ID

VAR-201004-0011


CVE

CVE-2009-4777


TITLE

GIF File Processing Denial of Service Vulnerability in Multiple JP1 Products

Trust: 0.8

sources: JVNDB: JVNDB-2009-001968

DESCRIPTION

Unspecified vulnerability in multiple versions of Hitachi JP1/Automatic Job Management System 2 - View, JP1/Integrated Management - View, and JP1/Cm2/SNMP System Observer, allows remote attackers to cause a denial of service ("abnormal" termination) via vectors related to the display of an "invalid GIF file.". Hitachi JP1 / Cm2 / Hierarchical is a middleware platform software. Hitachi JP1 / Automatic Job Management System 2-View, JP1 / Integrated Management-View, and multiple versions of JP1 / Cm2 / SNMP System Observer have unknown vulnerabilities. Remote attackers can trigger rejection by displaying "Invalid GIF file". Service (& ldquo; Exception & rdquo; Termination). Multiple Hitachi products are prone to a denial-of-service vulnerability caused by an unspecified error. Attackers can exploit this issue to terminate the affected applications, causing a denial-of-service condition. Affected products include the following: JP1/Automatic Job Management System 2 - View JP1/Integrated Management - View JP1/Cm2/SNMP System Observer For the full list of affected products, please see the referenced vendor advisory. ---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. SOLUTION: Update to a fixed version. Please see the vendor's advisory for details. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-016/index.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.52

sources: NVD: CVE-2009-4777 // JVNDB: JVNDB-2009-001968 // CNVD: CNVD-2010-4810 // BID: 36311 // PACKETSTORM: 81079

IOT TAXONOMY

category:['ICS']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2010-4810

AFFECTED PRODUCTS

vendor:hitachimodel:jp1\/automatic job management system 2-viewscope:eqversion:06-51

Trust: 1.6

vendor:hitachimodel:jp1\/automatic job management system 2-viewscope:eqversion:07-10-\/h

Trust: 1.6

vendor:hitachimodel:jp1\/automatic job management system 2-viewscope:eqversion:08-10

Trust: 1.6

vendor:hitachimodel:jp1\/automatic job management system 2-viewscope:eqversion:07-10

Trust: 1.6

vendor:hitachimodel:jp1\/automatic job management system 2-viewscope:eqversion:08-50-08

Trust: 1.6

vendor:hitachimodel:jp1\/automatic job management system 2-viewscope:eqversion:08-10-11

Trust: 1.6

vendor:hitachimodel:jp1\/automatic job management system 2-viewscope:eqversion:08-50

Trust: 1.6

vendor:hitachimodel:jp1\/automatic job management system 2-viewscope:eqversion:06-71

Trust: 1.6

vendor:hitachimodel:jp1\/automatic job management system 2-viewscope:eqversion:06-71-\/q

Trust: 1.6

vendor:hitachimodel:jp1\/server system observerscope:eqversion:06-51

Trust: 1.0

vendor:hitachimodel:job management partner 1\/integrated management-viewscope:eqversion:08-01

Trust: 1.0

vendor:hitachimodel:jp1\/server system observerscope:eqversion:06-71-\/h

Trust: 1.0

vendor:hitachimodel:job management partner 1\/snmp system observerscope:eqversion:06-71

Trust: 1.0

vendor:hitachimodel:job management partner 1\/automatic job management system 2-viewscope:eqversion:06-71-\/m

Trust: 1.0

vendor:hitachimodel:job management partner 1\/automatic job management system 2-viewscope:eqversion:06-51

Trust: 1.0

vendor:hitachimodel:job management partner 1\/automatic job management system 2-viewscope:eqversion:08-00

Trust: 1.0

vendor:hitachimodel:jp1\/server system observerscope:eqversion:06-51-\/f

Trust: 1.0

vendor:hitachimodel:jp1\/automatic job management system 2-viewscope:eqversion:07-00

Trust: 1.0

vendor:hitachimodel:jp1\/integrated manager-viewscope:eqversion:07-00

Trust: 1.0

vendor:hitachimodel:jp1\/integrated manager-viewscope:eqversion:07-51

Trust: 1.0

vendor:hitachimodel:jp1 integrated management service supportscope:eqversion:08-11-01

Trust: 1.0

vendor:hitachimodel:jp1\/cm2\/snmp system observerscope:eqversion:08-00

Trust: 1.0

vendor:hitachimodel:jp1\/server system observerscope:eqversion:06-71-03

Trust: 1.0

vendor:hitachimodel:jp1\/performance management\/snmp system observerscope:eqversion:07-50-09

