Hitachi uCosminexus Application Server Session Failover User Data Leak Vulnerability
BID:25145
Info
Hitachi uCosminexus Application Server Session Failover User Data Leak Vulnerability
| Bugtraq ID: | 25145 |
| Class: | Design Error |
| CVE: |
CVE-2007-4124 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 31 2007 12:00AM |
| Updated: | May 07 2015 05:36PM |
| Credit: | The vendor disclosed this issue. |
| Vulnerable: |
Hitachi uCosminexus/OpenTP1 Web Front-end Set 0 Hitachi uCosminexus Service Platform 0 Hitachi uCosminexus Service Architect 0 Hitachi uCosminexus ERP Integrator 0 Hitachi uCosminexus Developer Standard 0 Hitachi uCosminexus Developer Professional 0 Hitachi uCosminexus Collaboration Server 0 Hitachi uCosminexus Application Server Standard Version 6 Hitachi uCosminexus Application Server Standard 06-70-/B (Solaris) Hitachi uCosminexus Application Server Standard 06-70-/B (AIX) Hitachi uCosminexus Application Server Standard 06-70-/A (Solaris) Hitachi uCosminexus Application Server Standard 06-70-/A (AIX) Hitachi uCosminexus Application Server Standard 06-70 (Solaris) Hitachi uCosminexus Application Server Standard 0 Hitachi uCosminexus Application Server Smart Edition 0 Hitachi uCosminexus Application Server Enterprise Version 6 Hitachi uCosminexus Application Server Enterprise 09-80 (Windows(x64)) Hitachi uCosminexus Application Server Enterprise 06-70-/B (Solaris) Hitachi uCosminexus Application Server Enterprise 06-70-/B (AIX) Hitachi uCosminexus Application Server Enterprise 06-70-/A (Solaris) Hitachi uCosminexus Application Server Enterprise 06-70-/A (AIX) Hitachi uCosminexus Application Server Enterprise 06-70 (Solaris) Hitachi uCosminexus Application Server Enterprise 06-70 (AIX) Hitachi Groupmax Collaboration Server 0 Hitachi Electronic Form Workflow Standard Set 0 Hitachi Electronic Form Workflow Professional Library Set 0 Hitachi Electronic Form Workflow Developer Client Set 0 Hitachi Cosminexus/OpenTP1 Web Front-end Set 0 Hitachi Cosminexus ERP Integrator 0 Hitachi Cosminexus Developer Standard 6 Hitachi Cosminexus Developer Professional 6 Hitachi Cosminexus Developer Light 6 Hitachi Cosminexus Collaboration Server 0 Hitachi Cosminexus Application Server Standard 6 Hitachi Cosminexus Application Server Enterprise 6 |
| Not Vulnerable: | |
Discussion
Hitachi uCosminexus Application Server Session Failover User Data Leak Vulnerability
Hitachi uCosminexus Application Server is prone to a vulnerability where session data being used by one user might be used as the session data of another user.
An attacker can exploit this issue to gain unauthorized access to session information.
This issue affects the Hitachi uCosminexus Application Server, which is included in various Hitachi applications.
Hitachi uCosminexus Application Server is prone to a vulnerability where session data being used by one user might be used as the session data of another user.
An attacker can exploit this issue to gain unauthorized access to session information.
This issue affects the Hitachi uCosminexus Application Server, which is included in various Hitachi applications.
Exploit / POC
Hitachi uCosminexus Application Server Session Failover User Data Leak Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
Hitachi uCosminexus Application Server Session Failover User Data Leak Vulnerability
Solution:
The vendor released an advisory and fixes for this issue. Please see the referenced advisory for details.
Solution:
The vendor released an advisory and fixes for this issue. Please see the referenced advisory for details.
References
Hitachi uCosminexus Application Server Session Failover User Data Leak Vulnerability
References:
References: