Skip to main content

Hitachi
Contact UsContact Us

Update: July 6, 2007

A cross-site scripting vulnerability was found in the JP1/HiCommand Suite Common Component web server.

Note that JP1/HiCommand series products are for Japanese systems only. JP1 is an abbreviation for Job Management Partner 1.

Vulnerability ID

HS07-017

Vulnerability description

A cross-site scripting vulnerability when using the HTTP protocol Expect header was found in the JP1/HiCommand Suite Common Component web server. An attacker can send a message with an Expect header containing a malicious script to the web server, and then execute the script on the client.

Affected products and versions are listed below. Please upgrade your version to the appropriate version.

Affected products

The information is organized under the following headings:

(Example)
Product name: Gives the name of the affected product.

Version:

Platform
Gives the affected version.

Product name: JP1/HiCommand Device Manager

Version(s):

Windows
02-30 to 04-30-04, 05-00 to 05-10-05,
05-50 to 05-50-02
Solaris
02-30 to 04-30-04, 05-00 to 05-10-05,
05-50 to 05-50-02
Linux
05-10 to 05-10-05, 05-50 to 05-50-02

Product name: JP1/HiCommand Tiered Storage Manager

Version(s):

Windows
4.0.0 to 4.3.0-02, 5.0.0 to 5.0.0-04,
5.5.0 to 5.5.0-02
Solaris
4.3.0 to 4.3.0-02, 5.0.0 to 5.0.0-04,
5.5.0 to 5.5.0-02

Product name: JP1/HiCommand Replication Monitor

Version(s):

Windows
04-00 to 04-20-04, 05-00 to 05-00-05,
05-50 to 05-50-03
Solaris
04-00 to 04-20-04, 05-00 to 05-00-05,
05-50 to 05-50-03

Product name: JP1/HiCommand GlobalLink Availability Manager

Version(s):

Windows
05-00 to 05-00-02

Fixed products

The information is organized under the following headings:

(Example)
Product name: Gives the name of the fixed product.

Version:

Platform
Gives the fixed version, and release date.

Scheduled version:

Platform
Gives the fixed version scheduled to be released.

Product name: JP1/HiCommand Device Manager

Version(s):

Windows
05-10-07 March 15, 2007
05-50-03 February 28, 2007
Solaris
05-10-07 March 15, 2007
05-50-03 February 28, 2007
Linux
05-10-07 March 15, 2007
05-50-03 February 28, 2007

Product name: JP1/HiCommand Tiered Storage Manager

Version(s):

Windows
5.7.0(*1)(*3) May 28, 2007
Solaris
5.7.0(*1)(*3) May 28, 2007

Product name: JP1/HiCommand Replication Monitor

Version(s):

Windows
5.6.0(*2)(*3) January 16, 2007
Solaris
5.6.0(*2)(*3) January 16, 2007

Product name: JP1/HiCommand GlobalLink Availability Manager

Version(s):

Windows
5.6.0 December 15, 2006

For details on the fixed products, contact your Hitachi support service representative.

*1
Instead of applying the fixed version of JP1/HiCommand Tiered Storage Manager (HTSM), you can apply the fixed version of JP1/HiCommand Device Manager (HDvM), which is a base product of HTSM. If your HTSM version is from 4.0.0 to 5.0.0-04, apply HDvM version 05-10-07 or later. If your HTSM version is from 5.5.0 to 5.5.0-02, apply HDvM version 05-50-03 or later.
*2
Instead of applying the fixed version of JP1/HiCommand Replication Monitor (HRpM), you can apply the fixed version of JP1/HiCommand Device Manager (HDvM), which is a base product of HRpM. For any HTSM version is, apply HDvM version 05-10-07 or later.
*3
If you apply a fixed version of this product, base products might also have to be upgraded. For details, refer to the applicable documentation for that product (such as documentation or Readme files provided with the software).

Revision history

July 6, 2007
This page is released.
  • Hitachi, Ltd. (hereinafter referred to as "Hitachi") tries to provide accurate information about security countermeasures. However, since information about security problems constantly changes, the contents of these Web pages are subject to change without prior notice. When referencing information, please confirm that you are referencing the latest information.
  • The Web pages include information about products that are developed by non-Hitachi software developers. Vulnerability information about those products is based on the information provided or disclosed by those developers. Although Hitachi is careful about the accuracy and completeness of this information, the contents of the Web pages may change depending on the changes made by the developers.
  • The Web pages are intended to provide vulnerability information only, and Hitachi shall not have any legal responsibility for the information contained in them. Hitachi shall not be liable for any consequences arising out of or in connection with the security countermeasures or other actions that you will take or have taken (or not taken) by yourself.
  • The links to other web sites are valid at the time of the release of the page. Although Hitachi makes an effort to maintain the links, Hitachi cannot guarantee their permanent availability.