CVE-2007-5810

CWE-20 — Improper Input Validation4 documents4 sources

Severity

5.0MEDIUM

EPSS

0.2%

top 54.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Hitachi Cosminexus Application Server Enterprise Hitachi Cosminexus Application Server Standard Hitachi Cosminexus Developer Light Version 6 +11 more

Timeline

PublishedNov 5

Latest updateMay 1

Description

Hitachi Web Server 01-00 through 03-00-01, as used by certain Cosminexus products, does not properly validate SSL client certificates, which might allow remote attackers to spoof authentication via a client certificate with a forged signature.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages12 packages

▶NVDhitachi/cosminexus_server04_01

▶NVDhitachi/cosminexus_application06_51_j

▶NVDhitachi/ucosminexus_application07_50_01

▶NVDhitachi/ucosminexus_developer_light06_71_d

▶NVDhitachi/ucosminexus_service_platform07_50_01

Patches

Patch: secunia.com ↗Patch: www.hitachi-support.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-cfg9-hj54-h2q5: Hitachi Web Server 01-00 through 03-00-01, as used by certain Cosminexus products, does not properly validate SSL client certificates, which might all↗2022-05-01

▶

CVEList

CVE-2007-5810: Hitachi Web Server 01-00 through 03-00-01, as used by certain Cosminexus products, does not properly validate SSL client certificates, which might all↗2007-11-05

▶

📋Vendor Advisories

Cisco

OpenSSL RSA Signature Forgery Vulnerability↗2006-09-05

▶