HITSENSER3 Input Validation Flaws Let Remote Users Inject SQL Commands to Bypass Authentication
|
|
SecurityTracker Alert ID: 1016190
|
|
SecurityTracker URL: http://securitytracker.com/id?1016190
|
|
CVE Reference: CVE-2006-2761
(Links to External Site)
|
Updated: Jun 2 2009
|
Original Entry Date: May 31 2006
|
Impact: Disclosure of system information, Disclosure of user information, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Description: A vulnerability was reported in HITSENSER3. A remote user can inject SQL commands.
The software does not properly validate user-supplied input. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database. This can be exploited to bypass authentication.
|
Impact: A remote user can execute SQL commands on the underlying database.
|
Solution: The vendor has issued a fix.
A patch matrix is available at:
http://www.hitachi-support.com/security_e/vuls_e/HS06-011_e/01-e.html
The
Hitachi advisory is available at:
http://www.hitachi-support.com/security_e/vuls_e/HS06-011_e/index-e.html
|
Vendor URL: www.hitachi-support.com/security_e/vuls_e/HS06-011_e/index-e.html (Links to External Site)
|
Cause: Input validation error
|
Underlying OS: Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 31 May 2006 08:41:14 -0400
Subject: SQL Injection Vulnerability in HITSENSER3
|
http://www.hitachi-support.com/security_e/vuls_e/HS06-011_e/index-e.html
|
|
