CVE-2009-3845

The port-3443 HTTP server in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostname parameter to unspecified Perl scripts.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877	Patch Vendor Advisory
http://marc.info/?l=bugtraq&m=126046355120442&w=2
http://www.securityfocus.com/archive/1/508345/100/0/threaded
http://www.securityfocus.com/bid/37261
http://www.securityfocus.com/bid/37300
http://zerodayinitiative.com/advisories/ZDI-09-094/
https://exchange.xforce.ibmcloud.com/vulnerabilities/54651

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:hp:openview_network_node_manager:7.0.1::hp_ux:::::
	cpe:2.3:a:hp:openview_network_node_manager:7.0.1::linux:::::
	cpe:2.3:a:hp:openview_network_node_manager:7.0.1::solaris:::::
	cpe:2.3:a:hp:openview_network_node_manager:7.0.1::windows:::::
	cpe:2.3:a:hp:openview_network_node_manager:7.51:-:hp-ux:::::*
	cpe:2.3:a:hp:openview_network_node_manager:7.51:-:linux:::::*
	cpe:2.3:a:hp:openview_network_node_manager:7.51:-:solaris:::::*
	cpe:2.3:a:hp:openview_network_node_manager:7.51:-:windows:::::*
	cpe:2.3:a:hp:openview_network_node_manager:7.53:-:hp-ux:::::*
	cpe:2.3:a:hp:openview_network_node_manager:7.53:-:linux:::::*
	cpe:2.3:a:hp:openview_network_node_manager:7.53:-:solaris:::::*
	cpe:2.3:a:hp:openview_network_node_manager:7.53:-:windows:::::*

History

No history.

Information

Published : 2009-12-10 22:30

Updated : 2023-12-10 10:51

NVD link : CVE-2009-3845

Mitre link : CVE-2009-3845

CVE.ORG link : CVE-2009-3845

JSON object : View

Products Affected

hp

openview_network_node_manager

CWE

NVD-CWE-Other

{"id": "CVE-2009-3845", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-12-10T22:30:00.407", "references": [{"url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877", "tags": ["Patch", "Vendor Advisory"], "source": "hp-security-alert@hp.com"}, {"url": "http://marc.info/?l=bugtraq&m=126046355120442&w=2", "source": "hp-security-alert@hp.com"}, {"url": "http://www.securityfocus.com/archive/1/508345/100/0/threaded", "source": "hp-security-alert@hp.com"}, {"url": "http://www.securityfocus.com/bid/37261", "source": "hp-security-alert@hp.com"}, {"url": "http://www.securityfocus.com/bid/37300", "source": "hp-security-alert@hp.com"}, {"url": "http://zerodayinitiative.com/advisories/ZDI-09-094/", "source": "hp-security-alert@hp.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54651", "source": "hp-security-alert@hp.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The port-3443 HTTP server in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostname parameter to unspecified Perl scripts."}, {"lang": "es", "value": "El servidor HTTP port-3443 en HP OpenView Network Node Manager (OV NNM) v7.01, v7.51, y v7.53 permite a atacantes remotos ejecutar comandos arbitrarios a trav\u00e9s de metacaracteres de shell en el par\u00e1metro \"hostname\" a secuencias de comandos Perl sin especificar."}], "lastModified": "2018-10-10T19:47:45.907", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hp:openview_network_node_manager:7.0.1:*:hp_ux:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A54C04BC-7EA3-412B-B509-414BBC942E92"}, {"criteria": "cpe:2.3:a:hp:openview_network_node_manager:7.0.1:*:linux:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8EFF07E8-239D-413D-90DB-E3153232D73C"}, {"criteria": "cpe:2.3:a:hp:openview_network_node_manager:7.0.1:*:solaris:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D506AC90-5383-4221-BBC8-7AF34D62C929"}, {"criteria": "cpe:2.3:a:hp:openview_network_node_manager:7.0.1:*:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16BAE549-664A-47D1-8355-EA63B1BCFD4A"}, {"criteria": "cpe:2.3:a:hp:openview_network_node_manager:7.51:-:hp-ux:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6692E05F-4864-449F-8A52-9001028D8C44"}, {"criteria": "cpe:2.3:a:hp:openview_network_node_manager:7.51:-:linux:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A40F2C6-AFF9-4D63-ACD0-A9D37160BA3D"}, {"criteria": "cpe:2.3:a:hp:openview_network_node_manager:7.51:-:solaris:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC1DA299-A180-4078-9172-67D116840D29"}, {"criteria": "cpe:2.3:a:hp:openview_network_node_manager:7.51:-:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FED610E9-7639-48FE-8B4F-B394A7EEC7C9"}, {"criteria": "cpe:2.3:a:hp:openview_network_node_manager:7.53:-:hp-ux:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1935DA4-A1AF-4867-BCB1-F5BB75360702"}, {"criteria": "cpe:2.3:a:hp:openview_network_node_manager:7.53:-:linux:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "769ED1A5-C3C5-404E-8040-655D69C2AA88"}, {"criteria": "cpe:2.3:a:hp:openview_network_node_manager:7.53:-:solaris:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "186EFE05-AC1C-48FF-91B7-0CCD49FEABCC"}, {"criteria": "cpe:2.3:a:hp:openview_network_node_manager:7.53:-:windows:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5CE1F56-FA80-416D-8F42-C1C291F0965C"}], "operator": "OR"}]}], "sourceIdentifier": "hp-security-alert@hp.com"}