---------------------------------------------------------------------- Do you need accurate and reliable IDS / IPS / AV detection rules? Get in-depth vulnerability details: http://secunia.com/binary_analysis/sample_analysis/ ---------------------------------------------------------------------- TITLE: HP OpenView Network Node Manager Cross-Site Scripting Vulnerabilities SECUNIA ADVISORY ID: SA32800 VERIFY ADVISORY: http://secunia.com/advisories/32800/ CRITICAL: Less critical IMPACT: Cross Site Scripting WHERE: >From remote SOFTWARE: HP OpenView Network Node Manager (NNM) 7.x http://secunia.com/advisories/product/3608/ DESCRIPTION: HP has acknowledged some vulnerabilities in OpenView Network Node Manager, which can be exploited by malicious people to conduct cross-site scripting attacks. For more information: SA28073 The vulnerabilities are reported in versions 7.01, 7.51, and 7.53 running on HP-UX, Linux, and Solaris. SOLUTION: Apply patches. -- OpenView Network Node Manager 7.01 -- HP-UX B.11.00 and B.11.11: Apply PHSS_38761 or subsequent. Solaris: Apply PSOV_03516 or subsequent. -- OpenView Network Node Manager 7.51 -- Update to version 7.53 and apply patches. -- OpenView Network Node Manager 7.53 -- HP-UX B.11.11 and B.11.23 (PA): Apply PHSS_38147 or subsequent. HP-UX B.11.31 and HP-UX B.11.23 (IA): Apply PHSS_38148 or subsequent. Linux RedHatAS2.1: Apply LXOV_00085 or subsequent. Linux RedHat4AS-x86_64: Apply LXOV_00086 or subsequent. Solaris: Apply PSOV_03514 or subsequent. ORIGINAL ADVISORY: HPSBMA02388 SSRT080059: http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01607570 OTHER REFERENCES: SA28073: http://secunia.com/advisories/28073/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------