CVE-2008-4560

Name of the Vulnerable Software and Affected Versions HP OpenView Network Node Manager (OV NNM) versions 7.01, 7.51, and 7.53

Description The issue allows remote attackers to obtain sensitive information. This can be achieved through a crafted request to the nnmRptConfig.exe CGI program, which reveals the pathname of log directories, or through a crafted parameter in a request to the ovlaunch.exe CGI program, which reveals configuration details.

Recommendations For HP OpenView Network Node Manager (OV NNM) version 7.01, consider restricting access to the nnmRptConfig.exe and ovlaunch.exe CGI programs until a fix is available. For HP OpenView Network Node Manager (OV NNM) version 7.51, consider restricting access to the nnmRptConfig.exe and ovlaunch.exe CGI programs until a fix is available. For HP OpenView Network Node Manager (OV NNM) version 7.53, consider restricting access to the nnmRptConfig.exe and ovlaunch.exe CGI programs until a fix is available.