Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML via (1) HTTP Expect headers or (2) image maps.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.01194.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Hitachi Subscribe
Cosminexus Application Server Subscribe
Cosminexus Application Server Version 5 Subscribe
Cosminexus Developer Light Version 6 Subscribe
Cosminexus Developer Professional Version 6 Subscribe
Cosminexus Developer Standard Version 6 Subscribe
Cosminexus Developer Version 5 Subscribe
Cosminexus Server - Enterprise Edition Subscribe
Cosminexus Server - Standard Edition Subscribe
Cosminexus Server - Standard Edition Version 4 Subscribe
Cosminexus Server - Web Edition Subscribe
Cosminexus Server - Web Edition Version 4 Subscribe
Hitachi Web Server Subscribe
Ucosminexus Application Server Enterprise Subscribe
Ucosminexus Application Server Smart Edition Subscribe
Ucosminexus Application Server Standard Subscribe
Ucosminexus Developer Light Subscribe
Ucosminexus Developer Standard Subscribe
Ucosminexus Service Architect Subscribe
Ucosminexus Service Platform Subscribe

Configuration 1 [-]

OR cpe:2.3:a:hitachi:cosminexus_application_server:*:*:*:*:*:*:*:*
cpe:2.3:a:hitachi:cosminexus_application_server:6:*:enterprise:*:*:*:*:*
cpe:2.3:a:hitachi:cosminexus_application_server_version_5:*:*:*:*:*:*:*:*
cpe:2.3:a:hitachi:cosminexus_developer_light_version_6:*:*:*:*:*:*:*:*
cpe:2.3:a:hitachi:cosminexus_developer_professional_version_6:*:*:*:*:*:*:*:*
cpe:2.3:a:hitachi:cosminexus_developer_standard_version_6:*:*:*:*:*:*:*:*
cpe:2.3:a:hitachi:cosminexus_developer_version_5:*:*:*:*:*:*:*:*
cpe:2.3:a:hitachi:cosminexus_server_-_enterprise_edition:*:*:*:*:*:*:*:*
cpe:2.3:a:hitachi:cosminexus_server_-_standard_edition:*:*:*:*:*:*:*:*
cpe:2.3:a:hitachi:cosminexus_server_-_standard_edition_version_4:*:*:*:*:*:*:*:*
cpe:2.3:a:hitachi:cosminexus_server_-_web_edition:*:*:*:*:*:*:*:*
cpe:2.3:a:hitachi:cosminexus_server_-_web_edition_version_4:*:*:*:*:*:*:*:*
cpe:2.3:a:hitachi:hitachi_web_server:*:*:*:*:*:*:*:*
cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:*:*:enterprise:*:*:*:*:*
cpe:2.3:a:hitachi:ucosminexus_application_server_smart_edition:*:*:*:*:*:*:*:*
cpe:2.3:a:hitachi:ucosminexus_application_server_standard:*:*:*:*:*:*:*:*
cpe:2.3:a:hitachi:ucosminexus_developer_light:*:*:*:*:*:*:*:*
cpe:2.3:a:hitachi:ucosminexus_developer_standard:*:*:*:*:*:*:*:*
cpe:2.3:a:hitachi:ucosminexus_service_architect:*:*:*:*:*:*:*:*
cpe:2.3:a:hitachi:ucosminexus_service_platform:*:*:*:*:*:*:*:*

No data.

No data.

Advisories
Source ID Title
EUVD EUVD EUVD-2007-0512 Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus products before 20070124 allow remote attackers to inject arbitrary web script or HTML via (1) HTTP Expect headers or (2) image maps.
Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References
Link Providers
http://osvdb.org/32997 cve-icon cve-icon
http://osvdb.org/32998 cve-icon cve-icon
http://secunia.com/advisories/23843 cve-icon cve-icon
http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html cve-icon cve-icon
http://www.vupen.com/english/advisories/2007/0326 cve-icon cve-icon
History

No history.

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-07T12:19:30.531Z

Reserved: 2007-01-25T00:00:00

Link: CVE-2007-0514

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2007-01-26T00:28:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-0514

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses