Hitachi Web Server Multiple Vulnerabilities

Bugtraq ID:	22234
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Jan 25 2007 12:00AM
Updated:	Dec 18 2008 02:11PM
Credit:	The vendor disclosed these issues.
Vulnerable:	Hitachi Web Server for VOS3 0 Hitachi Web Server - Security Enhancement 0 Hitachi Web Server - Custom Edition 0 Hitachi Web Server 0 Hitachi uCosminexus Service Platform 0 Hitachi uCosminexus Service Architect 0 Hitachi uCosminexus Developer Standard 0 Hitachi uCosminexus Developer Professional 0 Hitachi uCosminexus Developer Light 0 Hitachi uCosminexus Application Server Standard 0 Hitachi uCosminexus Application Server Smart Edition 0 Hitachi uCosminexus Application Server Enterprise 09-80 (Windows(x64)) Hitachi Cosminexus Server Web Edition 4 Hitachi Cosminexus Server Web Edition 0 Hitachi Cosminexus Server Standard Edition 4 Hitachi Cosminexus Server Standard Edition 0 Hitachi Cosminexus Server - Enterprise Edition 0 Hitachi Cosminexus Developer Standard 6 Hitachi Cosminexus Developer Professional 6 Hitachi Cosminexus Developer 5 Hitachi Cosminexus Application Server Standard 6 Hitachi Cosminexus Application Server Enterprise 6 Hitachi Cosminexus Application Server 5.0
Not Vulnerable:	Hitachi Web Server 03-00-01 (Windows) Hitachi Web Server 03-00-01 (Solaris) Hitachi Web Server 03-00-01 (HP-UX) Hitachi Web Server 03-00-01 (AIX) Hitachi Web Server 02-06-/A (Linux) Hitachi Web Server 02-04-/B (Solaris) Hitachi Web Server 02-04-/B (HP-UX) Hitachi Web Server 02-04-/B (HP-UX IPF) Hitachi Web Server 02-04-/B (AIX) Hitachi Web Server 02-04-/A (Windows IP

Hitachi Web Server Multiple Vulnerabilities

Hitachi Web Server is prone to multiple vulnerabilities.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user or to bypass certain security restrictions. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Hitachi Web Server Multiple Vulnerabilities

Attackers can exploit these issues by using readily available networking tools and by enticing victims into following malicious links.

Hitachi Web Server Multiple Vulnerabilities

Solution:
The vendor released an advisory and fixes to address these issues. Please see the references for more information.

Hitachi Web Server Multiple Vulnerabilities

References:

• Hitachi Home Page (Hitachi)
  
• HS06-022: Multiple Vulnerabilities of Hitachi Web Server (Hitachi)