| Check Point Reference: |
CPAI-2009-053 |
| Date Published: |
20 Feb 2009 |
| Severity: |
High
|
| Last Updated: |
Thursday 01 January, 2009 |
| Source: |
Secunia Advisory: SA33857 |
| Industry Reference: | CVE-2008-4562 |
| Protection Provided by: |
|
| Who is Vulnerable? | HP Network Node Manager (NNM) 7.53 and prior |
| Vulnerability Description |
A vulnerability was reported in HP OpenView Network Node Manager software. HP OpenView Network Node Manager (NNM) is a software application designed for management, maintenance and monitoring of networks and network devices. HP OpenView Network Node Manager (NNM) supplies several CGI applications with which users can control and manage the NNM server using a web browser. One of these CGI applications, ovlogin.exe, is vulnerable to remote code execution due to improper validation of crafted HTTP request messages sent to the application. Remote attackers could exploit this vulnerability to inject and execute arbitrary code on the target server. |
| Vulnerability Details | The vulnerability is due to a boundary error while processing specially crafted HTTP requests sent to the server. Remote attackers can trigger the vulnerability by sending a crafted HTTP request to the CGI program ovlaunch.exe which contains overly long Host header value. |
Feedback