Authentication Spoofing Vulnerability in Hitachi Web Server
CVE-2007-5810

Currently unrated

Key Information:

Vendor: Hitachi
Status: Web Server; Ucosminexus Application Server Standard; Ucosminexus Developer Standard; Cosminexus Application Server Enterprise
Vendor: CVE Published:; 5 November 2007

Summary

A vulnerability in Hitachi Web Server versions 01-00 through 03-00-01, utilized by certain Cosminexus products, fails to adequately validate SSL client certificates. This oversight can enable remote attackers to impersonate legitimate users by presenting a client certificate with a forged signature, potentially leading to unauthorized access and security breaches.

References

http://osvdb.org/42026

vdb-entryx_refsource_OSVDB

http://www.hitachi-support.com/security_e/vuls_e/HS07-034...

x_refsource_CONFIRM

http://secunia.com/advisories/27421

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Nov 5, 2007
Vulnerability Reserved
Nov 5, 2007