CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Vulnerability Details : CVE-2007-3794

Buffer overflow in Hitachi Cosminexus V4 through V7, Processing Kit for XML before 20070511, Developer's Kit for Java before 20070312, and third-party products that use this software, allows attackers to have an unknown impact via certain GIF images, related to use of GIF image processing APIs by a Java application.
Publish Date : 2007-07-15 Last Update Date : 2008-11-15
Search Twitter   Search YouTube   Search Google

- CVSS Scores & Vulnerability Types

CVSS Score
10.0
Confidentiality Impact Complete (There is total information disclosure, resulting in all system files being revealed.)
Integrity Impact Complete (There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.)
Availability Impact Complete (There is a total shutdown of the affected resource. The attacker can render the resource completely unavailable.)
Access Complexity Low (Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )
Authentication Not required (Authentication is not required to exploit the vulnerability.)
Gained Access Admin
Vulnerability Type(s) Overflow
CWE ID CWE id is not defined for this vulnerability

- Products Affected By CVE-2007-3794

# Product Type Vendor Product Version Update Edition Language
1 Application Hitachi Cosminexus Application Server 05 00 05 00 H Version Details Vulnerabilities
2 Application Hitachi Cosminexus Application Server 05 00 05 00 R Version Details Vulnerabilities
3 Application Hitachi Cosminexus Application Server 05 01 05 01 K Version Details Vulnerabilities
4 Application Hitachi Cosminexus Application Server 05 02 05 02 E Version Details Vulnerabilities
5 Application Hitachi Cosminexus Application Server 05 05 05 00 O Version Details Vulnerabilities
6 Application Hitachi Cosminexus Application Server 05 05 05 05 H Version Details Vulnerabilities
7 Application Hitachi Cosminexus Application Server 05 05 05 05 L Version Details Vulnerabilities
8 Application Hitachi Cosminexus Application Server 06 00 06 00 A Enterprise Version Details Vulnerabilities
9 Application Hitachi Cosminexus Application Server 06 00 06 00 A Standard Version Details Vulnerabilities
10 Application Hitachi Cosminexus Application Server 06 00 06 00 B Standard Version Details Vulnerabilities
11 Application Hitachi Cosminexus Application Server 06 00 06 00 B Enterprise Version Details Vulnerabilities
12 Application Hitachi Cosminexus Application Server 06 00 06 00 D Version Details Vulnerabilities
13 Application Hitachi Cosminexus Application Server 06 00 06 00 D Enterprise Version Details Vulnerabilities
14 Application Hitachi Cosminexus Application Server 06 00 06 00 D Standard Version Details Vulnerabilities
15 Application Hitachi Cosminexus Application Server 06 00 06 00 E Enterprise Version Details Vulnerabilities
16 Application Hitachi Cosminexus Application Server 06 00 06 00 E Standard Version Details Vulnerabilities
17 Application Hitachi Cosminexus Application Server 06 00 06 00 G Enterprise Version Details Vulnerabilities
18 Application Hitachi Cosminexus Application Server 06 00 06 00 G Standard Version Details Vulnerabilities
19 Application Hitachi Cosminexus Application Server 06 02 06 02 F Version Details Vulnerabilities
20 Application Hitachi Cosminexus Application Server 06 02 06 02 F Enterprise Version Details Vulnerabilities
21 Application Hitachi Cosminexus Application Server 06 02 06 02 F Standard Version Details Vulnerabilities
22 Application Hitachi Cosminexus Application Server 06 50 06 50 B Enterprise Version Details Vulnerabilities
23 Application Hitachi Cosminexus Application Server 06 50 06 50 B Standard Version Details Vulnerabilities
24 Application Hitachi Cosminexus Application Server 06 50 06 50 C Version Details Vulnerabilities
25 Application Hitachi Cosminexus Application Server 06 50 06 50 C Enterprise Version Details Vulnerabilities
26 Application Hitachi Cosminexus Application Server 06 50 06 50 C Standard Version Details Vulnerabilities
27 Application Hitachi Cosminexus Application Server 06 50 06 50 D Enterprise Version Details Vulnerabilities
28 Application Hitachi Cosminexus Application Server 06 50 06 50 D Standard Version Details Vulnerabilities
29 Application Hitachi Cosminexus Application Server 06 50 06 50 E Standard Version Details Vulnerabilities
