HP.OpenView.NNM.OVAS.Pre.Authentication.Buffer.Overflow
Description
This indicates an attempt to exploit a buffer overflow vulnerability in HP OpenView Network Node Manager.
The vulnerability is in OVAS.EXE, and is caused by a faulty user input check of the HTTP URL length. It can be triggered by an overly long HTTP GET request sent to port 7510/TCP. As a result, a remote attacker may be able to execute arbitrary code.
Affected Products
Openview 7.5.1 and prior.
Impact
System compromise: remote code execution.
Recommended Actions
Currently we are not aware of any vendor supplied patch for this issue.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2018-10-16 | 13.473 | Sig Added |