Sign-up

ID

VAR-201104-0325


TITLE

Hitachi Web Server 'RequestHeader' Directive Information Disclosure Vulnerability

Trust: 0.9

sources: CNVD: CNVD-2011-1627 // BID: 47586

DESCRIPTION

Hitachi Web Server is a web server on Hitachi products. The Hitachi Web Server SSL protocol has errors and can be injected into any plain text. Handling session negotiation makes the TLS protocol wrong, and man-in-the-middle attacks can inject arbitrary clear text before legitimate clients send data. Attackers can exploit this issue to obtain potentially sensitive information that may aid in further attacks. ---------------------------------------------------------------------- http://secunia.com/research/ http://secunia.com/company/jobs/open_positions/reverse_engineer ---------------------------------------------------------------------- TITLE: Hitachi Web Server Two Vulnerabilities SECUNIA ADVISORY ID: SA44309 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/44309/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=44309 RELEASE DATE: 2011-04-26 DISCUSS ADVISORY: http://secunia.com/advisories/44309/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/44309/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=44309 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Two vulnerabilities have been reported in Hitachi Web Server, which can be exploited by malicious people to disclose sensitive information and manipulate certain data. 1) An error in the SSL protocol can be exploited to insert arbitrary plaintext. This may be related to vulnerability #3 in: SA38776 Please see the vendor's advisory for the list of affected versions. SOLUTION: Apply patches. Please see the vendor's advisory for more information. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-006/index.html http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS11-007/index.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.71

sources: CNVD: CNVD-2011-1626 // CNVD: CNVD-2011-1627 // BID: 47586 // BID: 47585 // PACKETSTORM: 100837

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 1.2

sources: CNVD: CNVD-2011-1626 // CNVD: CNVD-2011-1627

AFFECTED PRODUCTS

vendor:hitachimodel:web serverscope:eqversion:03-00-01

Trust: 4.8

vendor:hitachimodel:web server 02-04-/bscope: - version: -

Trust: 4.2

vendor:hitachimodel:web serverscope:eqversion:02-00

Trust: 4.2

vendor:hitachimodel:web serverscope:eqversion:02-03

Trust: 4.2

vendor:hitachimodel:web serverscope:eqversion:02-02

Trust: 4.2

vendor:hitachimodel:web serverscope:eqversion:03-00

Trust: 4.2

vendor:hitachimodel:web server 02-04-/cscope: - version: -

Trust: 3.6

vendor:hitachimodel:web server 02-04-/ascope: - version: -

Trust: 3.0

vendor:hitachimodel:web serverscope:eqversion:03-00-02

Trust: 3.0

vendor:hitachimodel:web serverscope:eqversion:03-10

Trust: 3.0

vendor:hitachimodel:web server 02-04-/fscope: - version: -

Trust: 3.0

vendor:hitachimodel:web serverscope:eqversion:01-01

Trust: 2.4

vendor:hitachimodel:web serverscope:eqversion:02-01

Trust: 2.4

vendor:hitachimodel:web server 02-04-/escope: - version: -

Trust: 2.4

vendor:hitachimodel:web server security enhancementscope:eqversion:-0

Trust: 1.8

vendor:hitachimodel:web server custom editionscope:eqversion:-0

Trust: 1.8

vendor:hitachimodel:web server 01-02-/bscope: - version: -

Trust: 1.8

vendor:hitachimodel:web serverscope:eqversion:03-10-01

Trust: 1.8

vendor:hitachimodel:web server 01-02-/cscope: - version: -

Trust: 1.8

vendor:hitachimodel:web server 01-02-/dscope: - version: -

Trust: 1.8

vendor:hitachimodel:web serverscope:eqversion:01-02

Trust: 1.8

vendor:hitachimodel:web server 01-02-/ascope: - version: -

Trust: 1.8

vendor:hitachimodel:web serverscope:eqversion:03-00-05

Trust: 1.8

vendor:hitachimodel:web server 01-01-/dscope: - version: -

Trust: 1.2

vendor:hitachimodel:web serverscope:eqversion:01-00

Trust: 1.2

vendor:hitachimodel:web server 01-02-/escope: - version: -

Trust: 1.2

vendor:hitachimodel:web server 02-04-/dscope: - version: -

Trust: 1.2

vendor:hitachimodel:web serverscope:eqversion:02-04

Trust: 1.2

vendor:hitachimodel:web serverscope:eqversion:04-10-02

Trust: 1.2

vendor:hitachimodel:web serverscope: - version: -

Trust: 0.6

vendor:hitachimodel:web serverscope:eqversion:03-00-01(*2)

