CVE-2007-5809

Hitachi Web Server <03-10 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in Hitachi Web Server 01-00 through 03-10, as used by certain Cosminexus products, allows remote attackers to inject arbitrary web script or HTML via unspecified HTTP requests that trigger creation of a server-status page.

References (5)

[Vendor Advisory] http://secunia.com/advisories/27421

[Various Sources] http://www.hitachi-support.com/security_e/vuls_e/HS07-035_e/index-e.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/26271

[Third Party Advisory, VDB Entry] http://osvdb.org/42027

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/3666

Scores

EPSS 0.0035

EPSS Percentile 57.2%

Classification

CWE

CWE-79

Status draft

Affected Products (44)

hitachi/cosminexus_application_server_enterprise < 06_51_j

hitachi/cosminexus_application_server_standard < 06_51_j

hitachi/cosminexus_developer_light_version_6 < 06_51_j

hitachi/cosminexus_developer_professional_version_6 < 06_51_j

hitachi/cosminexus_developer_standard_version_6 < 06_51_j

hitachi/cosminexus_server < 04_01

hitachi/ucosminexus_application_server_enterprise < 07_50_01

hitachi/ucosminexus_application_server_standard < 07_50_01

hitachi/ucosminexus_developer_light < 06_71_d

hitachi/ucosminexus_developer_professional < 07_50_01

hitachi/ucosminexus_developer_standard < 07_50_01

hitachi/ucosminexus_service_architect < 07_50_01

hitachi/ucosminexus_service_platform < 07_50_01

hitachi/web_server

hitachi/web_server

... and 29 more

Timeline

Published Nov 05, 2007

Tracked Since Feb 18, 2026