Update Protection against HP OpenView Network Node Manager ovlaunch HTTP Request Buffer Overflow
| Check Point Reference: | CPAI-2009-053 | |
| Date Published: | ||
| Severity: | ||
| Source: | Secunia Advisory: SA33857 | |
| Industry Reference(s): | CVE-2008-4562 | |
| Protection Provided by: |
IPS-1
|
|
| Who is Vulnerable? HP Network Node Manager (NNM) 7.53 and prior | ||
| Vulnerability Description A vulnerability was reported in HP OpenView Network Node Manager software. HP OpenView Network Node Manager (NNM) is a software application designed for management, maintenance and monitoring of networks and network devices. HP OpenView Network Node Manager (NNM) supplies several CGI applications with which users can control and manage the NNM server using a web browser. One of these CGI applications, ovlogin.exe, is vulnerable to remote code execution due to improper validation of crafted HTTP request messages sent to the application. Remote attackers could exploit this vulnerability to inject and execute arbitrary code on the target server. |
||
|
Vulnerability Details The vulnerability is due to a boundary error while processing specially crafted HTTP requests sent to the server. Remote attackers can trigger the vulnerability by sending a crafted HTTP request to the CGI program ovlaunch.exe which contains overly long Host header value. |
Protection Overview
By enabling this protection, IPS-1 will detect and block HTTP requests with a Host: header value longer than a configurable threshold. The threshold is configurable through the 'Maximum length of the Host: value in an HTTP request's headers' variable. The default is 255 bytes.
To configure the defense, select your product from the list below and follow the related protection steps.