Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1697

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2008-1697
Last Modified 02 Aug 2011 12:00:00
Published 08 Apr 2008 01:05:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-1697

Summary

Stack-based buffer overflow in ovwparser.dll in HP OpenView Network Node Manager (OV NNM) 7.53, 7.51, and earlier allows remote attackers to execute arbitrary code via a long URI in an HTTP request processed by ovas.exe, as demonstrated by a certain topology/homeBaseView request. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Hp Openview Network Node Manager 7.0.1

  • Hp Openview Network Node Manager 7.51

  • Hp Openview Network Node Manager 7.53


References

BID - 28569

XF - hpopenview-ovas-bo(41600)

VUPEN - ADV-2008-1085

SECTRACK - 1019782

MISC - http://www.offensive-security.com/0day/hp-nnm-ov.py.txt

MILW0RM - 5342

SECUNIA - 29641

HP - HPSBMA02348

HP - SSRT080033


Last Updated: 27 May 2016 10:49:54