Trust: 0.6

vendor:hitachimodel:web server (hp-uxscope:eqversion:02-0011.0)

Trust: 0.6

vendor:hitachimodel:web serverscope:eqversion:03-00-04

Trust: 0.6

vendor:hitachimodel:web serverscope:eqversion:04-00-02

Trust: 0.6

vendor:hitachimodel:web server linuxscope:eqversion:04-10-01

Trust: 0.6

vendor:hitachimodel:web server 02-06-/fscope: - version: -

Trust: 0.6

vendor:hitachimodel:web server 02-06-/ascope: - version: -

Trust: 0.6

vendor:hitachimodel:web server 01-02-/d (solariscope: - version: -

Trust: 0.6

vendor:hitachimodel:web server (hp-uxscope:eqversion:03-00-0111.0

Trust: 0.6

vendor:hitachimodel:web server )scope:eqversion:02-03

Trust: 0.6

vendor:hitachimodel:web server 04-10scope: - version: -

Trust: 0.6

vendor:hitachimodel:web serverscope:eqversion:03-00-2

Trust: 0.6

vendor:hitachimodel:web serverscope:eqversion:0

Trust: 0.6

vendor:hitachimodel:web serverscope:eqversion:04-10-01

Trust: 0.6

vendor:hitachimodel:web server 02-06-/bscope: - version: -

Trust: 0.6

vendor:hitachimodel:web serverscope:eqversion:03-10-03

Trust: 0.6

vendor:hitachimodel:web server (linux ap8scope:eqversion:02-00(*2)

Trust: 0.6

vendor:hitachimodel:web serverscope:eqversion:03-00-03

Trust: 0.6

vendor:hitachimodel:web server 02-04/-escope: - version: -

Trust: 0.6

vendor:hitachimodel:web server linuxscope:eqversion:04-00

Trust: 0.6

vendor:hitachimodel:web server 04-00.scope: - version: -

Trust: 0.6

vendor:hitachimodel:web server 02-00/ascope: - version: -

Trust: 0.6

vendor:hitachimodel:web serverscope:eqversion:04-00-04

Trust: 0.6

vendor:hitachimodel:web serverscope:eqversion:02-05

Trust: 0.6

vendor:hitachimodel:web server 02-04-/b (hp-uxscope:eqversion:11.0

Trust: 0.6

vendor:hitachimodel:web serverscope:eqversion:03-10-02

Trust: 0.6

vendor:hitachimodel:web server 02-04-/a (windows(ipscope: - version: -

Trust: 0.6

vendor:hitachimodel:web server 02-04-/a (windowsscope: - version: -

Trust: 0.6

vendor:hitachimodel:web serverscope:eqversion:03-10-04

Trust: 0.6

vendor:hitachimodel:web server )scope:eqversion:02-04

Trust: 0.6

vendor:hitachimodel:web serverscope:eqversion:04-10

Trust: 0.6

vendor:hitachimodel:web server 01-02-/d (hp-uxscope:eqversion:1

Trust: 0.6

vendor:hitachimodel:web server )scope:eqversion:04-00

Trust: 0.6

vendor:hitachimodel:web server (hp-uxscope:eqversion:03-0011.0)

Trust: 0.6

vendor:hitachimodel:web serverscope:eqversion:04-00

Trust: 0.6

vendor:hitachimodel:web server 2).(solascope:eqversion:04-00-01(*

Trust: 0.6

vendor:hitachimodel:web server (hp-uxscope:eqversion:01-0011.0)

