Vulnerabilites related to Cogent Real-Time Systems Inc. - Cascade DataHub
jvndb-2012-000001
Vulnerability from jvndb
Published
2012-01-11 15:22
Modified
2012-01-13 15:57
Summary
Cogent DataHub vulnerable to cross-site scripting
Details
Cogent DataHub provided by Cogent Real-Time Systems Inc. contains a cross-site scripting vulnerability.
Kuang-Chun Hung of Security Research and Service Institute - Information and Communication Security Technology Center (ICST), Taiwan R.O.C. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | http://jvn.jp/en/jp/JVN12983784/index.html | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0309 | |
| NVD | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0309 | |
| ICS-CERT ADVISORY | http://www.us-cert.gov/control_systems/pdf/ICSA-12-016-01.pdf | |
| Cross-site Scripting(CWE-79) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000001.html",
"dc:date": "2012-01-13T15:57+09:00",
"dcterms:issued": "2012-01-11T15:22+09:00",
"dcterms:modified": "2012-01-13T15:57+09:00",
"description": "Cogent DataHub provided by Cogent Real-Time Systems Inc. contains a cross-site scripting vulnerability.\r\n\r\nKuang-Chun Hung of Security Research and Service Institute - Information and Communication Security Technology Center (ICST), Taiwan R.O.C. reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000001.html",
"sec:cpe": [
{
"#text": "cpe:/a:cogentdatahub:cascade_datahub",
"@product": "Cascade DataHub",
"@vendor": "Cogent Real-Time Systems Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cogentdatahub:cogent_datahub",
"@product": "Cogent DataHub",
"@vendor": "Cogent Real-Time Systems Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cogentdatahub:opc_datahub",
"@product": "OPC DataHub",
"@vendor": "Cogent Real-Time Systems Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2012-000001",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN12983784/index.html",
"@id": "JVN#12983784",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0309",
"@id": "CVE-2012-0309",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0309",
"@id": "CVE-2012-0309",
"@source": "NVD"
},
{
"#text": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-016-01.pdf",
"@id": "ICSA-12-016-01",
"@source": "ICS-CERT ADVISORY"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-79",
"@title": "Cross-site Scripting(CWE-79)"
}
],
"title": "Cogent DataHub vulnerable to cross-site scripting"
}
jvndb-2012-000002
Vulnerability from jvndb
Published
2012-01-11 15:12
Modified
2012-01-13 16:08
Summary
Cogent DataHub vulnerable to HTTP header injection
Details
Cogent DataHub provided by Cogent Real-Time Systems Inc. contains a HTTP header injection vulnerability (also known as CRLF, carriage return line feed, injection vulnerability).
Kuang-Chun Hung of Security Research and Service Institute - Information and Communication Security Technology Center (ICST), Taiwan R.O.C. reported this vulnerability to JPCERT/CC.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | http://jvn.jp/en/jp/JVN63249231/index.html | |
| CVE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0310 | |
| NVD | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0310 | |
| ICS-CERT ADVISORY | http://www.us-cert.gov/control_systems/pdf/ICSA-12-016-01.pdf | |
| Improper Input Validation(CWE-20) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000002.html",
"dc:date": "2012-01-13T16:08+09:00",
"dcterms:issued": "2012-01-11T15:12+09:00",
"dcterms:modified": "2012-01-13T16:08+09:00",
"description": "Cogent DataHub provided by Cogent Real-Time Systems Inc. contains a HTTP header injection vulnerability (also known as CRLF, carriage return line feed, injection vulnerability).\r\n\r\nKuang-Chun Hung of Security Research and Service Institute - Information and Communication Security Technology Center (ICST), Taiwan R.O.C. reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2012/JVNDB-2012-000002.html",
"sec:cpe": [
{
"#text": "cpe:/a:cogentdatahub:cascade_datahub",
"@product": "Cascade DataHub",
"@vendor": "Cogent Real-Time Systems Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cogentdatahub:cogent_datahub",
"@product": "Cogent DataHub",
"@vendor": "Cogent Real-Time Systems Inc.",
"@version": "2.2"
},
{
"#text": "cpe:/a:cogentdatahub:opc_datahub",
"@product": "OPC DataHub",
"@vendor": "Cogent Real-Time Systems Inc.",
"@version": "2.2"
}
],
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"@version": "2.0"
},
"sec:identifier": "JVNDB-2012-000002",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN63249231/index.html",
"@id": "JVN#63249231",
"@source": "JVN"
},
{
"#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0310",
"@id": "CVE-2012-0310",
"@source": "CVE"
},
{
"#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0310",
"@id": "CVE-2012-0310",
"@source": "NVD"
},
{
"#text": "http://www.us-cert.gov/control_systems/pdf/ICSA-12-016-01.pdf",
"@id": "ICSA-12-016-01",
"@source": "ICS-CERT ADVISORY"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-20",
"@title": "Improper Input Validation(CWE-20)"
}
],
"title": "Cogent DataHub vulnerable to HTTP header injection"
}