The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Hewlett-Packard OpenView

vulnerability bulletin CVE-2012-5214

HP ServiceCenter: denial of service

Synthesis of the vulnerability

A remote attacker can trigger a denial of service in HP ServiceCenter.
Impacted products: OpenView.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: intranet client.
Creation date: 07/03/2013.
Identifiers: c03680085, CERTA-2013-AVI-174, CVE-2012-5214, HPSBMU02849, SSRT101124, VIGILANCE-VUL-12493.

Description of the vulnerability

A remote attacker can trigger a denial of service in HP ServiceCenter.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2012-3255 CVE-2012-3256 CVE-2012-3257

HP Business Availability Center: three vulnerabilities

Synthesis of the vulnerability

An attacker can use three vulnerabilities of the web interface of HP Business Availability Center.
Impacted products: HPE BAC, OpenView.
Severity: 2/4.
Consequences: client access/rights.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 07/09/2012.
Identifiers: BID-55444, c03475750, CERTA-2012-AVI-488, CVE-2012-3255, CVE-2012-3256, CVE-2012-3257, HPSBMU02811, SSRT100937, VIGILANCE-VUL-11921.

Description of the vulnerability

An attacker can use three vulnerabilities of the web interface of HP Business Availability Center.

An attacker can generate a Cross Site Scripting, in order to generate JavaScript code in the context of the web site. [severity:2/4; CVE-2012-3255]

An attacker can generate a Cross Site Request Forgery, in order to operate user actions on the web site. [severity:2/4; CVE-2012-3256]

An attacker can steal the web session of a user, in order to operate actions under his account. [severity:2/4; CVE-2012-3257]
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2012-3258

HP Operations Orchestration: code execution via RSScheduler

Synthesis of the vulnerability

An unauthenticated attacker can inject commands in the JDBC component of the RSScheduler service of HP Operations Orchestration, in order to execute code with system privileges.
Impacted products: OpenView, OpenView Operations, HP Operations.
Severity: 3/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: intranet client.
Creation date: 29/08/2012.
Identifiers: BID-55270, BID-55594, c03490339, CVE-2012-3258, HPSBMU02813, SSRT100712, VIGILANCE-VUL-11902, ZDI-12-172.

Description of the vulnerability

The JDBC component of the RSScheduler service of HP Operations Orchestration listens by default on port 9001/tcp.

However, an attacker can inject SQL data via JDBC. These data are then executed with privileges of the SYSTEM user.

An unauthenticated attacker can therefore inject commands in the JDBC component of the RSScheduler service of HP Operations Orchestration, in order to execute code with system privileges.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2012-2019 CVE-2012-2020

HP Operations Agent, Performance Agent: code execution

Synthesis of the vulnerability

A remote attacker can use two vulnerabilities of HP Operations Agent and HP Performance Agent, in order to execute code.
Impacted products: OpenView, OpenView Operations, HP Operations, Performance Center.
Severity: 3/4.
Consequences: privileged access/rights.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 10/07/2012.
Revisions dates: 13/07/2012, 23/07/2012.
Identifiers: BID-54362, c03397769, CERTA-2012-AVI-374, CVE-2012-2019, CVE-2012-2020, HPSBMU02796, SSRT100594, SSRT100595, VIGILANCE-VUL-11749, ZDI-12-114, ZDI-12-115, ZDI-CAN-1325, ZDI-CAN-1326.

Description of the vulnerability

Two vulnerabilities were announced in HP Operations Agent and HP Performance Agent.

An unauthenticated attacker can use a GET query with a parameter with a large integer value for Opcode 0x34, in order to generate a buffer overflow in coda.exe. [severity:3/4; CVE-2012-2019, SSRT100594, ZDI-12-114, ZDI-CAN-1325]

An unauthenticated attacker can use a GET query with a parameter with a large integer value for Opcode 0x8C, in order to generate a buffer overflow in coda.exe. [severity:3/4; CVE-2012-2020, SSRT100595, ZDI-12-115, ZDI-CAN-1326]

A remote attacker can therefore use two vulnerabilities of HP Operations/Performance Agent, in order to execute code.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2012-0121 CVE-2012-0122 CVE-2012-0123

HP Data Protector Express: four vulnerabilities

Synthesis of the vulnerability

Four vulnerabilities of HP Data Protector Express can be used by an attacker, in order to create a denial of service or to execute code.
Impacted products: HP Data Protector, OpenView, OpenView Storage Data Protector.
Severity: 3/4.
Consequences: user access/rights, denial of service on service.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 4.
Creation date: 13/03/2012.
Revisions dates: 22/06/2012, 02/07/2012.
Identifiers: BID-52431, c03229235, CERTA-2012-AVI-146, CVE-2012-0121, CVE-2012-0122, CVE-2012-0123, CVE-2012-0124, HPSBMU02746, SSRT100781, TPTI-12-06, VIGILANCE-VUL-11430, ZDI-12-096, ZDI-12-097, ZDI-CAN-1392, ZDI-CAN-1393, ZDI-CAN-1498.