Trust: 1.0

vendor:hitachimodel:jp1\/cm2\/snmp system observerscope:eqversion:08-00-09

Trust: 1.0

vendor:hitachimodel:job management partner 1\/automatic job management system 2-viewscope:eqversion:07-00

Trust: 1.0

vendor:hitachimodel:jp1 integrated management service supportscope:eqversion:08-50-01

Trust: 1.0

vendor:hitachimodel:jp1\/automatic job management system 2-viewscope:eqversion:06-00

Trust: 1.0

vendor:hitachimodel:jp1\/performance management\/snmp system observerscope:eqversion:07-50

Trust: 1.0

vendor:hitachimodel:job management partner 1\/snmp system observerscope:eqversion:06-51

Trust: 1.0

vendor:hitachimodel:jp1\/automatic job management system 2-viewscope:eqversion:07-11-15

Trust: 1.0

vendor:hitachimodel:job management partner 1\/automatic job management system 2-viewscope:eqversion:06-71-m1

Trust: 1.0

vendor:hitachimodel:jp1\/performance management\/snmp system observerscope:eqversion:07-00-\/e

Trust: 1.0

vendor:hitachimodel:jp1\/server system observerscope:eqversion:06-71

Trust: 1.0

vendor:hitachimodel:jp1 integrated management service supportscope:eqversion:08-10-02

Trust: 1.0

vendor:hitachimodel:job management partner 1\/automatic job management system 2-viewscope:eqversion:06-51-\/n

Trust: 1.0

vendor:hitachimodel:jp1 integrated management service supportscope:eqversion:08-11

Trust: 1.0

vendor:hitachimodel:job management partner 1\/automatic job management system 2-viewscope:eqversion:06-00

Trust: 1.0

vendor:hitachimodel:jp1 integrated management service supportscope:eqversion:08-10-01

Trust: 1.0

vendor:hitachimodel:jp1\/automatic job management system 2-viewscope:eqversion:08-01-05

Trust: 1.0

vendor:hitachimodel:job management partner 1\/automatic job management system 2-viewscope:eqversion:08-00-04

Trust: 1.0

vendor:hitachimodel:job management partner 1\/automatic job management system 2-viewscope:eqversion:06-71

Trust: 1.0

vendor:hitachimodel:jp1 integrated management service supportscope:eqversion:08-11-02

Trust: 1.0

vendor:hitachimodel:job management partner 1\/integrated manager-console viewscope:eqversion:06-71

Trust: 1.0

vendor:hitachimodel:jp1\/performance management\/snmp system observerscope:eqversion:07-10

Trust: 1.0

vendor:hitachimodel:jp1\/automatic job management system 2-viewscope:eqversion:08-00-13

Trust: 1.0

vendor:hitachimodel:jp1\/integrated manager-console viewscope:eqversion:06-00

Trust: 1.0

vendor:hitachimodel:job management partner 1\/integrated manager-viewscope:eqversion:07-00

Trust: 1.0

vendor:hitachimodel:jp1\/integrated manager-console viewscope:eqversion:06-71

Trust: 1.0

vendor:hitachimodel:jp1 integrated management service supportscope:eqversion:08-50

Trust: 1.0

vendor:hitachimodel:jp1\/automatic job management system 2-viewscope:eqversion:07-00-g1

Trust: 1.0

vendor:hitachimodel:jp1\/automatic job management system 2-viewscope:eqversion:07-50-17

Trust: 1.0

vendor:hitachimodel:jp1 integrated management service supportscope:eqversion:08-10-03

Trust: 1.0

vendor:hitachimodel:jp1 integrated management service supportscope:eqversion:08-11-03

Trust: 1.0

vendor:hitachimodel:job management partner 1\/automatic job management system 2-viewscope:eqversion:08-00-13

Trust: 1.0

vendor:hitachimodel:jp1\/automatic job management system 2-viewscope:eqversion:06-00-\/k

Trust: 1.0

vendor:hitachimodel:job management partner 1\/automatic job management system 2-viewscope:eqversion:06-51-n1

Trust: 1.0

vendor:hitachimodel:jp1\/integrated management-viewscope:eqversion:08-00

Trust: 1.0

vendor:hitachimodel:job management partner 1\/automatic job management system 2-viewscope:eqversion:07-50-17

Trust: 1.0

vendor:hitachimodel:jp1 integrated management service supportscope:eqversion:08-50-03

Trust: 1.0

vendor:hitachimodel:jp1 integrated management service supportscope:eqversion:08-10