30 Application Hitachi Cosminexus Application Server 06 50 06 50 E Enterprise Version Details Vulnerabilities
31 Application Hitachi Cosminexus Application Server 06 50 06 50 F Enterprise Version Details Vulnerabilities
32 Application Hitachi Cosminexus Application Server 06 50 06 50 F Standard Version Details Vulnerabilities
33 Application Hitachi Cosminexus Application Server 06 51 06 51 B Version Details Vulnerabilities
34 Application Hitachi Cosminexus Application Server 06 51 06 51 B Enterprise Version Details Vulnerabilities
35 Application Hitachi Cosminexus Application Server 06 51 06 51 B Standard Version Details Vulnerabilities
36 Application Hitachi Cosminexus Application Server 06 51 06 51 C Version Details Vulnerabilities
37 Application Hitachi Cosminexus Application Server 06 51 06 51 G Enterprise Version Details Vulnerabilities
38 Application Hitachi Cosminexus Application Server 06 51 06 51 G Standard Version Details Vulnerabilities
39 Application Hitachi Cosminexus Client 06 00 06 00 G Version Details Vulnerabilities
40 Application Hitachi Cosminexus Client 06 02 06 02 F Version Details Vulnerabilities
41 Application Hitachi Cosminexus Client 06 50 06 50 E Version Details Vulnerabilities
42 Application Hitachi Cosminexus Client 06 51 06 51 G Version Details Vulnerabilities
43 Application Hitachi Cosminexus Developer 05 00 05 00 H Version Details Vulnerabilities
44 Application Hitachi Cosminexus Developer 05 01 05 01 K Version Details Vulnerabilities
45 Application Hitachi Cosminexus Developer 05 05 05 05 O Version Details Vulnerabilities
46 Application Hitachi Cosminexus Developer 06 00 06 00 G Light Version Details Vulnerabilities
47 Application Hitachi Cosminexus Developer 06 00 06 00 G Professional Version Details Vulnerabilities
48 Application Hitachi Cosminexus Developer 06 00 06 00 G Standard Version Details Vulnerabilities
49 Application Hitachi Cosminexus Developer 06 02 06 02 F Light Version Details Vulnerabilities
50 Application Hitachi Cosminexus Developer 06 02 06 02 F Professional Version Details Vulnerabilities
51 Application Hitachi Cosminexus Developer 06 02 06 02 F Standard Version Details Vulnerabilities
52 Application Hitachi Cosminexus Developer 06 50 06 50 E Light Version Details Vulnerabilities
53 Application Hitachi Cosminexus Developer 06 50 06 50 E Professional Version Details Vulnerabilities
54 Application Hitachi Cosminexus Developer 06 50 06 50 E Standard Version Details Vulnerabilities
55 Application Hitachi Cosminexus Developer 06 51 06 51 G Standard Version Details Vulnerabilities
56 Application Hitachi Cosminexus Developer 06 51 06 51 G Light Version Details Vulnerabilities
57 Application Hitachi Cosminexus Developer 06 51 06 51 G Professional Version Details Vulnerabilities
58 Application Hitachi Cosminexus Server 04 00 04 00 A Standard Version Details Vulnerabilities
59 Application Hitachi Cosminexus Server 04 00 04 00 A WEB Version Details Vulnerabilities
60 Application Hitachi Cosminexus Server 04 01 04 01 A Standard Version Details Vulnerabilities
61 Application Hitachi Cosminexus Server 04 01 04 01 A WEB Version Details Vulnerabilities
62 Application Hitachi Cosminexus Studio 04 00 04 00 A Standard Version Details Vulnerabilities
63 Application Hitachi Cosminexus Studio 04 00 04 00 A WEB Version Details Vulnerabilities
64 Application Hitachi Cosminexus Studio 04 01 04 01 A Standard Version Details Vulnerabilities
65 Application Hitachi Cosminexus Studio 04 01 04 01 A WEB Version Details Vulnerabilities
66 Application Hitachi Cosminexus Studio 05 05 05 05 O Version Details Vulnerabilities
67 Application Hitachi Ucosminexus Application Server 06 70 06 70 A Standard Version Details Vulnerabilities
68 Application Hitachi Ucosminexus Application Server 06 70 06 70 A Enterprise Version Details Vulnerabilities
69 Application Hitachi Ucosminexus Application Server 06 70 06 70 B Enterprise Version Details Vulnerabilities
70 Application Hitachi Ucosminexus Application Server 06 70 06 70 B Standard Version Details Vulnerabilities
71 Application Hitachi Ucosminexus Application Server 06 70 06 70 C Enterprise Version Details Vulnerabilities
72 Application Hitachi Ucosminexus Application Server 06 70 06 70 C Standard Version Details Vulnerabilities
