Lucene search

[email protected]CVE-2007-5810

HistoryNov 05, 2007 - 5:46 p.m.

CVE-2007-5810

2007-11-0517:46:00

CWE-20

[email protected]

web.nvd.nist.gov

hitachi web server

ssl validation

authentication spoofing

cve-2007-5810

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.8 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.3%

JSON

Hitachi Web Server 01-00 through 03-00-01, as used by certain Cosminexus products, does not properly validate SSL client certificates, which might allow remote attackers to spoof authentication via a client certificate with a forged signature.

Affected configurations

NVD

Node

hitachicosminexus_application_server_enterpriseRange≤06_51_j

hitachicosminexus_application_server_standardRange≤06_51_j

hitachicosminexus_developer_light_version_6Range≤06_51_j

hitachicosminexus_developer_professional_version_6Range≤06_51_j

hitachicosminexus_developer_standard_version_6Range≤06_51_j

hitachicosminexus_serverRange≤04_01

hitachiucosminexus_application_server_enterpriseRange≤07_50_01

hitachiucosminexus_application_server_standardRange≤07_50_01

hitachiucosminexus_developer_lightRange≤06_71_d

hitachiucosminexus_developer_professionalRange≤07_50_01

hitachiucosminexus_developer_standardRange≤07_50_01

hitachiucosminexus_service_architectRange≤07_50_01

hitachiucosminexus_service_platformRange≤07_50_01

hitachiweb_serverMatch01_00hpux

hitachiweb_serverMatch01_00solaris

hitachiweb_serverMatch01_01aix

hitachiweb_serverMatch01_01linux

hitachiweb_serverMatch01_01turbolinux

hitachiweb_serverMatch01_01_dlinux

hitachiweb_serverMatch01_02_dhpux

hitachiweb_serverMatch01_02_dsolaris

hitachiweb_serverMatch01_02_eaix

hitachiweb_serverMatch02_00aix

hitachiweb_serverMatch02_00hpux

hitachiweb_serverMatch02_00linux

hitachiweb_serverMatch02_00solaris

hitachiweb_serverMatch02_00turbolinux

hitachiweb_serverMatch02_00windows

hitachiweb_serverMatch02_00_alinux

hitachiweb_serverMatch02_02hpux

hitachiweb_serverMatch02_02hpux\(ipf\)

hitachiweb_serverMatch02_02linux

hitachiweb_serverMatch02_04_baix

hitachiweb_serverMatch02_04_bhpux

hitachiweb_serverMatch02_04_bhpux\(ipf\)

hitachiweb_serverMatch02_04_bsolaris

hitachiweb_serverMatch02_04_bwindows

hitachiweb_serverMatch02_06_alinux

hitachiweb_serverMatch03_00aix

hitachiweb_serverMatch03_00hpux\(ipf\)

hitachiweb_serverMatch03_00linux

hitachiweb_serverMatch03_00windows

hitachiweb_serverMatch03_00_01solaris

hitachiweb_serverMatch03_00_01windows

CPENameOperatorVersion
hitachi:cosminexus_application_server_enterprisehitachi cosminexus application server enterprisele06_51_j
hitachi:cosminexus_application_server_standardhitachi cosminexus application server standardle06_51_j
hitachi:cosminexus_developer_light_version_6hitachi cosminexus developer light version 6le06_51_j
hitachi:cosminexus_developer_professional_version_6hitachi cosminexus developer professional version 6le06_51_j
hitachi:cosminexus_developer_standard_version_6hitachi cosminexus developer standard version 6le06_51_j
hitachi:cosminexus_serverhitachi cosminexus serverle04_01
hitachi:ucosminexus_application_server_enterprisehitachi ucosminexus application server enterprisele07_50_01
hitachi:ucosminexus_application_server_standardhitachi ucosminexus application server standardle07_50_01
hitachi:ucosminexus_developer_lighthitachi ucosminexus developer lightle06_71_d
hitachi:ucosminexus_developer_professionalhitachi ucosminexus developer professionalle07_50_01

CPE	Name	Operator	Version
hitachi:cosminexus_application_server_enterprise	hitachi cosminexus application server enterprise	le	06_51_j
hitachi:cosminexus_application_server_standard	hitachi cosminexus application server standard	le	06_51_j
hitachi:cosminexus_developer_light_version_6	hitachi cosminexus developer light version 6	le	06_51_j
hitachi:cosminexus_developer_professional_version_6	hitachi cosminexus developer professional version 6	le	06_51_j
hitachi:cosminexus_developer_standard_version_6	hitachi cosminexus developer standard version 6	le	06_51_j
hitachi:cosminexus_server	hitachi cosminexus server	le	04_01
hitachi:ucosminexus_application_server_enterprise	hitachi ucosminexus application server enterprise	le	07_50_01
hitachi:ucosminexus_application_server_standard	hitachi ucosminexus application server standard	le	07_50_01
hitachi:ucosminexus_developer_light	hitachi ucosminexus developer light	le	06_71_d
hitachi:ucosminexus_developer_professional	hitachi ucosminexus developer professional	le	07_50_01

Rows per page:

1-10 of 251

References

osvdb.org/42026

secunia.com/advisories/27421

www.hitachi-support.com/security_e/vuls_e/HS07-034_e/index-e.html

www.securityfocus.com/bid/26271

www.vupen.com/english/advisories/2007/3666

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.8 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.3%

JSON

Related for CVE-2007-5810

cvelist1 nvd1 prion1 cisco1