Vulnerability Name:

CVE-2007-5809 (CCN-35097)

Assigned:2007-06-26
Published:2007-06-26
Updated:2011-03-08
Summary:Cross-site scripting (XSS) vulnerability in Hitachi Web Server 01-00 through 03-10, as used by certain Cosminexus products, allows remote attackers to inject arbitrary web script or HTML via unspecified HTTP requests that trigger creation of a server-status page.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-79
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2006-5752

Source: MITRE
Type: CNA
CVE-2007-5809

Source: CCN
Type: HP Security Bulletin HPSBUX02262 SSRT071447
HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS)

Source: CCN
Type: Apache HTTP Server Web site
Welcome! - The Apache HTTP Server Project

Source: CCN
Type: Apache Web site
moderate: mod_status cross-site scripting CVE-2006-5752

Source: OSVDB
Type: UNKNOWN
42027

Source: CCN
Type: RHSA-2007-0532
Moderate: apache security update

Source: CCN
Type: RHSA-2007-0533
Moderate: httpd security update

Source: CCN
Type: RHSA-2007-0534
Moderate: httpd security update

Source: CCN
Type: RHSA-2007-0556
Moderate: httpd security update

Source: CCN
Type: RHSA-2007-0557
Moderate: httpd security update

Source: CCN
Type: RHSA-2008-0261
Moderate: Red Hat Network Satellite Server security update

Source: CCN
Type: RHSA-2008-0263
Low: Red Hat Network Proxy Server security update

Source: CCN
Type: RHSA-2008-0523
Low: Red Hat Network Proxy Server security update

Source: CCN
Type: RHSA-2008-0524
Low: Red Hat Network Satellite Server security update

Source: CCN
Type: RHSA-2010-0602
Moderate: Red Hat Certificate System 7.3 security update

Source: CCN
Type: SA26273
Apache Denial of Service and Cross-Site Scripting

Source: CCN
Type: SA26458
IBM HTTP Server "mod_status" Cross-Site Scripting

Source: CCN
Type: SA26508
Avaya Products Perl Net::DNS and Apache Vulnerabilities

Source: CCN
Type: SA26993
IBM WebSphere Application Server for z/OS HTTP Server Vulnerabilities

Source: CCN
Type: SA27421
Hitachi Web Server Multiple Vulnerabilities

Source: SECUNIA
Type: Vendor Advisory
27421

Source: CCN
Type: SA28212
Sun Solaris Apache Cross-Site Scripting and Denial of Service

Source: CCN
Type: SA28224
Sun Solaris Apache Cross-Site Scripting and Denial of Service

Source: CCN
Type: SA28606
Interstage HTTP Server Multiple Vulnerabilities

Source: CCN
Type: SECTRACK ID: 1018302
Apache mod_status Input Validation Hole Permits Cross-Site Scripting Attacks

Source: CCN
Type: Sun Alert ID: 103179
Security Vulnerabilities in the Apache 1.3 and 2.0 Web Server Daemon and "mod_status" Module May Lead to Cross Site Scripting (XSS) or Denial of Service (DoS).

Source: CCN
Type: ASA-2007-288
Apache security update (RHSA-2007-0532)

Source: CCN
Type: ASA-2007-327
httpd security update (RHSA-2007-0533 and RHSA-2007-0534)

Source: CCN
Type: ASA-2007-353
httpd security update (RHSA-2007-0557)

Source: CCN
Type: ASA-2007-416
HP-UX running Apache, Remote Arbitrary Code Execution, Cross Site Scripting (XSS) (HPSBUX02262)

Source: CCN
Type: ASA-2008-012
Security Vulnerabilities in the Apache 1.3 and 2.0 Web Server Daemon and "mod_status" Module May Lead to Cross Site Scripting (XSS) or Denial of Service (DoS) (SUN 103179)

