CVE-2007-5809

Cross-site scripting (XSS) vulnerability in Hitachi Web Server 01-00 through 03-10, as used by certain Cosminexus products, allows remote attackers to inject arbitrary web script or HTML via unspecified HTTP requests that trigger creation of a server-status page.

Published: Nov 5, 2007
Updated: Apr 13, 2023
CVE: CVE-2007-5809
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
hitachi / web_server	02_02	02_02.x
hitachi / ucosminexus_application_server_standard	-	07_50_01.x
hitachi / ucosminexus_developer_standard	-	07_50_01.x
hitachi / web_server	01_02_d	01_02_d.x
hitachi / web_server	02_00	02_00.x
hitachi / cosminexus_application_server_enterprise	-	06_51_j.x
hitachi / web_server	02_04_b	02_04_b.x
hitachi / ucosminexus_developer_light	-	06_71_d.x
hitachi / cosminexus_developer_standard_version_6	-	06_51_j.x
hitachi / ucosminexus_service_platform	-	07_50_01.x
hitachi / web_server	03_00	03_00.x
hitachi / cosminexus_application_server_standard	-	06_51_j.x
hitachi / web_server	01_02_e	01_02_e.x
hitachi / cosminexus_server	-	04_01.x
hitachi / web_server	03_00_01	03_00_01.x
hitachi / ucosminexus_application_server_enterprise	-	07_50_01.x
hitachi / ucosminexus_developer_professional	-	07_50_01.x
hitachi / web_server	01_00	01_00.x
hitachi / web_server	01_01	01_01.x
hitachi / cosminexus_developer_professional_version_6	-	06_51_j.x
hitachi / web_server	02_06_a	02_06_a.x
hitachi / cosminexus_developer_light_version_6	-	06_51_j.x
hitachi / web_server	02_00_a	02_00_a.x
hitachi / web_server	01_01_d	01_01_d.x
hitachi / ucosminexus_service_architect	-	07_50_01.x

Vulnerability Database

289,697

CVE-2007-5809