Cosminexus Portal Framework May Disclose Cached Content to the Wrong User
|
|
SecurityTracker Alert ID: 1011171
|
|
SecurityTracker URL: http://securitytracker.com/id?1011171
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Sep 7 2004
|
Impact: Disclosure of user information
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 02-03 and prior versions
|
Description: A vulnerability was reported in the Cosminexus Portal Framework. A remote user may be able to gain access to cached information belonging to a different user.
Hitachi reported that if the <ut:cache> tag library is used, the system may replace cached content with other content. As a result,
a remote user may be able to obtain cached information belonging to a different user.
Windows, HP-UX, AIX, and Solaris platforms
are affected.
|
Impact: A remote user may be able to access cached content belonging to a different user.
|
Solution: A patch matrix (HS04-006-01) is available at:
http://www.hitachi-support.com/security_e/vuls_e/HS04-006_e/01-e.html
|
Vendor URL: www.hitachi-support.com/security_e/vuls_e/HS04-006_e/index-e.html (Links to External Site)
|
Cause: Access control error, State error
|
Underlying OS: UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Tue, 7 Sep 2004 13:24:05 -0400
Subject: http://www.hitachi-support.com/security_e/vuls_e/HS04-006_e/index-e.html
|
> HS04-006
>
> Update: September 7, 2004
>
> Cached content replacement problem in Cosminexus Portal Framework
Hitachi reported a vulnerability in the Cosminexus Portal Framework.
If the <ut:cache> tag library is used, the system may replace cached content with
other content. As a result, a remote user may be able to obtain cached information
belonging to a different user.
Windows, HP-UX, AIX, and Solaris platforms are affected.
A patch matrix (HS04-006-01) is available at:
http://www.hitachi-support.com/security_e/vuls_e/HS04-006_e/01-e.html
|
|
