Summary
This host is running HP OpenView Network Node Manager and is prone to multiple code execution vulnerabilities.
Impact
Successful exploitation will allow attacker to execute arbitrary code in the context of an application.
Impact Level: System/Application
Solution
Upgrade to NNM v7.53 and apply the patch
http://support.openview.hp.com/selfsolve/patches
*****
NOTE : Ignore this warning, if above mentioned patch is already applied.
*****
Insight
The multiple flaws are due to,
- A buffer overflow error in 'CGI' executable when processing an overly long parameter value.
- A buffer overflow error in the 'ov.dll' library when processing certain arguments supplied via CGI executables.
- An error in 'webappmon.exe' CGI application, which fails to adequately validate user-supplied input.
Affected
HP OpenView Network Node Manager 7.51 and 7.53
References
Severity
Classification
-
CVE CVE-2010-2704, CVE-2010-2709 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Artmedic Kleinanzeigen File Inclusion Vulnerability
- Atmail Multiple Unspecified Security Vulnerabilities.
- Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution
- Atutor AChecker Multiple SQL Injection and XSS Vulnerabilities
- ASP-Dev XM Event Diary Multiple Vulnerabilities