Summary
This host is running HP OpenView Network Node Manager and is prone to multiple code execution vulnerabilities.
Impact
Successful exploitation will allow attacker to execute arbitrary code in the context of an application.
Impact Level: System/Application
Solution
Upgrade to NNM v7.53 and apply the patch
http://support.openview.hp.com/selfsolve/patches
*****
NOTE : Ignore this warning, if above mentioned patch is already applied.
*****
Insight
The multiple flaws are due to,
- A buffer overflow error in 'CGI' executable when processing an overly long parameter value.
- A buffer overflow error in the 'ov.dll' library when processing certain arguments supplied via CGI executables.
- An error in 'webappmon.exe' CGI application, which fails to adequately validate user-supplied input.
Affected
HP OpenView Network Node Manager 7.51 and 7.53
References
Severity
Classification
-
CVE CVE-2010-2704, CVE-2010-2709 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Atutor AContent Multiple SQL Injection and XSS Vulnerabilities
- ArticleSetup Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
- Apache Axis2 Document Type Declaration Processing Security Vulnerability
- Ad Manager Pro Multiple SQL Injection And XSS Vulnerabilities
- AlefMentor Multiple SQL Injection Vulnerabilities