Date: 28 July 2009
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT Security Bulletin
ASB-2009.1032
Hitachi Business Logic - Container: Cross-site scripting -
Remote/unauthenticated
28 July 2009
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Hitachi Business Logic - Container
Hitachi Business Logic - Container 2
Operating System: Linux variants
Windows
AIX
Impact/Access: Cross-site Scripting -- Remote/Unauthenticated
Resolution: Upgrade
Member content until: Thursday, August 27 2009
OVERVIEW
A vulnerability has been identified in Hitachi Business Logic -
Container and Hitachi Business Logic - Container 2, component products
of Electronic Form Workflow.
IMPACT
This vulnerability could be exploited remotely to allow cross-site
scripting. [1]
MITIGATION
The vendor recommends updating to the latest version, details of
which can be found on the vendor's website. [1]
REFERENCES
[1] Cross-site Scripting Vulnerability in Hitachi Business Logic - Container and Hitachi Business Logic - Container 2: Software Vulnerability Information: Software: Hitachi
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS09-011/index.html
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iD8DBQFKbntXNVH5XJJInbgRArx3AJ4tKrDjuxCE3pCGN0Zg2chcpf8/2ACgiIAt
YZ49TdvK0V2lUnDO4vH1dTg=
=CU0z
-----END PGP SIGNATURE-----
|