Description of the vulnerability

Four vulnerabilities were announced in HP Data Protector Express.

An attacker can send a message with the opcode 0x320, which generates a buffer overflow in dpwinsdr.exe, in order to create a denial of service or to execute code. [severity:3/4; CVE-2012-0121, ZDI-12-097, ZDI-CAN-1392]

An attacker can send a message with the opcode 0x330, which generates a buffer overflow in dpwinsdr.exe, in order to create a denial of service or to execute code. [severity:3/4; CVE-2012-0122, ZDI-12-096, ZDI-CAN-1393]

An attacker can use a malicious DtbClsAddObject query, in order to generate a buffer overflow in dpwintdb.exe, which can be used to create a denial of service or to execute code. [severity:3/4; CVE-2012-0123, TPTI-12-06, ZDI-CAN-1498]

An attacker can use a long directory name, in order to generate a buffer overflow in dpwindtb.dll/dpwintdb.exe, which can be used to create a denial of service or to execute code. [severity:3/4; CVE-2012-0124]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability bulletin CVE-2011-3165 CVE-2011-3166 CVE-2011-3167

OpenView NNM: code execution

Synthesis of the vulnerability

Three vulnerabilities of HP OpenView Network Node Manager can be used by a remote attacker to execute code.
Impacted products: OpenView, OpenView NNM.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 02/11/2011.
Revision date: 06/01/2012.
Identifiers: BID-50471, BID-51049, c03054052, CERTA-2011-AVI-611, CVE-2011-3165, CVE-2011-3166, CVE-2011-3167, HPSBMU02712, SSRT100649, VIGILANCE-VUL-11118, ZDI-11-348, ZDI-12-002, ZDI-12-003, ZDI-CAN-1208, ZDI-CAN-1209, ZDI-CAN-1210.

Description of the vulnerability

Three vulnerabilities were announced in HP OpenView Network Node Manager.

An attacker can use a large nameParams parameter for the CGI nnmRptConfig.exe program, in order to execute code. [severity:3/4; BID-51049, CERTA-2011-AVI-611, CVE-2011-3165, ZDI-11-348, ZDI-CAN-1208]

An attacker can create an overflow in the webappmon.exe CGI program, which leads to code execution. [severity:3/4; CVE-2011-3166, ZDI-12-003, ZDI-CAN-1209]

An attacker can use a long textFile option for ov.dll, in order to create an overflow in _OVBuildPath, which leads to code execution. [severity:3/4; CVE-2011-3167, ZDI-12-002, ZDI-CAN-1210]

These vulnerabilities can be used by a remote attacker to execute code.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2011-4160

HP Operations Agent, Performance Agent: access to a directory

Synthesis of the vulnerability

A local attacker can use a vulnerability of HP Operations Agent and Performance Agent on Unix, in order to access to a directory.
Impacted products: OpenView, OpenView Operations, HP Operations, Performance Center.
Severity: 2/4.
Consequences: data reading, data creation/edition, data deletion.
Provenance: user shell.
Creation date: 22/11/2011.
Identifiers: BID-50761, c03091656, CVE-2011-4160, HPSBMU02726, SSRT100685, VIGILANCE-VUL-11173.

Description of the vulnerability

The HP Operations Agent and Performance Agent products can be installed on Unix.

A local attacker can use a vulnerability of HP Operations Agent and Performance Agent on Unix, in order to access to a directory.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2011-3348

Apache httpd: denial of service via mod_proxy_ajp

Synthesis of the vulnerability

When mod_proxy_ajp is used with mod_proxy_balancer, an attacker can use an unknown HTTP method, in order to create a denial of service.
Impacted products: Apache httpd, OpenView, OpenView NNM, HP-UX, Junos Space, Junos Space Network Management Platform, Mandriva Linux, OpenSolaris, RHEL, Slackware.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 14/09/2011.
Identifiers: BID-49616, c03011498, c03025215, CERTA-2011-AVI-516, CVE-2011-3348, HPSBMU02704, HPSBUX02707, MDVSA-2011:168, PSN-2013-02-846, RHSA-2011:1391-01, RHSA-2012:0542-01, RHSA-2012:0543-01, SSA:2011-284-01, SSRT100619, SSRT100626, VIGILANCE-VUL-10991.

