The port-3443 HTTP server in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostname parameter to unspecified Perl scripts.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Openview_network_node_manager | Hp | 7.0.1 (including) | 7.0.1 (including) |
| Openview_network_node_manager | Hp | 7.51 (including) | 7.51 (including) |
| Openview_network_node_manager | Hp | 7.53 (including) | 7.53 (including) |
References
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877
- http://marc.info/?l=bugtraq\u0026m=126046355120442\u0026w=2
- http://www.securityfocus.com/archive/1/508345/100/0/threaded
- http://www.securityfocus.com/bid/37261
- http://www.securityfocus.com/bid/37300
- http://zerodayinitiative.com/advisories/ZDI-09-094/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54651
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877
- http://marc.info/?l=bugtraq\u0026m=126046355120442\u0026w=2
- http://www.securityfocus.com/archive/1/508345/100/0/threaded
- http://www.securityfocus.com/bid/37261
- http://www.securityfocus.com/bid/37300
- http://zerodayinitiative.com/advisories/ZDI-09-094/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54651