Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

HP OpenView Network Node Manager Vulnerabilities

(HP Security Bulletin)

Several vulnerabilities have been identified in HP OpenView Network Node Manager (OV NNM). A remote attacker can exploit these vulnerabilities to execute malicious code or cause a system crash of an affected system.

HP Network Node Manager is an integrated solution that delivers network lifecycle management. These vulnerabilities are due to insufficient boundary checking when handling HTTP headers. An attacker can exploit this issue by crafting an HTTP request and sending it to the target host.

Check Point provides pre-emptive and immediate protection against exploits that use these vulnerabilities through its integrated IPS offerings. Check Point SmartDefense and Check Point IPS Software Blade detect and block malformed HTTP requests attempting to exploit these vulnerabilities.

Pre-emptive Protections (five since July 2004)

CVE-2009-4180 (CPAI-2009-310), CVE-2009-4177 (CPAI-2009-311), CVE-2009-4181 (CPAI-2010-004), CVE-2009-3849 (CPAI-2010-006) and CVE-2009-3848 (CPAI-2010-005).

Immediate Protections

CVE-2009-4176 (CPAI-2009-333), CVE-2009-4178 (CPAI-2009-332), CVE-2009-4179 (CPAI-2009-314), CVE-2009-3843 (CPAI-2009-312) and CVE-2009-3846 (CPAI-2009-313).