Description of the vulnerability

The mod_proxy module provides a generic proxy service for Apache httpd. The mod_proxy_ajp module adds the AJP13 (Apache JServe Protocol version 1.3) support, which is used with Tomcat. The mod_proxy_balancer module is used to balance the load between several proxies.

The HTTP protocol defines a list of methods (GET, POST, etc.) which are used in queries.

The ap_proxy_ajp_request() function of the modules/proxy/mod_proxy_ajp.c file does not ignore unknown HTTP methods. However, when mod_proxy_balancer is also used, the associated proxy enters in an error state. Using several queries, an attacker can thus stop all balanced proxies.

When mod_proxy_ajp is used with mod_proxy_balancer, an attacker can therefore use an unknown HTTP method, in order to create a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2011-3192

Apache httpd: denial of service via Range or Request-Range

Synthesis of the vulnerability

An attacker can use several parallel queries using Range or Request-Range, in order to progressively use the available memory.
Impacted products: Apache httpd, CheckPoint Endpoint Security, IPSO, CheckPoint Security Gateway, CiscoWorks, Nexus by Cisco, NX-OS, Debian, BIG-IP Hardware, TMOS, Fedora, OpenView, OpenView NNM, HP-UX, Junos Space, Junos Space Network Management Platform, Mandriva Linux, ePO, OpenSolaris, openSUSE, Oracle AS, Oracle Fusion Middleware, Solaris, RHEL, Slackware, SLES.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: internet client.
Creation date: 24/08/2011.
Revisions dates: 24/08/2011, 26/08/2011, 14/09/2011.
Identifiers: BID-49303, c02997184, c03011498, c03025215, CERTA-2011-AVI-493, cisco-sa-20110830-apache, CVE-2011-3192, DSA-2298-1, DSA-2298-2, FEDORA-2011-12715, HPSBMU02704, HPSBUX02702, HPSBUX02707, KB73310, MDVSA-2011:130, MDVSA-2011:130-1, openSUSE-SU-2011, openSUSE-SU-2011:0993-1, PSN-2013-02-846, RHSA-2011:1245-01, RHSA-2011:1294-01, RHSA-2011:1300-01, RHSA-2011:1329-01, RHSA-2011:1330-01, RHSA-2011:1369-01, sk65222, SSA:2011-252-01, SSRT100606, SSRT100619, SSRT100626, SUSE-SU-2011:1000-1, SUSE-SU-2011:1007-1, SUSE-SU-2011:1010-1, SUSE-SU-2011:1215-1, SUSE-SU-2011:1216-1, VIGILANCE-VUL-10944, VU#405811.

Description of the vulnerability

The Range header defined in the HTTP protocol indicates a byte range that server should return. For example, to obtain byte between 10 to 30 and 50 to 60:
  Range: bytes=10-30,50-60
The Request-Range header is the obsolete name of Range.

Apache processes the following objects:
 - bucket: an abstract storage area (memory, file, etc.).
 - brigade: a chained list of buckets

When Apache httpd receives a query containing the Range header, it stores each range in a brigade. However, if the range list is large, this brigade consumes a lot of memory.

An attacker can therefore use several parallel queries using Range or Request-Range, in order to progressively use the available memory.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2011-2406 CVE-2011-2407 CVE-2011-2410

HP OpenView Performance Insight: code execution

Synthesis of the vulnerability

An attacker can use three vulnerabilities of the HP OpenView Performance Insight product, in order to execute code.
Impacted products: OpenView.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 3.
Creation date: 09/08/2011.
Revision date: 16/08/2011.
Identifiers: BID-49096, BID-49184, c02942411, CVE-2011-2406, CVE-2011-2407, CVE-2011-2410, HPSBMU02695, SSRT100480, VIGILANCE-VUL-10894.

Description of the vulnerability

The HP OpenView Performance Insight (OVPI) product installs the Java piweb.jar archive, which manages HTTP queries. However, three vulnerabilities impact this Java application.

A remote attacker can execute code. [severity:3/4; CVE-2011-2406]

A remote attacker can inject code in HTML data, in order to execute code. [severity:2/4; CVE-2011-2407]

An attacker can create a Cross Site Scripting. [severity:2/4; BID-49184, CVE-2011-2410]

An attacker can therefore use three vulnerabilities of the HP OpenView Performance Insight product, in order to execute code.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.