| Title | Cosminexus HTTP Server および Hitachi Web Server における脆弱性 |
|---|---|
| Summary | Cosminexus HTTP Server および Hitachi Web Server には、脆弱性 (CVE-2016-8743) が存在します。 |
| Possible impacts | 不特定の影響を受ける可能性があります。 |
| Solution | ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。 |
| Publication Date | Oct. 18, 2016, midnight |
| Registration Date | June 26, 2017, 5:07 p.m. |
| Last Update | July 25, 2019, 2:10 p.m. |
| CVSS3.0 : 警告 | |
| Score | 4 |
|---|---|
| Vector | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N |
| CVSS2.0 : 警告 | |
| Score | 4.3 |
|---|---|
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
| Apache Software Foundation |
| Apache HTTP Server 2.2.32 未満 |
| Apache HTTP Server 2.4.25 未満 |
| 日本電気 |
| CSVIEW FAQナビ 全バージョン |
| CSVIEW Webアンケート 全バージョン |
| iStorage HSシリーズ V4.0 から V5.2 |
| iStorage Tシリーズ T100A |
| iStorage Tシリーズ T700A |
| MailShooter 全バージョン |
| SimpWright V6 |
| SimpWright V7 |
| SpoolServerシリーズ ReportFiling Ver5.2 から 6.2 |
| WebOTX Application Server Enterprise V9.3 から V9.4 |
| WebOTX Application Server Express V9.3 から V9.4 |
| WebOTX Application Server Standard V9.3 から V9.4 |
| 日立 |
| Cosminexus HTTP Server |
| Hitachi Application Server |
| Hitachi Application Server for Developers |
| Hitachi IT Operations Director |
| Hitachi Web Server |
| Hitachi Web Server - Custom Edition |
| Hitachi Web Server - Security Enhancement |
| Job Management Partner 1/Integrated Management - Service Support |
| Job Management Partner 1/Integrated Management - Service Support Advanced Edition |
| Job Management Partner 1/IT Desktop Management 2 - Manager |
| Job Management Partner 1/IT Desktop Management 2 - Smart Device Manager |
| Job Management Partner 1/IT Desktop Management - Manager |
| Job Management Partner 1/Performance Management - Web Console |
| JP1/Automatic Job Management System 3 - Manager [Web Console] |
| JP1/Automatic Operation |
| JP1/Integrated Management - Service Support |
| JP1/Integrated Management - Service Support Advanced Edition |
| JP1/Integrated Management - Service Support Starter Edition |
| JP1/IT Desktop Management 2 - Manager |
| JP1/IT Desktop Management 2 - Operations Director |
| JP1/IT Desktop Management 2 - Smart Device Manager |
| JP1/IT Desktop Management - Manager |
| JP1/Operations Analytics |
| JP1/Performance Management - Manager |
| JP1/Performance Management - Manager [Web Console] |
| JP1/Performance Management - Web Console |
| JP1/Service Support |
| JP1/Service Support Starter Edition |
| uCosminexus Application Server |
| uCosminexus Application Server (64) |
| uCosminexus Application Server -R |
| uCosminexus Application Server Express |
| uCosminexus Application Server Standard-R |
| uCosminexus Application Server Enterprise |
| uCosminexus Application Server Smart Edition |
| uCosminexus Application Server Standard |
| uCosminexus Developer |
| uCosminexus Developer 01 |
| uCosminexus Developer Professional |
| uCosminexus Developer Professional for Plug-in |
| uCosminexus Developer Light |
| uCosminexus Developer Standard |
| uCosminexus Primary Server Base |
| uCosminexus Primary Server Base(64) |
| uCosminexus Service Architect |
| uCosminexus Service Platform |
| uCosminexus Service Platform (64) |
| uCosminexus Service Platform - Messaging |
| No | Changed Details | Date of change |
|---|---|---|
| 1 | [2018年11月07日] 影響を受けるシステム:ベンダ情報の追加に伴い内容を更新 ベンダ情報:日本電気 (NV17-004) を追加 参考情報:JVN (JVNVU#99304449) を追加 |
Nov. 7, 2018, 11:31 a.m. |
| 2 | [2019年07月25日] 参考情報:National Vulnerability Database (NVD) (CVE-2016-8743) を追加 参考情報:National Vulnerability Database (NVD) (CVE-2016-4975) を追加 |
July 25, 2019, 2:08 p.m. |
| 0 | [2017年06月26日] 掲載 [2017年08月31日] CVSS による深刻度:内容を更新 影響を受けるシステム:ベンダ情報の追加に伴い内容を更新 ベンダ情報:Apache Software Foundation (Fixed in Apache httpd 2.4.25) を追加 ベンダ情報:ヒューレット・パッカード・エンタープライズ (HPESBUX03725) を追加 CWE による脆弱性タイプ一覧:CWE-ID を追加 [2018年02月01日] 影響を受けるシステム:ベンダ情報の追加に伴い内容を更新 ベンダ情報:日立 (hitachi-sec-2018-103) を追加 |
July 5, 2019, 3:50 p.m. |
| 3 | [2023年06月29日] 影響を受けるシステム:ベンダ情報 日本電気 (NV17-004) の更新に伴い内容を更新 |
June 29, 2023, 9:56 a.m. |
| Summary | Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31). |
|---|---|
| Publication Date | Aug. 14, 2018, 9:29 p.m. |
| Registration Date | Jan. 26, 2021, 2:13 p.m. |
| Last Update | Nov. 21, 2024, 11:53 a.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:apache:http_server:2.2.23:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:http_server:2.2.31:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:http_server:2.2.17:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:http_server:2.2.16:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:http_server:2.2.21:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:http_server:2.2.24:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:http_server:2.2.25:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:http_server:2.2.22:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:http_server:2.2.19:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:http_server:2.2.27:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:http_server:2.2.18:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:http_server:2.2.29:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:http_server:2.2.20:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:apache:http_server:2.2.26:*:*:*:*:*:*:* | |||||
| Summary | Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution. |
|---|---|
| Publication Date | July 28, 2017, 6:29 a.m. |
| Registration Date | Jan. 26, 2021, 2:19 p.m. |
| Last Update | Nov. 21, 2024, 11:59 a.m. |
| Configuration1 | or higher | or less | more than | less than | |
| cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* | 2.4.1 | 2.4.23 | |||
| cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* | 2.2.0 | 2.2.31 | |||
| Configuration2 | or higher | or less | more than | less than | |
| cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:* | |||||
| cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:* | |||||
| Configuration3 | or higher | or less | more than | less than | |
| cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* | |||||
| Configuration4 | or higher | or less | more than | less than | |
| cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:* | |||||
| cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:* | |||||
| Configuration5 | or higher | or less | more than | less than | |
| cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:* | |||||
| execution environment | |||||
| 1 | cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:* | ||||
| 2 | cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:* | ||||