HP Network Node Manager i multiple security vulnerabilities

[EN] securityvulns.ru
no-pyccku

HP Network Node Manager i multiple security vulnerabilities
updated since 21.11.2011
Published: 27.11.2011
Source: BUGTRAQ
SecurityVulns ID: 12052
Type: remote
Level: 6/10
Description: Crossite scripting, unauthorized access, information disclosure.

Affected: HP : Network Node Manager i 9.0
HP : Network Node Manager i 9.1
CVE: CVE-2011-4156 (Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0x and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4155.)
CVE-2011-4155 (Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0x and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4156.)
CVE-2011-1534 (Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x allows remote authenticated users to obtain access to processes via unknown vectors.)
CVE-2010-0738 (The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.)

Original document 0a29 40, 0A29-11-1 : Cross-Site Scripting vulnerabilities in HP Network Node Manager i 9.10 (27.11.2011)

HP, [security bulletin] HPSBMU02714 SSRT100244 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Disclosure of Information (21.11.2011)

document HP, [security bulletin] HPSBMA02659 SSRT100440 rev.2 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Unauthorized Access (21.11.2011)

HP, [security bulletin] HPSBMU02708 SSRT100633 rev.1 - HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows, Remote Cross Site Scripting (XSS) (21.11.2011)

Discuss: Read or add your comments to this news (0 comments)