{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Hitachi uCosminexus Application Server Standard ;","product":{"name":"Web","vendor":{"name":"Centreon","scada":false}}},{"description":"Hitachi Cosminexus Enterprise Edition ;","product":{"name":"Web","vendor":{"name":"Centreon","scada":false}}},{"description":"Hitachi uCosminexus Service Architect ;","product":{"name":"Web","vendor":{"name":"Centreon","scada":false}}},{"description":"Hitachi Cosminexus Server Web Edition 0 et 4 ;","product":{"name":"Web","vendor":{"name":"Centreon","scada":false}}},{"description":"Hitachi Cosminexus Standard Edition 0 et 4 ;","product":{"name":"Web","vendor":{"name":"Centreon","scada":false}}},{"description":"Hitachi Cosminexus Developer 5 ;","product":{"name":"Web","vendor":{"name":"Centreon","scada":false}}},{"description":"Hitachi Cosminexus Application Server Enterprise 6 ;","product":{"name":"Web","vendor":{"name":"Centreon","scada":false}}},{"description":"Hitachi uCosminexus Service Platform ;","product":{"name":"Web","vendor":{"name":"Centreon","scada":false}}},{"description":"Hitachi Cosminexus Developer Professional 6 ;","product":{"name":"Web","vendor":{"name":"Centreon","scada":false}}},{"description":"Hitachi Web Server Custom Edition ;","product":{"name":"Web","vendor":{"name":"Centreon","scada":false}}},{"description":"Hitachi uCosminexus Application Server Enterprise ;","product":{"name":"Web","vendor":{"name":"Centreon","scada":false}}},{"description":"Hitachi uCosminexus Developer Standard ;","product":{"name":"Web","vendor":{"name":"Centreon","scada":false}}},{"description":"Hitachi Cosminexus Developer Standard 6 ;","product":{"name":"Web","vendor":{"name":"Centreon","scada":false}}},{"description":"Hitachi uCosminexus Application Server Smart Edition ;","product":{"name":"Web","vendor":{"name":"Centreon","scada":false}}},{"description":"Hitachi Cosminexus Application Server Standard 6 ;","product":{"name":"Web","vendor":{"name":"Centreon","scada":false}}},{"description":"Hitachi uCosminexus Developer Light ;","product":{"name":"Web","vendor":{"name":"Centreon","scada":false}}},{"description":"Hitachi Web Server for VOS3 ;","product":{"name":"Web","vendor":{"name":"Centreon","scada":false}}},{"description":"Hitachi Web Server Security Enhancement ;","product":{"name":"Web","vendor":{"name":"Centreon","scada":false}}},{"description":"Hitachi Cosminexus Application Server 5.","product":{"name":"Web","vendor":{"name":"Centreon","scada":false}}},{"description":"Hitachi Web Server ;","product":{"name":"Web","vendor":{"name":"Centreon","scada":false}}},{"description":"Hitachi uCosminexus Developer Professional ;","product":{"name":"Web","vendor":{"name":"Centreon","scada":false}}}],"affected_systems_content":"","content":"## Description\n\nTrois vuln\u00e9rabilit\u00e9s sont pr\u00e9sentes sur Hitachi Web Server. La premi\u00e8re\nconcerne une vuln\u00e9rabilit\u00e9 dans OpenSSL permettant de forcer le serveur\n\u00e0 utiliser SSL 2.0 au lieu de SSL 3.0. Les deux autres vuln\u00e9rabilit\u00e9s\nsont de type cross-site scripting. Pour plus d'informations, vous pouvez\nconsulter les avis CERTA-2005-AVI-400 et CERTA-2005-AVI-490.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2005-2969","url":"https://www.cve.org/CVERecord?id=CVE-2005-2969"},{"name":"CVE-2005-3352","url":"https://www.cve.org/CVERecord?id=CVE-2005-3352"}],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 Hitachi du 24 janvier 2007 :","url":"http://www.hitachi-support.com/security_e/vuls_e/HS06-022_e/01-e.html"},{"title":"Avis du CERTA du 15 d\u00e9cembre 2005 :","url":"http://www.certa.ssi.gouv.fr/site/CERTA-2005-AVI-490/CERTA-2005-AVI-490.html"},{"title":"Avis du CERTA du 12 octobre 2005 :","url":"http://www.certa.ssi.gouv.fr/site/CERTA-2005-AVI-400/CERTA-2005-AVI-400.html"}],"reference":"CERTA-2007-AVI-057","revisions":[{"description":"version initiale.","revision_date":"2007-01-26T00:00:00.000000"}],"risks":[{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"}],"summary":"Trois vuln\u00e9rabilit\u00e9s sur <span class=\"textit\">Hitachi Web Server</span>\npermettraient \u00e0 une personne malintionn\u00e9e d'ex\u00e9cuter une attaque de type\n<span class=\"textit\">cross-site scripting</span> et/ou un contournement\nde la politique de s\u00e9curit\u00e9.\n","title":"Vuln\u00e9rabilit\u00e9s sur Hitachi Web Server","vendor_advisories":[{"published_at":"2007-01-24","title":"Bulletin de s\u00e9curit\u00e9 Hitachi HS06-022","url":"None"}]}