sdk", "@product": "SDK", "@vendor": "Sun Microsystems, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:apple:mac_os_x", "@product": "Apple Mac OS X", "@vendor": "Apple Inc.", "@version": "2.2" }, { "#text": "cpe:/o:apple:mac_os_x_server", "@product": "Apple Mac OS X Server", "@vendor": "Apple Inc.", "@version": "2.2" }, { "#text": "cpe:/o:misc:miraclelinux_asianux_server", "@product": "Asianux Server", "@vendor": "Cybertrust Japan Co., Ltd.", "@version": "2.2" } ], "sec:cvss": { "@score": "6.8", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "@version": "2.0" }, "sec:identifier": "JVNDB-2008-000016", "sec:references": [ { "#text": "http://jvn.jp/cert/JVNTA08-066A/index.html", "@id": "JVNTA08-066A", "@source": "JVN" }, { "#text": "http://jvn.jp/en/jp/JVN04032535/index.html", "@id": "JVN#04032535", "@source": "JVN" }, { "#text": "http://jvn.jp/tr/TRTA08-066A/index.html", "@id": "TRTA08-066A", "@source": "JVNTR" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1187", "@id": "CVE-2008-1187", "@source": "CVE" }, { "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-1187", "@id": "CVE-2008-1187", "@source": "NVD" }, { "#text": "http://www.ipa.go.jp/security/english/vuln/200803_JRE_press_en.html", "@id": "Security Alert for Vulnerability In Sun JRE (Java Runtime Environment) XSLT Transformations", "@source": "IPA SECURITY ALERTS" }, { "#text": "https://www.us-cert.gov/cas/alerts/SA08-066A.html", "@id": "SA08-066A", "@source": "CERT-SA" }, { "#text": "http://www.us-cert.gov/cas/techalerts/TA08-066A.html", "@id": "TA08-066A", "@source": "CERT-TA" }, { "#text": "http://secunia.com/advisories/29273", "@id": "SA29273", "@source": "SECUNIA" }, { "#text": "http://www.securityfocus.com/bid/28083", "@id": "28083", "@source": "BID" }, { "#text": "http://xforce.iss.net/xforce/xfdb/41025", "@id": "41025", "@source": "XF" }, { "#text": "http://www.securitytracker.com/id?1019548", "@id": "1019548", "@source": "SECTRACK" }, { "#text": "http://www.frsirt.com/english/advisories/2008/0770", "@id": "FrSIRT/ADV-2008-0770", "@source": "FRSIRT" }, { "#text": "http://jvndb.jvn.jp/ja/contents/2008/JVNDB-2008-000016.html", "@id": "JVNDB-2008-000016", "@source": "JVNDB_Ja" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-264", "@title": "Permissions(CWE-264)" } ], "title": "Sun Java Runtime Environment (JRE) contains a vulnerability in processing XSLT transformations" }
jvndb-2007-000819
Vulnerability from jvndb
Published
2008-05-21 00:00
Modified
2013-07-18 18:58
Summary
Cross-site scripting vulnerability in Apache HTTP Server "mod_imap" and "mod_imagemap"
Details
mod_imap and mod_imagemap modules of the Apache HTTP Server are vulnerable to cross-site scripting.
The Apache HTTP Server is open source web server software. The Apache HTTP Server modules mod_imap and mod_imagemap provide server-side imagemap processing capability.
The Apache HTTP Server modules mod_imap and mod_imagemap are vulnerable to cross-site scripting.
