header-logo
Suggest Exploit
vendor:
Openview Node Manager
by:
SecurityFocus
7.5
CVSS
HIGH
Buffer Overflow
120
CWE
Product Name: Openview Node Manager
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

HP Openview Node Manager Buffer Overflow Vulnerability

The OverView5 CGI interface by default is shipped with HP Openview Node Manager. HP Openview Node Manager can be compromised due to an unchecked buffer. By sending a specially crafted GET request comprised of 136 bytes to the web services (default port 80) through the Overview5 CGI interface, the SNMP service will crash. Successful exploitation, depending on the data entered, will allow the execution of arbitrary code.

Mitigation:

Ensure that the Overview5 CGI interface is not accessible from the internet and that the SNMP service is not running on the default port.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/1713/info

The OverView5 CGI interface by default is shipped with HP Openview Node Manager.

HP Openview Node Manager can be compromised due to an unchecked buffer. By sending a specially crafted GET request comprised of 136 bytes to the web services (default port 80) through the Overview5 CGI interface, the SNMP service will crash.

Successful exploitation, depending on the data entered, will allow the execution of arbitrary code.

http://target/OvCgi/OpenView5.exe?Context=Snmp&Action=Snmp&Host=&Oid=<string of characters consisting of 136 bytes>

Navigation

Suggest Exploit

Services By CQR