HP OpenView connectedNodes.ovpl Command Execution
Gravité: : Élevé
Identifiant(s) CVE: : CVE-2005-2773
Date du conseil: 21 juillet 2015
Description
HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node parameter to connectedNodes.ovpl, (2) cdpView.ovpl, (3) freeIPaddrs.ovpl, and (4) ecscmg.ovpl.
Information Exposure Rating:
Apply associated Trend Micro DPI Rules.
Solutions
Trend Micro Deep Security DPI Rule Number: 1000143
Trend Micro Deep Security DPI Rule Name: 1000143 - HP OpenView connectedNodes.ovpl Command Execution
Affected software and version:
- HP OpenView Network Node Manager 6.10
- HP OpenView Network Node Manager 6.2
- HP OpenView Network Node Manager 6.2 NT 4.X/Windows 2000
- HP OpenView Network Node Manager 6.2 Solaris
- HP OpenView Network Node Manager 6.31
- HP OpenView Network Node Manager 6.31 NT 4.X/Windows 2000
- HP OpenView Network Node Manager 6.4
- HP OpenView Network Node Manager 6.4 NT 4.X/Windows 2000
- HP OpenView Network Node Manager 6.4 Solaris
- HP OpenView Network Node Manager 6.41
- HP OpenView Network Node Manager 6.41 Solaris
- HP OpenView Network Node Manager 7.0 1 Windows 2000/XP
- HP OpenView Network Node Manager 7.50
- HP OpenView Network Node Manager 7.50 Solaris
- HP OpenView Network Node Manager 7.50 Windows 2000/XP