Secunia Security Advisory - HP has acknowledged some vulnerabilities in OpenView Network Node Manager, which can be exploited by malicious people to conduct cross-site scripting attacks.
c878986f26c644625cbed0d7794101f606d09164f75f812d506ee2556b57c81c
----------------------------------------------------------------------
Do you need accurate and reliable IDS / IPS / AV detection rules?
Get in-depth vulnerability details:
http://secunia.com/binary_analysis/sample_analysis/
----------------------------------------------------------------------
TITLE:
HP OpenView Network Node Manager Cross-Site Scripting Vulnerabilities
SECUNIA ADVISORY ID:
SA32800
VERIFY ADVISORY:
http://secunia.com/advisories/32800/
CRITICAL:
Less critical
IMPACT:
Cross Site Scripting
WHERE:
>From remote
SOFTWARE:
HP OpenView Network Node Manager (NNM) 7.x
http://secunia.com/advisories/product/3608/
DESCRIPTION:
HP has acknowledged some vulnerabilities in OpenView Network Node
Manager, which can be exploited by malicious people to conduct
cross-site scripting attacks.
For more information:
SA28073
The vulnerabilities are reported in versions 7.01, 7.51, and 7.53
running on HP-UX, Linux, and Solaris.
SOLUTION:
Apply patches.
-- OpenView Network Node Manager 7.01 --
HP-UX B.11.00 and B.11.11:
Apply PHSS_38761 or subsequent.
Solaris:
Apply PSOV_03516 or subsequent.
-- OpenView Network Node Manager 7.51 --
Update to version 7.53 and apply patches.
-- OpenView Network Node Manager 7.53 --
HP-UX B.11.11 and B.11.23 (PA):
Apply PHSS_38147 or subsequent.
HP-UX B.11.31 and HP-UX B.11.23 (IA):
Apply PHSS_38148 or subsequent.
Linux RedHatAS2.1:
Apply LXOV_00085 or subsequent.
Linux RedHat4AS-x86_64:
Apply LXOV_00086 or subsequent.
Solaris:
Apply PSOV_03514 or subsequent.
ORIGINAL ADVISORY:
HPSBMA02388 SSRT080059:
http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01607570
OTHER REFERENCES:
SA28073:
http://secunia.com/advisories/28073/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------