CVE-2009-3845

The port-3443 HTTP server in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostname parameter to unspecified Perl scripts.

Published: Dec 10, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-3845
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 10
AV:N/AC:L/Au:N/C:C/I:C/A:C

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
hp / openview_network_node_manager	7.53	7.53.x
hp / openview_network_node_manager	7.0.1	7.0.1.x
hp / openview_network_node_manager	7.51	7.51.x

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01950877
http://marc.info/?l=bugtraq&m=126046355120442&w=2
http://www.securityfocus.com/archive/1/508345/100/0/threaded
http://www.securityfocus.com/bid/37261
http://www.securityfocus.com/bid/37300
http://zerodayinitiative.com/advisories/ZDI-09-094/
https://exchange.xforce.ibmcloud.com/vulnerabilities/54651

Vulnerability Database

289,782

CVE-2009-3845