You are here

U-214: HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities

July 17, 2012 - 7:00am

Addthis

PROBLEM:

HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities

PLATFORM:

The vulnerabilities are reported in version 9.0x running on HP-UX, Linux, Solaris, and Windows.

ABSTRACT:

Vulnerabilities could be remotely exploited resulting in unauthorized information disclosure, modification, Denial of Service (DoS).

reference LINKS:

HP Support document ID: c03405642
Secunia Advisory SA49966

IMPACT ASSESSMENT:

High

Discussion:

HP has acknowledged some vulnerabilities in HP Network Node Manager, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to disclose potentially sensitive information, manipulate certain data, hijack a user's session, conduct DNS cache poisoning attacks, bypass certain security restrictions, cause a DoS (Denial of Service), and compromise a vulnerable system.

Impact:

The vulnerabilities could be remotely exploited resulting in unauthorized information disclosure, modification, Denial of Service (DoS).

Solution:

See Resolution on HP Support document c03405642 for HP hotfixes.

HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. For more information see: https://www.hp.com/go/swa.

 

Addthis