TITLE: Hitachi Web Page Generator Multiple Vulnerabilities SECUNIA ADVISORY ID: SA12150 VERIFY ADVISORY: http://secunia.com/advisories/12150/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting, Exposure of system information, DoS WHERE: >From remote SOFTWARE: Web Page Generator 1.x http://secunia.com/product/3729/ Web Page Generator 2.x http://secunia.com/product/3732/ Web Page Generator Enterprise 3.x http://secunia.com/product/3730/ Web Page Generator Enterprise 4.x http://secunia.com/product/3731/ DESCRIPTION: Multiple vulnerabilities have been discovered in Web Page Generator, which can be exploited by malicious people to cause a DoS (Denial of Service), disclose content of directories, or conduct cross-site scripting attacks. 1) An unspecified error can be exploited to stop the website service by accessing the website "improperly" multiple times. This vulnerability only affect Windows platforms. 2) Errors in the error transactions of the Web Page Generator templates can be exploited to disclose the content of directories or conduct cross-site scripting attacks. This vulnerability affects all platforms, but requires that the default error template is used and the product runs in debugging mode. SOLUTION: Update to Web Page Generator Enterprise version 03-03-/D or 04-02-/L, and set the "DEBUG_MODE" property to "off". PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: http://www.hitachi-support.com/security_e/vuls_e/HS04-002_e/index-e.html http://www.hitachi-support.com/security_e/vuls_e/HS04-003_e/index-e.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org ----------------------------------------------------------------------