Vulnerability description
A buffer overflow vulnerability was found in Cosminexus Developer's Kit for Java(TM), which is a component product of the products listed blow.
This vulnerability arises when the Java application uses image-processing APIs.
- uCosminexus Application Server Enterprise
- uCosminexus Application Server Standard
- uCosminexus Service Platform
- uCosminexus Service Architect
- uCosminexus Developer Professional
- uCosmienxus Developer Standard
- uCosminexus Operator
- uCosminexus Client
- Electronic Form Workflow - Set(*1)
- Electronic Form Workflow - Professional Set(*2)
- Electronic Form Workflow - Developer Set(*3)
- Electronic Form Workflow - Standard Set(*1)
- Electronic Form Workflow - Professional Library Set(*1)
- Electronic Form Workflow - Developer Client Set(*3)
Malicious remote user can execute arbitrary code on a client.
Affected products and versions are listed below. Please upgrade to the appropriate version.
- *1
- uCosminexus Application Server Standard contained in these products is affected.
- *2
- uCosminexus Application Server Enterprise contained in these products is affected.
- *3
- uCosminexus Developer Professional contained in these products is affected.
Fixed products
The information is organized under the following headings:
(Example)
Product name: Gives the name of the fixed product.
Version:
- Platform
- Gives the fixed version, and release date.
Scheduled version(s):
- Platform
- Gives the fixed version scheduled to be released.
- Cosminexus V7
Product name: uCosminexus Application Server Enterprise
Product name: uCosminexus Application Server Standard
Product name: uCosminexus Service Platform
Product name: uCosminexus Developer Standard
Product name: uCosminexus Developer Professional
Product name: uCosminexus Service Architect
Product name: uCosminexus Operator
Product name: uCosminexus Client
Fixed component product name:
- Cosminexus Developer's Kit for Java(TM)
Fixed component product version(s):
- Windows
- 07-00-07 March 21, 2008
- 07-50-04 March 14, 2008
- Linux
- 07-00-07 March 28, 2008
- Linux(IPF)
- 07-00-04 April 14, 2008
- 07-03-01 April 14, 2008
- AIX
- 07-00-08 April 16, 2008
- HP-UX
- 07-00-04 April 18, 2008
- HP-UX(IPF)
- 07-00-04 March 14, 2008
- 07-03 March 14, 2008
- Solaris
- 07-00-04 April 3, 2008
- Products containing Cosminexus
Product name: Electronic Form Workflow - Set
Product name: Electronic Form Workflow - Developer Set
Fixed component product name:
- Cosminexus Developer's Kit for Java(TM)
Fixed component product version(s):
- Windows
- 07-50-04 March 14, 2008
Version(s):
- Windows
- 07-50-/B March 18, 2008
- 07-60-/A May 27, 2008
Product name: Electronic Form Workflow - Professional Set
Fixed component product name:
- Cosminexus Developer's Kit for Java(TM)
Fixed component product version(s):
- Windows
- 07-50-04 March 14, 2008
Version(s):
- Windows
- 07-50-/B March 18, 2008
Product name: Electronic Form Workflow - Standard Set
Product name: Electronic Form Workflow - Professional Library Set
Fixed component product name:
- Cosminexus Developer's Kit for Java(TM)
Fixed component product version(s):
- Windows
- 07-00-07 March 21, 2008
- 07-50-04 March 14, 2008
- Linux
- 07-00-07 March 28, 2008
Version(s):
- Windows
- 07-11-/C September 4, 2008
- 07-20-/A March 18, 2008
Scheduled version(s):
- Windows
- 07-00-/D
- 07-10-/B
- Linux
- 07-10-/B
Product name: Electronic Form Workflow - Developer Client Set
Fixed component product name:
- Cosminexus Developer's Kit for Java(TM)
Fixed component product version(s):
- Windows
- 07-00-07 March 21, 2008
- 07-50-04 March 14, 2008
Version(s):
- Windows
- 07-11-/C September 4, 2008
- 07-20-/A March 18, 2008
Scheduled version(s):
- Windows
- 07-00-/D
- 07-10-/B
For details on the fixed products, contact your Hitachi support service representative.