References
Impacted products
{ "@rdf:about": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000819.html", "dc:date": "2013-07-18T18:58+09:00", "dcterms:issued": "2008-05-21T00:00+09:00", "dcterms:modified": "2013-07-18T18:58+09:00", "description": "mod_imap and mod_imagemap modules of the Apache HTTP Server are vulnerable to cross-site scripting.\r\n\r\nThe Apache HTTP Server is open source web server software. The Apache HTTP Server modules mod_imap and mod_imagemap provide server-side imagemap processing capability.\r\nThe Apache HTTP Server modules mod_imap and mod_imagemap are vulnerable to cross-site scripting.", "link": "https://jvndb.jvn.jp/en/contents/2007/JVNDB-2007-000819.html", "sec:cpe": [ { "#text": "cpe:/a:apache:http_server", "@product": "Apache HTTP Server", "@vendor": "Apache Software Foundation", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_application_framework_suite", "@product": "Interstage Application Framework Suite", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_application_server", "@product": "Interstage Application Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_apworks", "@product": "Interstage Apworks", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_business_application_server", "@product": "Interstage Business Application Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_job_workload_server", "@product": "Interstage Job Workload Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_studio", "@product": "Interstage Studio", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:interstage_web_server", "@product": "Interstage Web Server", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:fujitsu:systemwalker_resource_coordinator", "@product": "Systemwalker Resource Coordinator", "@vendor": "FUJITSU", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_application_server", "@product": "Cosminexus Application Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_developer", "@product": "Cosminexus Developer", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:cosminexus_server", "@product": "Cosminexus Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:hitachi_web_server", "@product": "Hitachi Web Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_application_server", "@product": "uCosminexus Application Server", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_developer", "@product": "uCosminexus Developer", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:hitachi:ucosminexus_service", "@product": "uCosminexus Service", "@vendor": "Hitachi, Ltd", "@version": "2.2" }, { "#text": "cpe:/a:ibm:http_server", "@product": "IBM HTTP Server", "@vendor": "IBM Corporation", "@version": "2.2" }, { "#text": "cpe:/a:oracle:http_server", "@product": "Oracle HTTP Server", "@vendor": "Oracle Corporation", "@version": "2.2" }, { "#text": "cpe:/a:redhat:rhel_application_stack", "@product": "Red Hat Application Stack", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/h:nec:wanbooster", "@product": "WanBooster", "@vendor": "NEC Corporation", "@version": "2.2" }, { "#text": "cpe:/o:apple:mac_os_x", "@product": "Apple Mac OS X", "@vendor": "Apple Inc.", "@version": "2.2" }, { "#text": "cpe:/o:apple:mac_os_x_server", "@product": "Apple Mac OS X Server", "@vendor": "Apple Inc.", "@version": "2.2" }, { "#text": "cpe:/o:hp:hp-ux", "@product": "HP-UX", "@vendor": "Hewlett-Packard Development Company,L.P", "@version": "2.2" }, { "#text": "cpe:/o:misc:miraclelinux_asianux_server", "@product": "Asianux Server", "@vendor": "Cybertrust Japan Co., Ltd.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux", "@product": "Red Hat Enterprise Linux", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:enterprise_linux_desktop", "@product": "Red Hat Enterprise Linux Desktop", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:linux_advanced_workstation", "@product": "Red Hat Linux Advanced Workstation", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:redhat:rhel_desktop_workstation", "@product": "RHEL Desktop Workstation", "@vendor": "Red Hat, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:sun:solaris", "@product": "Sun Solaris", "@vendor": "Sun Microsystems, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_appliance_server", "@product": "Turbolinux Appliance Server", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_fuji", "@product": "Turbolinux FUJI", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_multimedia", "@product": "Turbolinux Multimedia", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_personal", "@product": "Turbolinux Personal", "@vendor": "Turbolinux, Inc.", "@version": "2.2" }, { "#text": "cpe:/o:turbolinux:turbolinux_server", "@product": "Turbolinux Server", "@vendor": "Turbolinux, Inc.", "@version": "2.2" } ], "sec:cvss": { "@score": "4.3", "@severity": "Medium", "@type": "Base", "@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "@version": "2.0" }, "sec:identifier": "JVNDB-2007-000819", "sec:references": [ { "#text": "http://jvn.jp/en/jp/JVN80057925/index.html", "@id": "JVN#80057925", "@source": "JVN" }, { "#text": "https://jvn.jp/en/tr/TRTA08-079A/index.html", "@id": "TRTA08-079A", "@source": "JVNTR" }, { "#text": "https://jvn.jp/en/tr/TRTA08-150A/index.html", "@id": "TRTA08-150A", "@source": "JVNTR" }, { "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000", "@id": "CVE-2007-5000", "@source": "CVE" }, { "#text": "http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5000", "@id": "CVE-2007-5000", "@source": "NVD" }, { "#text": "http://secunia.com/advisories/28046", "@id": "SA28046", "@source": "SECUNIA" }, { "#text": "http://secunia.com/advisories/28073", "@id": "SA28073", "@source": "SECUNIA" }, { "#text": "http://www.frsirt.com/english/advisories/2007/4201", "@id": "FrSIRT/ADV-2007-4201", "@source": "FRSIRT" }, { "#text": "http://www.frsirt.com/english/advisories/2007/4202", "@id": "FrSIRT/ADV-2007-4202", "@source": "FRSIRT" }, { "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html", "@id": "CWE-79", "@title": "Cross-site Scripting(CWE-79)" } ], "title": "Cross-site scripting vulnerability in Apache HTTP Server \"mod_imap\" and \"mod_imagemap\"" }