Trust: 1.0

vendor:hitachimodel:jp1\/performance management\/snmp system observerscope:eqversion:07-00

Trust: 1.0

vendor:hitachimodel:jp1 integrated management service supportscope:eqversion:08-10-05

Trust: 1.0

vendor:hitachimodel:jp1\/automatic job management system 2-viewscope:eqversion:07-50

Trust: 1.0

vendor:hitachimodel:job management partner 1\/snmp system observerscope:eqversion:06-51-\/a

Trust: 1.0

vendor:hitachimodel:jp1\/automatic job management system 2-viewscope:eqversion:07-11

Trust: 1.0

vendor:hitachimodel:jp1\/integrated management-viewscope:eqversion:08-50-06

Trust: 1.0

vendor:hitachimodel:jp1\/automatic job management system 2-viewscope:eqversion:07-10-10

Trust: 1.0

vendor:hitachimodel:jp1 integrated management service supportscope:eqversion:08-50-02

Trust: 1.0

vendor:hitachimodel:job management partner 1\/performance management\/snmp system observerscope:eqversion:07-00

Trust: 1.0

vendor:hitachimodel:jp1\/performance management\/snmp system observerscope:eqversion:07-10-\/b

Trust: 1.0

vendor:hitachimodel:job management partner 1\/automatic job management system 2-viewscope:eqversion:07-50

Trust: 1.0

vendor:hitachimodel:jp1 integrated management service supportscope:eqversion:08-10-04

Trust: 1.0

vendor:hitachimodel:jp1\/automatic job management system 2-viewscope:eqversion:08-01

Trust: 1.0

vendor:hitachimodel:jp1\/automatic job management system 2-viewscope:eqversion:06-51-\/p

Trust: 1.0

vendor:hitachimodel:job management partner 1\/integrated manager-console viewscope:eqversion:06-00

Trust: 1.0

vendor:hitachimodel:jp1\/automatic job management system 2-viewscope:eqversion:06-51-\/p1

Trust: 1.0

vendor:hitachimodel:job management partner 1\/automatic job management system 2-viewscope:eqversion:07-00-\/g

Trust: 1.0

vendor:hitachimodel:job management partner 1\/automatic job management system 2-viewscope:eqversion:06-00-\/a

Trust: 1.0

vendor:hitachimodel:jp1\/automatic job management system 2-viewscope:eqversion:07-10-11

Trust: 1.0

vendor:hitachimodel:jp1\/automatic job management system 2-viewscope:eqversion:08-00

Trust: 1.0

vendor:hitachimodel:job management partner 1/automatic job management system 2scope:eqversion:- view

Trust: 0.8

vendor:hitachimodel:job management partner 1/integrated managementscope:eqversion:- view

Trust: 0.8

vendor:hitachimodel:job management partner 1/integrated managerscope:eqversion:- console view

Trust: 0.8

vendor:hitachimodel:job management partner 1/integrated managerscope:eqversion:- view

Trust: 0.8

vendor:hitachimodel:job management partner 1/performance management/snmp system observerscope: - version: -

Trust: 0.8

vendor:hitachimodel:job management partner 1/snmp system observerscope: - version: -

Trust: 0.8

vendor:hitachimodel:jp1/automatic job management system 2scope:eqversion:- view

Trust: 0.8

vendor:hitachimodel:jp1/cm2/snmp system observerscope: - version: -

Trust: 0.8

vendor:hitachimodel:jp1/integrated managementscope:eqversion:- view

Trust: 0.8

vendor:hitachimodel:jp1/integrated managerscope:eqversion:- console view

Trust: 0.8

vendor:hitachimodel:jp1/integrated managerscope:eqversion:- view

Trust: 0.8

vendor:hitachimodel:jp1/performance management/snmp system observerscope: - version: -

Trust: 0.8

vendor:hitachimodel:jp1/server system observerscope: - version: -

Trust: 0.8

vendor:hitachimodel:jp1/automatic job management system agentscope:eqversion:2-

Trust: 0.6

vendor:hitachimodel:jp1/integrated managementscope:eqversion:0

Trust: 0.3

vendor:hitachimodel:jp1/cm2/snmp system observerscope:eqversion:09-00

Trust: 0.3

vendor:hitachimodel:jp1/cm2/snmp system observerscope:eqversion:0

Trust: 0.3

vendor:hitachimodel:jp1/automatic job management systemscope:eqversion:20

Trust: 0.3

vendor:hitachimodel:product name: jp1/integrated management viewscope:neversion:-09-00