Trust: 0.6

vendor:hitachimodel:web server 04-00-03.scope: - version: -

Trust: 0.6

vendor:hitachimodel:web server 02-00-/ascope: - version: -

Trust: 0.6

vendor:hitachimodel:web serverscope:eqversion:04-00-03

Trust: 0.6

vendor:hitachimodel:web server 02-04-/a (windows ipscope: - version: -

Trust: 0.6

vendor:hitachimodel:web server 01-02-/d (hp-uxscope: - version: -

Trust: 0.6

vendor:hitachimodel:web server (linux forscope:eqversion:01-01(*2)

Trust: 0.6

vendor:hitachimodel:web server )scope:eqversion:02-02

Trust: 0.6

vendor:hitachimodel:web server (hp-uxscope:eqversion:01-0010.20)

Trust: 0.3

sources: CNVD: CNVD-2011-1626 // CNVD: CNVD-2011-1627 // BID: 47586 // BID: 47585

THREAT TYPE

network

Trust: 0.6

sources: BID: 47586 // BID: 47585

TYPE

Unknown

Trust: 0.6

sources: BID: 47586 // BID: 47585

PATCH

title:Patch for Hitachi Web Server SSL / TLS Protocol Information Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/3689

Trust: 0.6

title:Patch for Hitachi Web Server 'RequestHeader' Directive Information Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchinfo/show/3679

Trust: 0.6

sources: CNVD: CNVD-2011-1626 // CNVD: CNVD-2011-1627

EXTERNAL IDS

db:SECUNIAid:44309

Trust: 1.4

db:BIDid:47585

Trust: 0.9

db:BIDid:47586

Trust: 0.9

db:CNVDid:CNVD-2011-1626

Trust: 0.6

db:CNVDid:CNVD-2011-1627

Trust: 0.6

db:HITACHIid:HS11-007

Trust: 0.4

db:HITACHIid:HS11-006

Trust: 0.4

db:PACKETSTORMid:100837

Trust: 0.1

sources: CNVD: CNVD-2011-1626 // CNVD: CNVD-2011-1627 // BID: 47586 // BID: 47585 // PACKETSTORM: 100837

REFERENCES

url:http://secunia.com/advisories/44309/

Trust: 1.3

url:http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs11-007/index.html

Trust: 0.4

url:http://www.hitachi.co.jp/prod/comp/soft1/security/info/vuls/hs11-006/index.html

Trust: 0.4

url:http://www.hds.com/products/storage-software/hitachi-device-manager.html

Trust: 0.3

url:http://www.hitachi.com

Trust: 0.3

url:http://secunia.com/advisories/44309/#comments

Trust: 0.1

url:http://secunia.com/research/

Trust: 0.1

url:http://secunia.com/products/corporate/evm/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=44309

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/company/jobs/open_positions/reverse_engineer

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

sources: CNVD: CNVD-2011-1626 // CNVD: CNVD-2011-1627 // BID: 47586 // BID: 47585 // PACKETSTORM: 100837

CREDITS

Hitachi

Trust: 0.6

sources: BID: 47586 // BID: 47585

SOURCES

db:CNVDid:CNVD-2011-1626
db:CNVDid:CNVD-2011-1627
db:BIDid:47586
db:BIDid:47585
db:PACKETSTORMid:100837

LAST UPDATE DATE

2022-05-17T22:47:50.123000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2011-1626date:2011-04-27T00:00:00
db:CNVDid:CNVD-2011-1627date:2011-04-27T00:00:00
db:BIDid:47586date:2015-03-19T08:35:00
db:BIDid:47585date:2011-04-26T00:00:00

SOURCES RELEASE DATE

db:CNVDid:CNVD-2011-1626date:2011-04-27T00:00:00
db:CNVDid:CNVD-2011-1627date:2011-04-27T00:00:00
db:BIDid:47586date:2011-04-26T00:00:00
db:BIDid:47585date:2011-04-26T00:00:00
db:PACKETSTORMid:100837date:2011-04-26T04:28:04