CVE-2007-5810
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
05/11/2007
Last modified:
08/03/2011
Description
Hitachi Web Server 01-00 through 03-00-01, as used by certain Cosminexus products, does not properly validate SSL client certificates, which might allow remote attackers to spoof authentication via a client certificate with a forged signature.
Impact
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:hitachi:cosminexus_application_server_enterprise:*:*:*:*:*:*:*:* | 06_51_j (including) | |
| cpe:2.3:a:hitachi:cosminexus_application_server_standard:*:*:*:*:*:*:*:* | 06_51_j (including) | |
| cpe:2.3:a:hitachi:cosminexus_developer_light_version_6:*:*:*:*:*:*:*:* | 06_51_j (including) | |
| cpe:2.3:a:hitachi:cosminexus_developer_professional_version_6:*:*:*:*:*:*:*:* | 06_51_j (including) | |
| cpe:2.3:a:hitachi:cosminexus_developer_standard_version_6:*:*:*:*:*:*:*:* | 06_51_j (including) | |
| cpe:2.3:a:hitachi:cosminexus_server:*:*:*:*:*:*:*:* | 04_01 (including) | |
| cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:*:*:*:*:*:*:*:* | 07_50_01 (including) | |
| cpe:2.3:a:hitachi:ucosminexus_application_server_standard:*:*:*:*:*:*:*:* | 07_50_01 (including) | |
| cpe:2.3:a:hitachi:ucosminexus_developer_light:*:*:*:*:*:*:*:* | 06_71_d (including) | |
| cpe:2.3:a:hitachi:ucosminexus_developer_professional:*:*:*:*:*:*:*:* | 07_50_01 (including) | |
| cpe:2.3:a:hitachi:ucosminexus_developer_standard:*:*:*:*:*:*:*:* | 07_50_01 (including) | |
| cpe:2.3:a:hitachi:ucosminexus_service_architect:*:*:*:*:*:*:*:* | 07_50_01 (including) | |
| cpe:2.3:a:hitachi:ucosminexus_service_platform:*:*:*:*:*:*:*:* | 07_50_01 (including) | |
| cpe:2.3:a:hitachi:web_server:01_00:*:hpux:*:*:*:*:* | ||
| cpe:2.3:a:hitachi:web_server:01_00:*:solaris:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page