Details of VAR-200512-0135

ID

VAR-200512-0135

CVE

CVE-2005-4323

TITLE

Hitachi Collaboration Schedule Unknown denial of service vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200512-378

DESCRIPTION

Unspecified vulnerability in Hitachi Cosminexus Collaboration Portal 06-00 through 06-10-/B, Groupmax Collaboration Portal 07-00 through 07-10-/B, and Groupmax Collaboration Web Client 07-00 through 07-10-/A allow remote attackers to cause a denial of service of unspecified impact via repeated invalid requests to the Schedule component. This vulnerability may be triggered by multiple invalid requests sent to the schedule. No further details have been provided. These are due to a lack of proper sanitization of user-supplied input. An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. These may facilitate the theft of cookie-based authentication credentials as well as other attacks. ORIGINAL ADVISORY: http://www.hitachi-support.com/security_e/vuls_e/HS05-023_e/index-e.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.53

sources: NVD: CVE-2005-4323 // BID: 15500 // BID: 15498 // PACKETSTORM: 41644

AFFECTED PRODUCTS

vendor:	hitachi	model:	groupmax collaboration portal	scope:	eq	version:	07_00	Trust: 1.6
vendor:	hitachi	model:	cosminexus collaboration portal	scope:	eq	version:	06_00	Trust: 1.6
vendor:	hitachi	model:	groupmax collaboration web client	scope:	eq	version:	07_00	Trust: 1.6
vendor:	hitachi	model:	groupmax collaboration web client	scope:	lte	version:	07_10_a	Trust: 1.0
vendor:	hitachi	model:	cosminexus collaboration portal	scope:	lte	version:	06_10_b	Trust: 1.0
vendor:	hitachi	model:	groupmax collaboration portal	scope:	lte	version:	07_10_b	Trust: 1.0
vendor:	hitachi	model:	groupmax collaboration web ffs p-2746-e354 07-10-/a	scope:	eq	version:	07-00-	Trust: 0.6
vendor:	hitachi	model:	groupmax collaboration portal p-2646-6354 07-10-/b	scope:	eq	version:	07-00-	Trust: 0.6
vendor:	hitachi	model:	cosminexus collaboration portal p-2443-3d64 06-10-/b	scope:	eq	version:	06-00-	Trust: 0.6
vendor:	hitachi	model:	cosminexus collaboration portal ffs p-2443-3e64 06-10-/a	scope:	eq	version:	06-00-	Trust: 0.6
vendor:	hitachi	model:	groupmax collaboration web ffs p-2746-e354 07-10-/b	scope:	ne	version:	07-00-	Trust: 0.6
vendor:	hitachi	model:	groupmax collaboration portal p-2646-6354 07-10-/c	scope:	ne	version:	07-00-	Trust: 0.6
vendor:	hitachi	model:	cosminexus collaboration portal p-2443-3d64 06-10-/c	scope:	ne	version:	06-00-	Trust: 0.6
vendor:	hitachi	model:	cosminexus collaboration portal ffs p-2443-3e64 06-10-/b	scope:	ne	version:	06-00-	Trust: 0.6
vendor:	hitachi	model:	groupmax collaboration web client	scope:	eq	version:	07_10_a	Trust: 0.6
vendor:	hitachi	model:	groupmax collaboration portal	scope:	eq	version:	07_10_b	Trust: 0.6
vendor:	hitachi	model:	cosminexus collaboration portal	scope:	eq	version:	06_10_b	Trust: 0.6

sources: BID: 15500 // BID: 15498 // CNNVD: CNNVD-200512-378 // NVD: CVE-2005-4323

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-4323
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200512-378
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2005-4323
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0

sources: CNNVD: CNNVD-200512-378 // NVD: CVE-2005-4323

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-4323

THREAT TYPE

network

Trust: 0.6

sources: BID: 15500 // BID: 15498

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-200512-378

EXTERNAL IDS

db:	HITACHI	id:	HS05-023	Trust: 2.0
db:	BID	id:	15500	Trust: 1.9
db:	SECUNIA	id:	17634	Trust: 1.8
db:	SECTRACK	id:	1015242	Trust: 1.6
db:	SECTRACK	id:	1015241	Trust: 1.6
db:	NVD	id:	CVE-2005-4323	Trust: 1.6
db:	XF	id:	23193	Trust: 0.6
db:	CNNVD	id:	CNNVD-200512-378	Trust: 0.6
db:	BID	id:	15498	Trust: 0.3
db:	PACKETSTORM	id:	41644	Trust: 0.1

sources: BID: 15500 // BID: 15498 // PACKETSTORM: 41644 // CNNVD: CNNVD-200512-378 // NVD: CVE-2005-4323

REFERENCES

url:	http://www.hitachi-support.com/security_e/vuls_e/hs05-023_e/01-e.html	Trust: 2.0
url:	http://secunia.com/advisories/17634/	Trust: 1.7
url:	http://securitytracker.com/alerts/2005/nov/1015242.html	Trust: 1.6
url:	http://securitytracker.com/alerts/2005/nov/1015241.html	Trust: 1.6
url:	http://www.securityfocus.com/bid/15500/	Trust: 1.6
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/23193	Trust: 1.0
url:	http://www.hitachi.co.jp/prod/comp/soft1/global/prod/cosminexus/sol/epf/port_view.html	Trust: 0.6
url:	http://www.hitachi.co.jp/prod/comp/soft1/global/prod/groupmax/index.html	Trust: 0.6
url:	http://xforce.iss.net/xforce/xfdb/23193	Trust: 0.6
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/5795/	Trust: 0.1
url:	http://www.hitachi-support.com/security_e/vuls_e/hs05-023_e/index-e.html	Trust: 0.1
url:	http://secunia.com/product/6162/	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/product/6161/	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: BID: 15500 // BID: 15498 // PACKETSTORM: 41644 // CNNVD: CNNVD-200512-378 // NVD: CVE-2005-4323

CREDITS

The vendor released this vulnerability.

Trust: 0.9

sources: BID: 15500 // CNNVD: CNNVD-200512-378

SOURCES

db:	BID	id:	15500
db:	BID	id:	15498
db:	PACKETSTORM	id:	41644
db:	CNNVD	id:	CNNVD-200512-378
db:	NVD	id:	CVE-2005-4323

LAST UPDATE DATE

2024-08-14T14:22:53.022000+00:00

SOURCES UPDATE DATE

db:	BID	id:	15500	date:	2005-11-18T00:00:00
db:	BID	id:	15498	date:	2005-11-18T00:00:00
db:	CNNVD	id:	CNNVD-200512-378	date:	2005-12-19T00:00:00
db:	NVD	id:	CVE-2005-4323	date:	2017-07-20T01:29:13.267

SOURCES RELEASE DATE

db:	BID	id:	15500	date:	2005-11-18T00:00:00
db:	BID	id:	15498	date:	2005-11-18T00:00:00
db:	PACKETSTORM	id:	41644	date:	2005-11-19T21:56:12
db:	CNNVD	id:	CNNVD-200512-378	date:	2005-12-17T00:00:00
db:	NVD	id:	CVE-2005-4323	date:	2005-12-17T11:03:00