Source: CCN
Type: Nortel BULLETIN ID: 2008008602, Rev 1
Nortel Response to Apache 1.3 and 2.0 Web Server Daemon Vulnerabilities

Source: CCN
Type: APAR PK53584
IBM HTTP SERVER 2.0.47 CUMULATIVE E-FIX

Source: CCN
Type: APAR PK49295
CVE-2006-5752 MOD_STATUS CROSS-SITE SCRIPTING VULNERABILITY

Source: CCN
Type: APAR PK52702
Z/OS IBM HTTP SERVER FOR WEBSPHERE (POWERED BY APACHE) FIX PACK 6.1.0.13

Source: CCN
Type: FUJITSU Web site
Cross site scripting (XSS) and denial of service (DoS) vulnerabilities in Interstage HTTP Server. January 22nd, 2008

Source: CCN
Type: GLSA-200711-06
Apache: Multiple vulnerabilities

Source: CCN
Type: Hitachi Security Vulnerability Information HS07-035
Cross-Site Scripting Vulnerability in Hitachi Web Server Function for Creating Server-Status Pages

Source: CONFIRM
Type: UNKNOWN
http://www.hitachi-support.com/security_e/vuls_e/HS07-035_e/index-e.html

Source: CCN
Type: Oracle Web Site
Oracle Critical Patch Update - July 2013

Source: CCN
Type: OSVDB ID: 37052
Apache HTTP Server mod_status mod_status.c Unspecified XSS

Source: CCN
Type: OSVDB ID: 42027
Hitachi Web Server Server-status Page Creation Unspecified XSS

Source: CCN
Type: BID-24645
Apache HTTP Server Mod_Status Cross-Site Scripting Vulnerability

Source: BID
Type: UNKNOWN
26271

Source: CCN
Type: BID-26271
Hitachi Web Server HTML Injection Vulnerability and Signature Forgery Vulnerability

Source: CCN
Type: TLSA-2007-41
Two vulnerabilities discovered in httpd

Source: CCN
Type: USN-499-1
Apache vulnerabilities

Source: VUPEN
Type: UNKNOWN
ADV-2007-3666

Source: XF
Type: UNKNOWN
apache-modstatus-xss(35097)

