Sårbarhed Detalje Syn
Legend :
critical
high
medium
low
other
| id | 43155 |
|---|
| Risiko | other |
|---|
| Familie | CGI abuses |
|---|
| Kategori | attack |
|---|
| Navn | HP OpenView Network Node Manager Multiple Scripts hostname Parameter Remote Command Execution |
|---|
| Sammenfatning | Checks for multiple remote command execution vulnerabilities in HP OpenView NNM |
|---|
| Beskrivelse | Synopsis :
The remote web server contains multiple CGI scripts that allows
execution of arbitrary commands.
Description :
The remote version of HP OpenView Network Node Manager fails to
sanitize user-supplied input to the 'hostname' parameter used in the
'setMon.ovpl', 'setNotMon.ovpl', and 'ifMgrp.ovpl' scripts before
using it to run a command. By leveraging these flaws, an
unauthenticated remote attacker may be able to execute arbitrary
commands on the remote host within the context of the affected web
server userid.
Note that the installed version of HP OpenView Network Node Manager is
potentially affected by multiple other issues, though Nessus has not
tested for these.
See also :
http://www.securityfocus.com/archive/1/508345/30/0/threaded
http://www.securityfocus.com/advisories/18537
http://www.nessus.org/u?422f4693
Solution :
Apply the appropriate patch referenced in the vendor's advisory
above.
Risk factor :
Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
|
|---|
| CVE |
CVE-2009-3845 |
| Bugtraq |
37300 |
| Copyright |
(C) 2009 Tenable Network Security, Inc. |
|
|