Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2007-5810

Hitachi Web Server 01-00 through 03-00-01, as used by certain Cosminexus products, does not properly validate SSL client certificates, which might allow remote attackers to spoof authentication via a client certificate with a forged signature.

Published

2007-11-05T17:46:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	hitachi	cosminexus_application_server_enterprise	≤ 06_51_j	Yes
Application	hitachi	cosminexus_application_server_standard	≤ 06_51_j	Yes
Application	hitachi	cosminexus_developer_light_version_6	≤ 06_51_j	Yes
Application	hitachi	cosminexus_developer_professional_version_6	≤ 06_51_j	Yes
Application	hitachi	cosminexus_developer_standard_version_6	≤ 06_51_j	Yes
Application	hitachi	cosminexus_server	≤ 04_01	Yes
Application	hitachi	ucosminexus_application_server_enterprise	≤ 07_50_01	Yes
Application	hitachi	ucosminexus_application_server_standard	≤ 07_50_01	Yes
Application	hitachi	ucosminexus_developer_light	≤ 06_71_d	Yes
Application	hitachi	ucosminexus_developer_professional	≤ 07_50_01	Yes
Application	hitachi	ucosminexus_developer_standard	≤ 07_50_01	Yes
Application	hitachi	ucosminexus_service_architect	≤ 07_50_01	Yes
Application	hitachi	ucosminexus_service_platform	≤ 07_50_01	Yes
Application	hitachi	web_server	01_00	Yes
Application	hitachi	web_server	01_00	Yes
Application	hitachi	web_server	01_01	Yes
Application	hitachi	web_server	01_01	Yes
Application	hitachi	web_server	01_01	Yes
Application	hitachi	web_server	01_01_d	Yes
Application	hitachi	web_server	01_02_d	Yes
Application	hitachi	web_server	01_02_d	Yes
Application	hitachi	web_server	01_02_e	Yes
Application	hitachi	web_server	02_00	Yes
Application	hitachi	web_server	02_00	Yes
Application	hitachi	web_server	02_00	Yes
Application	hitachi	web_server	02_00	Yes
Application	hitachi	web_server	02_00	Yes
Application	hitachi	web_server	02_00	Yes
Application	hitachi	web_server	02_00_a	Yes
Application	hitachi	web_server	02_02	Yes
Application	hitachi	web_server	02_02	Yes
Application	hitachi	web_server	02_02	Yes
Application	hitachi	web_server	02_04_b	Yes
Application	hitachi	web_server	02_04_b	Yes
Application	hitachi	web_server	02_04_b	Yes
Application	hitachi	web_server	02_04_b	Yes
Application	hitachi	web_server	02_04_b	Yes
Application	hitachi	web_server	02_06_a	Yes
Application	hitachi	web_server	03_00	Yes
Application	hitachi	web_server	03_00	Yes
Application	hitachi	web_server	03_00	Yes
Application	hitachi	web_server	03_00	Yes
Application	hitachi	web_server	03_00_01	Yes
Application	hitachi	web_server	03_00_01	Yes

References

http://osvdb.org/42026 ([email protected])
http://secunia.com/advisories/27421 Patch, Vendor Advisory ([email protected])
http://www.hitachi-support.com/security_e/vuls_e/HS07-034_e/index-e.html Patch ([email protected])
http://www.securityfocus.com/bid/26271 ([email protected])
http://www.vupen.com/english/advisories/2007/3666 ([email protected])
http://osvdb.org/42026 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/27421 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.hitachi-support.com/security_e/vuls_e/HS07-034_e/index-e.html Patch (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/26271 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/3666 (af854a3a-2127-422b-91ae-364da2661108)