Description
The port-3443 HTTP server in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostname parameter to unspecified Perl scripts.
References (7)
Core 7
Core References
Third Party Advisory x_refsource_misc
http://zerodayinitiative.com/advisories/ZDI-09-094/
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/508345/100/0/threaded
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/37261
Mailing List vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=126046355120442&w=2
Patch, Vendor Advisory vendor-advisory
x_refsource_hp
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/54651
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/37300
Scores
EPSS
0.1697
EPSS Percentile
95.1%
Details
Status
published
Products (3)
hp/openview_network_node_manager
7.0.1 (4 CPE variants)
hp/openview_network_node_manager
7.51 (4 CPE variants)
hp/openview_network_node_manager
7.53 (4 CPE variants)
Published
Dec 10, 2009
Tracked Since
Feb 18, 2026