[1/5] Hitachi Cosminexus Application Server Incorrect Handling of Group Permissions

August 24th, 2007 by

[1/5] Hitachi Cosminexus Application Server Incorrect Handling of Group Permissions

:A weakness has been reported in Cosminexus Application Server, which can potentially allow a server process to perform actions with escalated privileges.The problem is that the group permissions of another user can be granted to the server process when a logical J2EE server or a logical user server is started from Cosminexus Manager.Solution:Update to the latest versions (please see vendor advisory for details).Provided and/or discovered by:Reported by the vendor.Original Advisory:http://www.hitachi-support.com/security_e/vuls_e/HS07-025_e/index-e.html

Original post by pooja

[1/5] Hitachi Cosminexus Application Server Incorrect Handling of Group Permissions

Related Articles:

[2/5] Hitachi Cosminexus Agent Unspecified Denial of Service Vulnerability

[3/5] Hitachi Cosminexus JSSE SSL/TLS Handshake Denial of Service

[4/5] Hitachi Cosminexus Products DoS and Buffer Overflow Vulnerabilities

[2/5] Hitachi Products Cosminexus Component Container Improper Session Data Handling

[2/5] Hitachi Cosminexus Products JavaDoc Cross-Site Scripting

Posted in Advisories - Exploits | | [1/5] Hitachi Cosminexus Application Server Incorrect Handling of Group Permissions

<< [3/5] Gentoo update for qt | [3/5] Ipswitch WS_FTP Server Script Insertion Vulnerability >>

Cybertrion Systems

[1/5] Hitachi Cosminexus Application Server Incorrect Handling of Group Permissions

Categories

Archives:

Search:

Meta: