CVE-2009-3845

The port-3443 HTTP server in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostname parameter to unspecified Perl scripts.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877	Patch Vendor Advisory
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877	Patch Vendor Advisory
http://marc.info/?l=bugtraq&m=126046355120442&w=2
http://www.securityfocus.com/archive/1/508345/100/0/threaded
http://www.securityfocus.com/bid/37261
http://www.securityfocus.com/bid/37300
http://zerodayinitiative.com/advisories/ZDI-09-094/
https://exchange.xforce.ibmcloud.com/vulnerabilities/54651
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877	Patch Vendor Advisory
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877	Patch Vendor Advisory
http://marc.info/?l=bugtraq&m=126046355120442&w=2
http://www.securityfocus.com/archive/1/508345/100/0/threaded
http://www.securityfocus.com/bid/37261
http://www.securityfocus.com/bid/37300
http://zerodayinitiative.com/advisories/ZDI-09-094/
https://exchange.xforce.ibmcloud.com/vulnerabilities/54651

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:hp:openview_network_node_manager:7.0.1::hp_ux:::::
	cpe:2.3:a:hp:openview_network_node_manager:7.0.1::linux:::::
	cpe:2.3:a:hp:openview_network_node_manager:7.0.1::solaris:::::
	cpe:2.3:a:hp:openview_network_node_manager:7.0.1::windows:::::
	cpe:2.3:a:hp:openview_network_node_manager:7.51:-:hp-ux:::::*
	cpe:2.3:a:hp:openview_network_node_manager:7.51:-:linux:::::*
	cpe:2.3:a:hp:openview_network_node_manager:7.51:-:solaris:::::*
	cpe:2.3:a:hp:openview_network_node_manager:7.51:-:windows:::::*
	cpe:2.3:a:hp:openview_network_node_manager:7.53:-:hp-ux:::::*
	cpe:2.3:a:hp:openview_network_node_manager:7.53:-:linux:::::*
	cpe:2.3:a:hp:openview_network_node_manager:7.53:-:solaris:::::*
	cpe:2.3:a:hp:openview_network_node_manager:7.53:-:windows:::::*

History

21 Nov 2024, 01:08

Type	Values Removed	Values Added
References	~~() http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877 - Patch, Vendor Advisory~~	() http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877 - Patch, Vendor Advisory
References	~~() http://marc.info/?l=bugtraq&m=126046355120442&w=2 -~~	() http://marc.info/?l=bugtraq&m=126046355120442&w=2 -
References	~~() http://www.securityfocus.com/archive/1/508345/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/508345/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/37261 -~~	() http://www.securityfocus.com/bid/37261 -
References	~~() http://www.securityfocus.com/bid/37300 -~~	() http://www.securityfocus.com/bid/37300 -
References	~~() http://zerodayinitiative.com/advisories/ZDI-09-094/ -~~	() http://zerodayinitiative.com/advisories/ZDI-09-094/ -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/54651 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/54651 -

Information

Published : 2009-12-10 22:30

Updated : 2025-04-09 00:30

NVD link : CVE-2009-3845

Mitre link : CVE-2009-3845

CVE.ORG link : CVE-2009-3845

JSON object : View

Products Affected

openview_network_node_manager

CWE

NVD-CWE-Other

10.0 /10