CERTA-2007-AVI-314

Vulnerability from certfr_avis - Published: 2007-07-18 - Updated: 2007-07-18

Différentes vulnérabilités concernant plusieurs produits Hitachi ont été publiées.

Description

Cosminexus, Processing Kit for XML et le Developer's Kit for Java(TM) sont vulnérables à un dépassement de mémoire lors du traitement d'images au format GIF. Le TP1/Server Base est vulnérable à une attaque en deni de service et le JP1/NETM/DM Manager peut être utilisé par un utilisateur malveillant pour réaliser une injection SQL.

Solution

Se référer aux bulletins de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None
Impacted products
Vendor Product Description
Microsoft N/A Cosminexus;
N/A N/A Processing Kit for XML;
N/A N/A Developer's Kit for Java(TM);
N/A N/A TP1/Server Base sur HP-UX version 11.0 ou plus récente;
Microsoft Windows JP1/NETM/DM Manager pour Windows.
References

Show details on source website
To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cosminexus;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Processing Kit for XML;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Developer\u0027s Kit for Java(TM);",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "TP1/Server Base sur HP-UX version 11.0 ou plus r\u00e9cente;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "JP1/NETM/DM Manager pour Windows.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nCosminexus, Processing Kit for XML et le Developer\u0027s Kit for Java(TM)\nsont vuln\u00e9rables \u00e0 un d\u00e9passement de m\u00e9moire lors du traitement d\u0027images\nau format GIF. Le TP1/Server Base est vuln\u00e9rable \u00e0 une attaque en deni\nde service et le JP1/NETM/DM Manager peut \u00eatre utilis\u00e9 par un\nutilisateur malveillant pour r\u00e9aliser une injection SQL.\n\n## Solution\n\nSe r\u00e9f\u00e9rer aux bulletins de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [],
  "initial_release_date": "2007-07-18T00:00:00",
  "last_revision_date": "2007-07-18T00:00:00",
  "links": [
    {
      "title": "Bulletins de s\u00e9curit\u00e9 de Secunia 26025, 25045 et 26052 du    23 juillet 2007 :",
      "url": "http://secunia.com/advisories/26052/"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 de Secunia 26025, 25045 et 26052 du    23 juillet 2007 :",
      "url": "http://secunia.com/advisories/26025/"
    },
    {
      "title": "Bulletins de s\u00e9curit\u00e9 de Secunia 26025, 25045 et 26052 du    23 juillet 2007 :",
      "url": "http://secunia.com/advisories/26045/"
    }
  ],
  "reference": "CERTA-2007-AVI-314",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-07-18T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Diff\u00e9rentes vuln\u00e9rabilit\u00e9s concernant plusieurs produits Hitachi ont \u00e9t\u00e9\npubli\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans des produits Hitachi",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletins de s\u00e9curit\u00e9 Hitachi du 13 juillet 2007",
      "url": "http://www.hitachi-support.com/security_e/vuls_e/HS07-020_e/index-e.html"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.