9 results (0.003 seconds)

CVSS: 4.3EPSS: 0%CPEs: 44EXPL: 0

Cross-site scripting (XSS) vulnerability in Hitachi Web Server 01-00 through 03-10, as used by certain Cosminexus products, allows remote attackers to inject arbitrary web script or HTML via unspecified HTTP requests that trigger creation of a server-status page. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Hitachi Web Server 01-00 hasta 03-10, tal y como se usa en determinados productos Cosminexus, permite a atacantes remotos inyectar scripts web o HTML de su elección mediante peticiones HTTP no especificadas que disparan la creación de una página estado-de-servidor. • http://osvdb.org/42027 http://secunia.com/advisories/27421 http://www.hitachi-support.com/security_e/vuls_e/HS07-035_e/index-e.html http://www.securityfocus.com/bid/26271 http://www.vupen.com/english/advisories/2007/3666 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 44EXPL: 0

Hitachi Web Server 01-00 through 03-00-01, as used by certain Cosminexus products, does not properly validate SSL client certificates, which might allow remote attackers to spoof authentication via a client certificate with a forged signature. Hitachi Web Server 01-00 hasta 03-00-01, tal y como se usa en determinados productos Cosminexus, no valida apropiadamente certificados SSL cliente, lo cual podría permitir a atacantes remotos suplantar autenticación mediante un certificado cliente con una firma falsificada. • http://osvdb.org/42026 http://secunia.com/advisories/27421 http://www.hitachi-support.com/security_e/vuls_e/HS07-034_e/index-e.html http://www.securityfocus.com/bid/26271 http://www.vupen.com/english/advisories/2007/3666 • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 1%CPEs: 8EXPL: 0

The Java Secure Socket Extension (JSSE) in the Hitachi Cosminexus Developer's Kit for Java in various Hitachi Cosminexus 7.5 products before 07-50-01, when using JSSE for SSL/TLS support, allows remote attackers to cause a denial of service via certain SSL/TLS handshake requests. NOTE: this may be the same as CVE-2007-3698. La extensión Java Secure Socket Extension (JSSE) en el Hitachi Cosminexus Developer's Kit para Java de varios productos Hitachi Cosminexus 7.5 anteriores a 07-50-01, cuando usan JSSE para el soporte SSL/TLS, permite a atacantes remotos provocar una denegación de servicio mediante determinadas peticiones de negociación SSL/TLS. NOTA: podría ser la misma que CVE-2007-3698. • http://secunia.com/advisories/27075 http://www.hitachi-support.com/security_e/vuls_e/HS07-031_e/index-e.html http://www.securityfocus.com/bid/25935 http://www.vupen.com/english/advisories/2007/3375 https://exchange.xforce.ibmcloud.com/vulnerabilities/36965 • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 0%CPEs: 65EXPL: 0

The javadoc tool in Cosminexus Developer's Kit for Java in Cosminexus 7 and 7.5 can generate HTML documents that contain cross-site scripting (XSS) vulnerabilities, which allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this is probably the same issue as CVE-2007-3503. La herramienta javadoc del Kit para Java: Cosminexus Developer's de Cosminexus 7 y 7.5 puede generar documentos HTML que contienen vulnerabilidades de secuencias de comandos en sitios cruzados (XSS), lo cual permite a atacantes remotos inyectar scripts web o HTML de su elección mediante vectores no especificados. NOTA: esto es probablemente idéntico a CVE-2007-3503. • http://secunia.com/advisories/26671 http://www.hitachi-support.com/security_e/vuls_e/HS07-027_e/index-e.html http://www.securityfocus.com/bid/25518 http://www.vupen.com/english/advisories/2007/3033 https://exchange.xforce.ibmcloud.com/vulnerabilities/36393 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 1%CPEs: 56EXPL: 0

Multiple unspecified vulnerabilities in the image-processing APIs in Cosminexus Developer's Kit for Java in Cosminexus 4 through 7 allow remote attackers to cause a denial of service via unspecified vectors. Múltiples vulnerabilidades no especificadas en las APIs image-processing del Kit para Java: Cosminexus Developer's de Cosminexus 4 hasta 7 permiten a atacantes remotos provocar una denegación de servicio mediante vectores no especificados. • http://osvdb.org/37858 http://secunia.com/advisories/26538 http://www.hitachi-support.com/security_e/vuls_e/HS07-028_e/index-e.html http://www.vupen.com/english/advisories/2007/3034 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •