Vulnerability CVE-2007-0514

Vulnerability Name:

CVE-2007-0514 (CCN-31959)

Assigned:

2007-01-24

Published:

2007-01-24

Updated:

2011-03-08

Summary:

Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML via (1) HTTP Expect headers or (2) image maps.

CVSS v3 Severity:

4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Access Complexity (AC): Authentication (Au):
Impact Metrics:	Confidentiality (C): Integrity (I): Availibility (A):

4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N)
3.5 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Access Complexity (AC): Athentication (Au):
Impact Metrics:	Confidentiality (C): Integrity (I): Availibility (A):

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2007-0514

Source: OSVDB
Type: UNKNOWN
32997

Source: OSVDB
Type: UNKNOWN
32998

Source: CCN
Type: SA23843
Hitachi Web Server Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
23843

Source: CCN
Type: Hitachi Security Vulnerability Information HS06-022-01
Multiple Vulnerabilities of Hitachi Web Server

Source: CONFIRM
Type: Patch, Vendor Advisory
http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html

Source: CCN
Type: OSVDB ID: 32997
Hitachi Web Server HTTP Expect Header XSS

Source: CCN
Type: OSVDB ID: 32998
Hitachi Web Server Image Maps XSS

Source: CCN
Type: BID-22234
Hitachi Web Server Multiple Vulnerabilities

Source: VUPEN
Type: UNKNOWN
ADV-2007-0326

Source: XF
Type: UNKNOWN
hws-imagemap-xss(31959)

Vulnerable Configuration:

Configuration 1:

cpe:/a:hitachi:cosminexus_application_server:*:*:*:*:*:*:*:*

OR cpe:/a:hitachi:cosminexus_application_server:6:*:enterprise:*:*:*:*:*

OR cpe:/a:hitachi:cosminexus_application_server_version_5:*:*:*:*:*:*:*:*

OR cpe:/a:hitachi:cosminexus_developer_light_version_6:*:*:*:*:*:*:*:*

OR cpe:/a:hitachi:cosminexus_developer_professional_version_6:*:*:*:*:*:*:*:*

OR cpe:/a:hitachi:cosminexus_developer_standard_version_6:*:*:*:*:*:*:*:*

OR cpe:/a:hitachi:cosminexus_developer_version_5:*:*:*:*:*:*:*:*

OR cpe:/a:hitachi:cosminexus_server_-_enterprise_edition:*:*:*:*:*:*:*:*

OR cpe:/a:hitachi:cosminexus_server_-_standard_edition:*:*:*:*:*:*:*:*

OR cpe:/a:hitachi:cosminexus_server_-_standard_edition_version_4:*:*:*:*:*:*:*:*

OR cpe:/a:hitachi:cosminexus_server_-_web_edition:*:*:*:*:*:*:*:*

OR cpe:/a:hitachi:cosminexus_server_-_web_edition_version_4:*:*:*:*:*:*:*:*

OR cpe:/a:hitachi:hitachi_web_server:*:*:*:*:*:*:*:*

OR cpe:/a:hitachi:ucosminexus_application_server_enterprise:*:*:enterprise:*:*:*:*:*

OR cpe:/a:hitachi:ucosminexus_application_server_smart_edition:*:*:*:*:*:*:*:*

OR cpe:/a:hitachi:ucosminexus_application_server_standard:*:*:*:*:*:*:*:*

OR cpe:/a:hitachi:ucosminexus_developer_light:*:*:*:*:*:*:*:*

OR cpe:/a:hitachi:ucosminexus_developer_standard:*:*:*:*:*:*:*:*

OR cpe:/a:hitachi:ucosminexus_service_architect:*:*:*:*:*:*:*:*

OR cpe:/a:hitachi:ucosminexus_service_platform:*:*:*:*:*:*:*:*

Denotes that component is vulnerable

Vulnerability Name:

CVE-2007-0514 (CCN-31960)

Assigned:

2007-01-24

Published:

2007-01-24

Updated:

2011-03-08

Summary:

CVSS v3 Severity:

4.8 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Access Complexity (AC): Authentication (Au):
Impact Metrics:	Confidentiality (C): Integrity (I): Availibility (A):

4.0 Medium (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N)
3.5 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Access Complexity (AC): Athentication (Au):
Impact Metrics:	Confidentiality (C): Integrity (I): Availibility (A):

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2007-0514

Source: CCN
Type: SA23843
Hitachi Web Server Multiple Vulnerabilities

Source: CCN
Type: Hitachi Security Vulnerability Information HS06-022-01
Multiple Vulnerabilities of Hitachi Web Server

Source: CCN
Type: OSVDB ID: 32997
Hitachi Web Server HTTP Expect Header XSS

Source: CCN
Type: OSVDB ID: 32998
Hitachi Web Server Image Maps XSS

Source: CCN
Type: BID-22234
Hitachi Web Server Multiple Vulnerabilities

Source: XF
Type: UNKNOWN
hws-expectheader-xss(31960)

BACK