Vulnerability Details : CVE-2007-5809
Cross-site scripting (XSS) vulnerability in Hitachi Web Server 01-00 through 03-10, as used by certain Cosminexus products, allows remote attackers to inject arbitrary web script or HTML via unspecified HTTP requests that trigger creation of a server-status page.
Vulnerability category: Cross site scripting (XSS)
Exploit prediction scoring system (EPSS) score for CVE-2007-5809
Probability of exploitation activity in the next 30 days: 0.27%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 67 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2007-5809
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2007-5809
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-5809
Products affected by CVE-2007-5809
- cpe:2.3:a:hitachi:cosminexus_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_developer_light_version_6:*:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_developer_professional_version_6:*:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_developer_standard_version_6:*:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:ucosminexus_application_server_enterprise:*:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:ucosminexus_application_server_standard:*:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:ucosminexus_developer_light:*:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:ucosminexus_developer_standard:*:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:ucosminexus_service_architect:*:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:ucosminexus_service_platform:*:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_application_server_enterprise:*:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_application_server_standard:*:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:ucosminexus_developer_professional:*:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:web_server:01_01:*:aix:*:*:*:*:*
- cpe:2.3:a:hitachi:web_server:01_01:*:linux:*:*:*:*:*
- cpe:2.3:a:hitachi:web_server:02_00:*:hpux:*:*:*:*:*
- cpe:2.3:a:hitachi:web_server:02_00:*:linux:*:*:*:*:*
- cpe:2.3:a:hitachi:web_server:02_02:*:linux:*:*:*:*:*
- cpe:2.3:a:hitachi:web_server:02_04_b:*:aix:*:*:*:*:*
- cpe:2.3:a:hitachi:web_server:02_04_b:*:hpux:*:*:*:*:*
- cpe:2.3:a:hitachi:web_server:03_00:*:linux:*:*:*:*:*
- cpe:2.3:a:hitachi:web_server:03_00:*:windows:*:*:*:*:*
- cpe:2.3:a:hitachi:web_server:01_02_d:*:hpux:*:*:*:*:*
- cpe:2.3:a:hitachi:web_server:01_02_d:*:solaris:*:*:*:*:*
- cpe:2.3:a:hitachi:web_server:02_00:*:windows:*:*:*:*:*
- cpe:2.3:a:hitachi:web_server:02_00_a:*:linux:*:*:*:*:*
- cpe:2.3:a:hitachi:web_server:02_04_b:*:windows:*:*:*:*:*
- cpe:2.3:a:hitachi:web_server:02_06_a:*:linux:*:*:*:*:*
- cpe:2.3:a:hitachi:web_server:01_01:*:turbolinux:*:*:*:*:*
- cpe:2.3:a:hitachi:web_server:01_01_d:*:linux:*:*:*:*:*
- cpe:2.3:a:hitachi:web_server:02_00:*:solaris:*:*:*:*:*
- cpe:2.3:a:hitachi:web_server:02_00:*:turbolinux:*:*:*:*:*
- cpe:2.3:a:hitachi:web_server:02_04_b:*:hpux\(ipf\):*:*:*:*:*
- cpe:2.3:a:hitachi:web_server:02_04_b:*:solaris:*:*:*:*:*
- cpe:2.3:a:hitachi:web_server:03_00_01:*:solaris:*:*:*:*:*
- cpe:2.3:a:hitachi:web_server:03_00_01:*:windows:*:*:*:*:*
- cpe:2.3:a:hitachi:web_server:01_00:*:hpux:*:*:*:*:*
- cpe:2.3:a:hitachi:web_server:01_00:*:solaris:*:*:*:*:*
- cpe:2.3:a:hitachi:web_server:01_02_e:*:aix:*:*:*:*:*
- cpe:2.3:a:hitachi:web_server:02_00:*:aix:*:*:*:*:*
- cpe:2.3:a:hitachi:web_server:02_02:*:hpux:*:*:*:*:*
- cpe:2.3:a:hitachi:web_server:02_02:*:hpux\(ipf\):*:*:*:*:*
- cpe:2.3:a:hitachi:web_server:03_00:*:aix:*:*:*:*:*
- cpe:2.3:a:hitachi:web_server:03_00:*:hpux\(ipf\):*:*:*:*:*