Secunia Security Advisory - Multiple vulnerabilities have been discovered in Hitachi's Web Page Generator versions 1.x and 2.x and also Enterprise releases 3.x and 4.x. These include denial of service, cross site scripting, and content disclosure attacks.
6f642a621545af420022edb7ef25171ef66ff3e5d62c1f405896ce02cbab0c4e
TITLE:
Hitachi Web Page Generator Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA12150
VERIFY ADVISORY:
http://secunia.com/advisories/12150/
CRITICAL:
Moderately critical
IMPACT:
Cross Site Scripting, Exposure of system information, DoS
WHERE:
>From remote
SOFTWARE:
Web Page Generator 1.x
http://secunia.com/product/3729/
Web Page Generator 2.x
http://secunia.com/product/3732/
Web Page Generator Enterprise 3.x
http://secunia.com/product/3730/
Web Page Generator Enterprise 4.x
http://secunia.com/product/3731/
DESCRIPTION:
Multiple vulnerabilities have been discovered in Web Page Generator,
which can be exploited by malicious people to cause a DoS (Denial of
Service), disclose content of directories, or conduct cross-site
scripting attacks.
1) An unspecified error can be exploited to stop the website service
by accessing the website "improperly" multiple times.
This vulnerability only affect Windows platforms.
2) Errors in the error transactions of the Web Page Generator
templates can be exploited to disclose the content of directories or
conduct cross-site scripting attacks.
This vulnerability affects all platforms, but requires that the
default error template is used and the product runs in debugging
mode.
SOLUTION:
Update to Web Page Generator Enterprise version 03-03-/D or 04-02-/L,
and set the "DEBUG_MODE" property to "off".
PROVIDED AND/OR DISCOVERED BY:
Reported by vendor.
ORIGINAL ADVISORY:
http://www.hitachi-support.com/security_e/vuls_e/HS04-002_e/index-e.html
http://www.hitachi-support.com/security_e/vuls_e/HS04-003_e/index-e.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------