CVE-2007-3794
CVE-2007-3794 is a critical-severity vulnerability in Hitachi Cosminexus Application Server with a CVSS 2.0 base score of 10.0. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Critical (CVSS 2.0 base score 10.0)
- EPSS exploit prediction: 2% (80th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Hitachi Cosminexus Application Server
- Published:
- Last modified:
Description
Buffer overflow in Hitachi Cosminexus V4 through V7, Processing Kit for XML before 20070511, Developer's Kit for Java before 20070312, and third-party products that use this software, allows attackers to have an unknown impact via certain GIF images, related to use of GIF image processing APIs by a Java application.
Frequently asked questions
- What is CVE-2007-3794?
- Buffer overflow in Hitachi Cosminexus V4 through V7, Processing Kit for XML before 20070511, Developer's Kit for Java before 20070312, and third-party products that use this software, allows attackers to have an unknown impact via certain GIF images, related to use of GIF image processing APIs by a Java application.
- How severe is CVE-2007-3794?
- CVE-2007-3794 has a CVSS 2.0 base score of 10.0, rated critical severity.
- Is CVE-2007-3794 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 2% (80th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2007-3794?
- CVE-2007-3794 primarily affects Hitachi Cosminexus Application Server. In total, 102 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2007-3794?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its critical severity, prioritise patching exposed systems.
- When was CVE-2007-3794 published?
- CVE-2007-3794 was published on 2007-07-15 and last updated on 2026-06-16.
References
- http://osvdb.org/37851
- http://secunia.com/advisories/26025
- http://www.hitachi-support.com/security_e/vuls_e/HS07-018_e/index-e.html
- http://www.securityfocus.com/bid/24905
- http://www.vupen.com/english/advisories/2007/2534
Affected products (102)
- cpe:2.3:a:hitachi:cosminexus_application_server:05_00_05_00_h:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_application_server:05_01_05_01_k:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_application_server:05_05_05_00_o:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_application_server:06_00_06_00_g:*:enterprise:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_application_server:06_00_06_00_g:*:standard:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_application_server:06_02_06_02_f:*:enterprise:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_application_server:06_02_06_02_f:*:standard:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_application_server:06_50_06_50_e:*:enterprise:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_application_server:06_50_06_50_e:*:standard:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_application_server:06_51_06_51_g:*:enterprise:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_application_server:06_51_06_51_g:*:standard:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_client:06_00_06_00_g:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_client:06_02_06_02_f:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_client:06_50_06_50_e:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_client:06_51_06_51_g:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_developer:05_00_05_00_h:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_developer:05_01_05_01_k:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_developer:05_05_05_05_o:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_developer:06_00_06_00_g:*:light:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_developer:06_00_06_00_g:*:professional:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_developer:06_00_06_00_g:*:standard:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_developer:06_02_06_02_f:*:light:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_developer:06_02_06_02_f:*:professional:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_developer:06_02_06_02_f:*:standard:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_developer:06_50_06_50_e:*:light:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_developer:06_50_06_50_e:*:professional:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_developer:06_50_06_50_e:*:standard:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_developer:06_51_06_51_g:*:light:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_developer:06_51_06_51_g:*:professional:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_developer:06_51_06_51_g:*:standard:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_server:04_00_04_00_a:*:standard:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_server:04_00_04_00_a:*:web:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_server:04_01_04_01_a:*:standard:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_server:04_01_04_01_a:*:web:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_studio:04_00_04_00_a:*:standard:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_studio:04_00_04_00_a:*:web:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_studio:04_01_04_01_a:*:standard:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_studio:04_01_04_01_a:*:web:*:*:*:*:*
- cpe:2.3:a:hitachi:cosminexus_studio:05_05_05_05_o:*:*:*:*:*:*:*
- cpe:2.3:a:hitachi:ucosminexus_application_server:06_70_06_70_a:*:enterprise:*:*:*:*:*
More vulnerabilities in Hitachi Cosminexus Application Server
- CVE-2009-4776 — Critical (CVSS 9.3): Buffer overflow in Hitachi Cosminexus V4 through V8, Processing Kit for XML, and Developer's Kit for Java, as used in…
- CVE-2007-3626 — High (CVSS 7.8): Unspecified vulnerability in the ADM daemon in Hitachi TPBroker before 20070706 allows remote attackers to cause a…
- CVE-2007-0514 — Medium (CVSS 6.8): Multiple cross-site scripting (XSS) vulnerabilities in multiple Hitachi Web Server, uCosminexus, and Cosminexus…
- CVE-2007-4124 — Medium (CVSS 4.9): The session failover function in Cosminexus Component Container in Cosminexus 6, 6.7, and 7 before 20070731, as used in…
- CVE-2005-3164 — Low (CVSS 2.6): The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus…