Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2007-5809

Cross-site scripting (XSS) vulnerability in Hitachi Web Server 01-00 through 03-10, as used by certain Cosminexus products, allows remote attackers to inject arbitrary web script or HTML via unspecified HTTP requests that trigger creation of a server-status page.

Published

2007-11-05T17:46:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
CWE-79

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	hitachi	cosminexus_application_server_enterprise	≤ 06_51_j	Yes
Application	hitachi	cosminexus_application_server_standard	≤ 06_51_j	Yes
Application	hitachi	cosminexus_developer_light_version_6	≤ 06_51_j	Yes
Application	hitachi	cosminexus_developer_professional_version_6	≤ 06_51_j	Yes
Application	hitachi	cosminexus_developer_standard_version_6	≤ 06_51_j	Yes
Application	hitachi	cosminexus_server	≤ 04_01	Yes
Application	hitachi	ucosminexus_application_server_enterprise	≤ 07_50_01	Yes
Application	hitachi	ucosminexus_application_server_standard	≤ 07_50_01	Yes
Application	hitachi	ucosminexus_developer_light	≤ 06_71_d	Yes
Application	hitachi	ucosminexus_developer_professional	≤ 07_50_01	Yes
Application	hitachi	ucosminexus_developer_standard	≤ 07_50_01	Yes
Application	hitachi	ucosminexus_service_architect	≤ 07_50_01	Yes
Application	hitachi	ucosminexus_service_platform	≤ 07_50_01	Yes
Application	hitachi	web_server	01_00	Yes
Application	hitachi	web_server	01_00	Yes
Application	hitachi	web_server	01_01	Yes
Application	hitachi	web_server	01_01	Yes
Application	hitachi	web_server	01_01	Yes
Application	hitachi	web_server	01_01_d	Yes
Application	hitachi	web_server	01_02_d	Yes
Application	hitachi	web_server	01_02_d	Yes
Application	hitachi	web_server	01_02_e	Yes
Application	hitachi	web_server	02_00	Yes
Application	hitachi	web_server	02_00	Yes
Application	hitachi	web_server	02_00	Yes
Application	hitachi	web_server	02_00	Yes
Application	hitachi	web_server	02_00	Yes
Application	hitachi	web_server	02_00	Yes
Application	hitachi	web_server	02_00_a	Yes
Application	hitachi	web_server	02_02	Yes
Application	hitachi	web_server	02_02	Yes
Application	hitachi	web_server	02_02	Yes
Application	hitachi	web_server	02_04_b	Yes
Application	hitachi	web_server	02_04_b	Yes
Application	hitachi	web_server	02_04_b	Yes
Application	hitachi	web_server	02_04_b	Yes
Application	hitachi	web_server	02_04_b	Yes
Application	hitachi	web_server	02_06_a	Yes
Application	hitachi	web_server	03_00	Yes
Application	hitachi	web_server	03_00	Yes
Application	hitachi	web_server	03_00	Yes
Application	hitachi	web_server	03_00	Yes
Application	hitachi	web_server	03_00_01	Yes
Application	hitachi	web_server	03_00_01	Yes

References

http://osvdb.org/42027 ([email protected])
http://secunia.com/advisories/27421 Vendor Advisory ([email protected])
http://www.hitachi-support.com/security_e/vuls_e/HS07-035_e/index-e.html ([email protected])
http://www.securityfocus.com/bid/26271 ([email protected])
http://www.vupen.com/english/advisories/2007/3666 ([email protected])
http://osvdb.org/42027 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/27421 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.hitachi-support.com/security_e/vuls_e/HS07-035_e/index-e.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/26271 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/3666 (af854a3a-2127-422b-91ae-364da2661108)