HP-UX PHSS_36385 : HP OpenView Network Node Manager (OV NNM) Running Apache, Remote Cross Site Scripting (XSS), Denial of Service (DoS), Execute Arbitrary Code (HPSBMA02328 SSRT071293 rev.2)

This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.


Synopsis :

The remote HP-UX host is missing a security-related patch.

Description :

s700_800 11.X PA-RISC OV NNM7.51 Intermediate Patch 16 :

Potential vulnerabilities have been identified with HP OpenView
Network Node Manager (OV NNM) running Apache. These vulnerabilities
could be exploited remotely resulting in cross site scripting (XSS),
Denial of Service (DoS), or execution of arbitrary code.

See also :

http://www.nessus.org/u?69af359a

Solution :

Install patch PHSS_36385 or subsequent.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.3
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: HP-UX Local Security Checks

Nessus Plugin ID: 26154 (hpux_PHSS_36385.nasl)

Bugtraq ID: 15834
16152
19204

CVE ID: CVE-2005-3352
CVE-2005-3357
CVE-2006-3747