2 results (0.005 seconds)

CVSS: 4.3EPSS: 0%CPEs: 44EXPL: 0

Cross-site scripting (XSS) vulnerability in Hitachi Web Server 01-00 through 03-10, as used by certain Cosminexus products, allows remote attackers to inject arbitrary web script or HTML via unspecified HTTP requests that trigger creation of a server-status page. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Hitachi Web Server 01-00 hasta 03-10, tal y como se usa en determinados productos Cosminexus, permite a atacantes remotos inyectar scripts web o HTML de su elección mediante peticiones HTTP no especificadas que disparan la creación de una página estado-de-servidor. • http://osvdb.org/42027 http://secunia.com/advisories/27421 http://www.hitachi-support.com/security_e/vuls_e/HS07-035_e/index-e.html http://www.securityfocus.com/bid/26271 http://www.vupen.com/english/advisories/2007/3666 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 44EXPL: 0

Hitachi Web Server 01-00 through 03-00-01, as used by certain Cosminexus products, does not properly validate SSL client certificates, which might allow remote attackers to spoof authentication via a client certificate with a forged signature. Hitachi Web Server 01-00 hasta 03-00-01, tal y como se usa en determinados productos Cosminexus, no valida apropiadamente certificados SSL cliente, lo cual podría permitir a atacantes remotos suplantar autenticación mediante un certificado cliente con una firma falsificada. • http://osvdb.org/42026 http://secunia.com/advisories/27421 http://www.hitachi-support.com/security_e/vuls_e/HS07-034_e/index-e.html http://www.securityfocus.com/bid/26271 http://www.vupen.com/english/advisories/2007/3666 • CWE-20: Improper Input Validation •