Multiple Hitachi JP1 request handling denial of service
| hitachi-jp1-request-dos (26087) |  Low Risk |
Description:
Multiple Hitachi JP1 products are vulnerable to a denial of service attack, caused by improper handling of invalid or malformed requests. A remote attacker could exploit this vulnerability to cause an affected product to stop responding to legitimate user requests.
Platforms Affected:
- Hitachi, Cm2/Network Node Manager 250
- Hitachi, Cm2/Network Node Manager Enterprise
- Hitachi, Cm2/Network Node Manager Unlimited
- Hitachi, JP1/Automatic Job Management System 2 Agent
- Hitachi, JP1/Automatic Job Management System 2 Light Edition
- Hitachi, JP1/Automatic Job Management System 2 Manager
- Hitachi, JP1/Cm2/Network Node Manager 250
- Hitachi, JP1/Cm2/Network Node Manager Enterprise
- Hitachi, JP1/Cm2/Network Node Manager Standard
- Hitachi, JP1/File Access Control
- Hitachi, JP1/Performance Management Agent
- Hitachi, JP1/Performance Management Manager
- Hitachi, JP1/Performance Management View
- Hitachi, JP1/PFM/SNMP System Observer Report Feature
- Hitachi, JP1/Security Integrated Manager
- Hitachi, JP1/Security Integrated Manager Runtime Library
- Hitachi, JP1/Server Conductor/Blade Server Manager
- Hitachi, JP1/Server Conductor/Server Manager
- Hitachi, JP1/Server System Observer Report Feature
- Hitachi, Server Conductor/Blade Server Manager
- Hitachi, Server Conductor/Server Manager
Remedy:
Refer to Hitachi Software Vulnerability Information document HS06-007 for product-specific patch or upgrade information. See References.
Consequences:
Denial of Service
References:
- Hitachi Software Vulnerability Information HS06-007, Vulnerability of DoS in JP1 Products at http://www.hitachi-support.com/security_e/vuls_e/HS06-007_e/index-e.html.
- BID-17706: Multiple Hitachi JP1 Products Denial of Service Vulnerability
- CVE-2006-2068: Unspecified vulnerability in Hitachi JP1 products allow remote attackers to cause a denial of service (application stop or fail) via unexpected requests or data.
- SA19841: Hitachi Multiple JP1 Products Denial of Service
- VUPEN/ADV-2006-1524: Hitachi Multiple JP1 Products Request Handling Denial of Service Vulnerability
Reported:
Apr 26, 2006
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net