Source: SUSE
Type: SUSE-SA:2007:061
Apache2 security issues

Vulnerable Configuration:Configuration 1:
  • cpe:/a:hitachi:cosminexus_application_server_enterprise:*:*:*:*:*:*:*:* (Version <= 06_51_j)
  • OR cpe:/a:hitachi:cosminexus_application_server_standard:*:*:*:*:*:*:*:* (Version <= 06_51_j)
  • OR cpe:/a:hitachi:cosminexus_developer_light_version_6:*:*:*:*:*:*:*:* (Version <= 06_51_j)
  • OR cpe:/a:hitachi:cosminexus_developer_professional_version_6:*:*:*:*:*:*:*:* (Version <= 06_51_j)
  • OR cpe:/a:hitachi:cosminexus_developer_standard_version_6:*:*:*:*:*:*:*:* (Version <= 06_51_j)
  • OR cpe:/a:hitachi:cosminexus_server:*:*:*:*:*:*:*:* (Version <= 04_01)
  • OR cpe:/a:hitachi:ucosminexus_application_server_enterprise:*:*:*:*:*:*:*:* (Version <= 07_50_01)
  • OR cpe:/a:hitachi:ucosminexus_application_server_standard:*:*:*:*:*:*:*:* (Version <= 07_50_01)
  • OR cpe:/a:hitachi:ucosminexus_developer_light:*:*:*:*:*:*:*:* (Version <= 06_71_d)
  • OR cpe:/a:hitachi:ucosminexus_developer_professional:*:*:*:*:*:*:*:* (Version <= 07_50_01)
  • OR cpe:/a:hitachi:ucosminexus_developer_standard:*:*:*:*:*:*:*:* (Version <= 07_50_01)
  • OR cpe:/a:hitachi:ucosminexus_service_architect:*:*:*:*:*:*:*:* (Version <= 07_50_01)
  • OR cpe:/a:hitachi:ucosminexus_service_platform:*:*:*:*:*:*:*:* (Version <= 07_50_01)
  • OR cpe:/a:hitachi:web_server:01_00:*:hpux:*:*:*:*:*
  • OR cpe:/a:hitachi:web_server:01_00:*:solaris:*:*:*:*:*
  • OR cpe:/a:hitachi:web_server:01_01:*:aix:*:*:*:*:*
  • OR cpe:/a:hitachi:web_server:01_01:*:linux:*:*:*:*:*
  • OR cpe:/a:hitachi:web_server:01_01:*:turbolinux:*:*:*:*:*
  • OR cpe:/a:hitachi:web_server:01_01_d:*:linux:*:*:*:*:*
  • OR cpe:/a:hitachi:web_server:01_02_d:*:hpux:*:*:*:*:*
  • OR cpe:/a:hitachi:web_server:01_02_d:*:solaris:*:*:*:*:*
  • OR cpe:/a:hitachi:web_server:01_02_e:*:aix:*:*:*:*:*
  • OR cpe:/a:hitachi:web_server:02_00:*:aix:*:*:*:*:*
  • OR cpe:/a:hitachi:web_server:02_00:*:hpux:*:*:*:*:*
  • OR cpe:/a:hitachi:web_server:02_00:*:linux:*:*:*:*:*
  • OR cpe:/a:hitachi:web_server:02_00:*:solaris:*:*:*:*:*
  • OR cpe:/a:hitachi:web_server:02_00:*:turbolinux:*:*:*:*:*
  • OR cpe:/a:hitachi:web_server:02_00:*:windows:*:*:*:*:*
  • OR cpe:/a:hitachi:web_server:02_00_a:*:linux:*:*:*:*:*
  • OR cpe:/a:hitachi:web_server:02_02:*:hpux:*:*:*:*:*
  • OR cpe:/a:hitachi:web_server:02_02:*:hpux(ipf):*:*:*:*:*
  • OR cpe:/a:hitachi:web_server:02_02:*:linux:*:*:*:*:*
  • OR cpe:/a:hitachi:web_server:02_04_b:*:aix:*:*:*:*:*
  • OR cpe:/a:hitachi:web_server:02_04_b:*:hpux:*:*:*:*:*
  • OR cpe:/a:hitachi:web_server:02_04_b:*:hpux(ipf):*:*:*:*:*
  • OR cpe:/a:hitachi:web_server:02_04_b:*:solaris:*:*:*:*:*
  • OR cpe:/a:hitachi:web_server:02_04_b:*:windows:*:*:*:*:*
  • OR cpe:/a:hitachi:web_server:02_06_a:*:linux:*:*:*:*:*
  • OR cpe:/a:hitachi:web_server:03_00:*:aix:*:*:*:*:*
  • OR cpe:/a:hitachi:web_server:03_00:*:hpux(ipf):*:*:*:*:*
  • OR cpe:/a:hitachi:web_server:03_00:*:linux:*:*:*:*:*
  • OR cpe:/a:hitachi:web_server:03_00:*:windows:*:*:*:*:*
  • OR cpe:/a:hitachi:web_server:03_00_01:*:solaris:*:*:*:*:*
  • OR cpe:/a:hitachi:web_server:03_00_01:*:windows:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:apache:http_server:2.0.60:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:1.3.37:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.0.59:*:*:*:*:*:*:*
  • OR cpe:/a:apache:http_server:2.2.4:*:*:*:*:*:*:*
  • OR cpe:/a:ibm:http_server:6.1:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:certificate_system:7.3:*:*:*:*:*:*:*
  • AND
  • cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:b.11.11:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/a:ibm:http_server:2.0.47:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:b.11.23:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*
  • OR cpe:/o:novell:linux_desktop:9:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*
  • OR cpe:/a:avaya:message_networking:-:*:*:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.0::oss:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:suse:suse_linux:10.1::personal:*:*:*:*:*