73 Application Hitachi Ucosminexus Application Server 06 70 06 70 D Enterprise Version Details Vulnerabilities
74 Application Hitachi Ucosminexus Application Server 06 70 06 70 D Standard Version Details Vulnerabilities
75 Application Hitachi Ucosminexus Application Server 06 70 06 70 H Standard Version Details Vulnerabilities
76 Application Hitachi Ucosminexus Application Server 06 70 06 70 H Enterprise Version Details Vulnerabilities
77 Application Hitachi Ucosminexus Application Server 06 70 06 72 Enterprise Version Details Vulnerabilities
78 Application Hitachi Ucosminexus Application Server 06 70 06 72 Standard Version Details Vulnerabilities
79 Application Hitachi Ucosminexus Application Server 06 71 06 71 B Enterprise Version Details Vulnerabilities
80 Application Hitachi Ucosminexus Application Server 06 71 06 71 B Standard Version Details Vulnerabilities
81 Application Hitachi Ucosminexus Application Server 07 00 Enterprise Version Details Vulnerabilities
82 Application Hitachi Ucosminexus Application Server 07 00 Standard Version Details Vulnerabilities
83 Application Hitachi Ucosminexus Application Server 07 00 07 10 Standard Version Details Vulnerabilities
84 Application Hitachi Ucosminexus Application Server 07 00 07 10 Enterprise Version Details Vulnerabilities
85 Application Hitachi Ucosminexus Application Server 07 00 07 20 Enterprise Version Details Vulnerabilities
86 Application Hitachi Ucosminexus Application Server 07 00 07 20 Standard Version Details Vulnerabilities
87 Application Hitachi Ucosminexus Application Server 07 10 Enterprise Version Details Vulnerabilities
88 Application Hitachi Ucosminexus Application Server 07 10 Standard Version Details Vulnerabilities
89 Application Hitachi Ucosminexus Client 06 70 06 70 B Version Details Vulnerabilities
90 Application Hitachi Ucosminexus Client 06 71 06 71 B Version Details Vulnerabilities
91 Application Hitachi Ucosminexus Client 07 00 07 20 Version Details Vulnerabilities
92 Application Hitachi Ucosminexus Developer 06 70 06 70 B Light Version Details Vulnerabilities
93 Application Hitachi Ucosminexus Developer 06 70 06 70 B Professional Version Details Vulnerabilities
94 Application Hitachi Ucosminexus Developer 06 70 06 70 B Standard Version Details Vulnerabilities
95 Application Hitachi Ucosminexus Developer 06 71 06 71 B Light Version Details Vulnerabilities
96 Application Hitachi Ucosminexus Developer 06 71 06 71 B Professional Version Details Vulnerabilities
97 Application Hitachi Ucosminexus Developer 06 71 06 71 B Standard Version Details Vulnerabilities
98 Application Hitachi Ucosminexus Operator 07 00 07 20 Version Details Vulnerabilities
99 Application Hitachi Ucosminexus Service Architect 07 00 07 20 Version Details Vulnerabilities
100 Application Hitachi Ucosminexus Service Platform 07 00 07 10 Version Details Vulnerabilities
101 Application Hitachi Ucosminexus Service Platform 07 00 07 20 Version Details Vulnerabilities
102 Application Hitachi Ucosminexus Service Platform 07 10 Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor Product Vulnerable Versions
Hitachi Cosminexus Application Server 38
Hitachi Cosminexus Client 4
Hitachi Cosminexus Developer 15
Hitachi Cosminexus Server 4
Hitachi Cosminexus Studio 5
Hitachi Ucosminexus Application Server 22
Hitachi Ucosminexus Client 3
Hitachi Ucosminexus Developer 6
Hitachi Ucosminexus Operator 1
Hitachi Ucosminexus Service Architect 1
Hitachi Ucosminexus Service Platform 3

- References For CVE-2007-3794

http://osvdb.org/37851
OSVDB 37851
http://secunia.com/advisories/26025
SECUNIA 26025
http://www.hitachi-support.com/security_e/vuls_e/HS07-018_e/index-e.html CONFIRM
http://www.securityfocus.com/bid/24905
BID 24905 Multiple Hitachi Products GIF Image Buffer Overflow Vulnerability Release Date:2007-07-16
http://www.frsirt.com/english/advisories/2007/2534
VUPEN ADV-2007-2534

- Vulnerability Conditions

Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)
Vulnerability is valid if product versions listed below are used TOGETHER WITH(AND)

- Metasploit Modules Related To CVE-2007-3794

There are not any metasploit modules related to this vulnerability (Please visit www.metasploit.com for more information)


CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.