Trust: 0.3

vendor:hitachimodel:jp1/cm2/snmp system observerscope:neversion:09-00

Trust: 0.3

vendor:hitachimodel:jp1/cm2/snmp system observer )scope:neversion:09-00

Trust: 0.3

vendor:hitachimodel:jp1/automatic job management system viewscope:neversion:3-09-00

Trust: 0.3

sources: CNVD: CNVD-2010-4810 // BID: 36311 // JVNDB: JVNDB-2009-001968 // CNNVD: CNNVD-201004-349 // NVD: CVE-2009-4777

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-4777
value: MEDIUM

Trust: 1.0

IPA: JVNDB-2009-001968
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2010-4810
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201004-349
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2009-4777
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

IPA: JVNDB-2009-001968
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2010-4810
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:M/AU:N/C:C/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 7.8
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

sources: CNVD: CNVD-2010-4810 // JVNDB: JVNDB-2009-001968 // CNNVD: CNNVD-201004-349 // NVD: CVE-2009-4777

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2009-4777

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201004-349

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201004-349

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-001968

PATCH

title:HS09-016url:http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-016/index.html

Trust: 0.8

title:Patch for Hitachi Multiple Products Invalid GIF File Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/37678

Trust: 0.6

sources: CNVD: CNVD-2010-4810 // JVNDB: JVNDB-2009-001968

EXTERNAL IDS

db:NVDid:CVE-2009-4777

Trust: 3.3

db:BIDid:36311

Trust: 3.3

db:SECUNIAid:36646

Trust: 2.6

db:OSVDBid:57832

Trust: 2.4

db:VUPENid:ADV-2009-2576

Trust: 2.4

db:HITACHIid:HS09-016

Trust: 2.0

db:XFid:53115

Trust: 1.4

db:JVNDBid:JVNDB-2009-001968

Trust: 0.8

db:CNVDid:CNVD-2010-4810

Trust: 0.6

db:CNNVDid:CNNVD-201004-349

Trust: 0.6

db:PACKETSTORMid:81079

Trust: 0.1

sources: CNVD: CNVD-2010-4810 // BID: 36311 // JVNDB: JVNDB-2009-001968 // PACKETSTORM: 81079 // CNNVD: CNNVD-201004-349 // NVD: CVE-2009-4777

REFERENCES

url:http://www.securityfocus.com/bid/36311

Trust: 3.0

url:http://osvdb.org/57832

Trust: 2.4

url:http://secunia.com/advisories/36646

Trust: 2.4

url:http://www.vupen.com/english/advisories/2009/2576

Trust: 2.4

url:http://www.hitachi.co.jp/prod/comp/soft1/global/security/info/vuls/hs09-016/index.html

Trust: 2.0

url:http://xforce.iss.net/xforce/xfdb/53115

Trust: 1.4

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/53115

Trust: 1.0

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4777

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-4777

Trust: 0.8

url:http://www.hitachi.com/index.html

Trust: 0.3

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/advisories/36646/

Trust: 0.1

url:http://secunia.com/advisories/business_solutions/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

sources: CNVD: CNVD-2010-4810 // BID: 36311 // JVNDB: JVNDB-2009-001968 // PACKETSTORM: 81079 // CNNVD: CNNVD-201004-349 // NVD: CVE-2009-4777

CREDITS

Hitachi

Trust: 0.9

sources: BID: 36311 // CNNVD: CNNVD-201004-349

SOURCES

db:CNVDid:CNVD-2010-4810
db:BIDid:36311
db:JVNDBid:JVNDB-2009-001968
db:PACKETSTORMid:81079
db:CNNVDid:CNNVD-201004-349
db:NVDid:CVE-2009-4777

LAST UPDATE DATE

2024-08-14T14:58:34.835000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2010-4810date:2010-04-21T00:00:00
db:BIDid:36311date:2015-04-13T21:06:00
db:JVNDBid:JVNDB-2009-001968date:2009-09-14T00:00:00
db:CNNVDid:CNNVD-201004-349date:2010-04-21T00:00:00
db:NVDid:CVE-2009-4777date:2017-08-17T01:31:45.303

SOURCES RELEASE DATE

db:CNVDid:CNVD-2010-4810date:2010-04-21T00:00:00
db:BIDid:36311date:2009-09-09T00:00:00
db:JVNDBid:JVNDB-2009-001968date:2009-09-14T00:00:00
db:PACKETSTORMid:81079date:2009-09-09T16:35:33
db:CNNVDid:CNNVD-201004-349date:2010-04-21T00:00:00
db:NVDid:CVE-2009-4777date:2010-04-21T14:30:00.583