  • OR cpe:/o:novell:suse_linux_enterprise_server:10:sp2:itanium_ia64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0::x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*
  • OR cpe:/o:turbolinux:turbolinux:fuji:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0::x86-64:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:7.04:*:*:*:*:*:*:*
  • OR cpe:/o:hp:hp-ux:b.11.31:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007.1::x86-64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.5.z::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:4.5.z::es:*:*:*:*:*
  • OR cpe:/a:novell:open_enterprise_server:*:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:network_proxy:4.2:*:*:*:*:*:*:*
  • OR cpe:/a:redhat:network_proxy:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.2:*:*:*:*:*:*:*
  • OR cpe:/o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
  • OR cpe:/a:oracle:http_server:-:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    hitachi cosminexus application server enterprise *
    hitachi cosminexus application server standard *
    hitachi cosminexus developer light version 6 *
    hitachi cosminexus developer professional version 6 *
    hitachi cosminexus developer standard version 6 *
    hitachi cosminexus server *
    hitachi ucosminexus application server enterprise *
    hitachi ucosminexus application server standard *
    hitachi ucosminexus developer light *
    hitachi ucosminexus developer professional *
    hitachi ucosminexus developer standard *
    hitachi ucosminexus service architect *
    hitachi ucosminexus service platform *
    hitachi web server 01_00
    hitachi web server 01_00
    hitachi web server 01_01
    hitachi web server 01_01
    hitachi web server 01_01
    hitachi web server 01_01_d
    hitachi web server 01_02_d
    hitachi web server 01_02_d
    hitachi web server 01_02_e
    hitachi web server 02_00
    hitachi web server 02_00
    hitachi web server 02_00
    hitachi web server 02_00
    hitachi web server 02_00
    hitachi web server 02_00
    hitachi web server 02_00_a
    hitachi web server 02_02
    hitachi web server 02_02
    hitachi web server 02_02
    hitachi web server 02_04_b
    hitachi web server 02_04_b
    hitachi web server 02_04_b
    hitachi web server 02_04_b
    hitachi web server 02_04_b
    hitachi web server 02_06_a
    hitachi web server 03_00
    hitachi web server 03_00
    hitachi web server 03_00
    hitachi web server 03_00
    hitachi web server 03_00_01
    hitachi web server 03_00_01
    apache http server 2.0.60
    apache http server 1.3.37
    apache http server 2.0.59
    apache http server 2.2.4
    ibm http server 6.1
    redhat certificate system 7.3
    gentoo linux *
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    hp hp-ux b.11.11
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    ibm http server 2.0.47
    redhat enterprise linux 3
    hp hp-ux b.11.23
    mandrakesoft mandrake linux corporate server 3.0
    redhat enterprise linux 4
    redhat enterprise linux 4
    novell linux desktop 9
    redhat enterprise linux 4
    redhat enterprise linux 4
    novell open enterprise server *
    mandrakesoft mandrake multi network firewall 2.0
    avaya message networking -
    suse suse linux 10.0
    redhat linux advanced workstation 2.1
    canonical ubuntu 6.06
    suse suse linux 10.1
    novell suse linux enterprise server 10 sp2
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    turbolinux turbolinux fuji
    redhat enterprise linux desktop 5.0
    redhat enterprise linux 5
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2007.1
    mandrakesoft mandrake linux 2008.0
    canonical ubuntu 7.04
    hp hp-ux b.11.31
    redhat enterprise linux 5
    mandrakesoft mandrake linux 2007.1
    redhat enterprise linux 4.5.z
    redhat enterprise linux 4.5.z
    novell open enterprise server *
    redhat network proxy 4.2
    redhat network proxy 5.0
    novell opensuse 10.2
    novell opensuse 10.3
    oracle http server -