Hitachi Cosminexus Portal Framework information disclosure
| cosminexus-info-disclosure (17278) |  Medium Risk |
Description:
Cosminexus Portal Framework could allow a remote authenticated attacker to gain sensitive information, caused by a vulnerability within the <ut:cache> tag library. This vulnerability could cause cached information to be replaced with other user's sensitive information.
Consequences:
Obtain Information
Remedy:
Upgrade to the latest fixed version of Cosminexus Portal Framework, as listed in Hitachi Vulnerability Information HS04-006-01. See References.
References:
- Cosminexus Portal Framework Web page: Cosminexus: Cosminexus Portal Framework.
- Hitachi Vulnerability Information HS04-006-01: Solution for Cosminexus Portal Framework.
- Software Vulnerability Information HS04-006: Cached content replacement problem in Cosminexus Portal Framework.
- BID-11128: Cosminexus Portal Framework Information Disclosure Vulnerability
- CVE-2004-2452: Unknown vulnerability in Hitachi Cosminexus Portal Framework 01-00, 01-01, 01-02, 02-01, 02-02, 02-03, and other versions allows remote attackers to obtain sensitive information in the <ut:cache> tag library.
- OSVDB ID: 9739: Cosminexus Portal Framework Cached Content Modification
- SA12463: Cosminexus Portal Framework Unspecified Cached Content Replacement
- SECTRACK ID: 1011171: Cosminexus Portal Framework May Disclose Cached Content to the Wrong User
Platforms Affected:
- Hitachi Cosminexus Portal Framework
Reported:
Sep 07, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net