Thursday, April 24, 2008 9:08 AM
cmosby
HP OpenView Network Node Manager Multiple Vulnerabilities - Advisories - Secunia
HP OpenView Network Node Manager Multiple Vulnerabilities
Secunia Advisory:
SA29849
Release Date:
2008-04-17
Last Update:
2008-04-18
Critical:
Moderately critical
Impact:
Cross Site Scripting
DoS
System access
Where:
From local network
Solution Status:
Vendor Patch
Software:
HP OpenView Network Node Manager (NNM) 6.x
HP OpenView Network Node Manager (NNM) 7.x
CVE reference:
CVE-2005-3352 (Secunia mirror)
CVE-2005-3357 (Secunia mirror)
CVE-2006-3747 (Secunia mirror)
Description:
HP has acknowledged some vulnerabilities in OpenView Network Node Manager, which can be exploited by malicious people to conduct cross-site scripting attacks, cause a DoS (Denial of Service), or compromise a vulnerable system.
For more information:
SA18008
SA18307
SA21197
The vulnerabilities affect versions 6.41, 7.01, and 7.51 running Apache on HP-UX, Solaris, and Linux.
Solution:
Apply patches. Please see the vendor's advisory for details.
Changelog:
2008-04-18: Updated "Description" and "Original Advisory" section. The vendor has removed Windows as affected platform and removed the patches from the vendor advisory.
Original Advisory:
HPSBMA02328 SSRT071293:
http://www12.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01428449
Other References:
SA18008:
http://secunia.com/advisories/18008/
SA18307:
http://secunia.com/advisories/18307/
SA21197:
http://secunia.com/advisories/21197/