PROBLEM:
HP Network Node Manager Java JDK / JRE Multiple Vulnerabilities
PLATFORM:
The vulnerabilities are reported in version 9.0x running on HP-UX, Linux, Solaris, and Windows.
ABSTRACT:
Vulnerabilities could be remotely exploited resulting in unauthorized information disclosure, modification, Denial of Service (DoS).
reference LINKS:
HP Support document ID: c03405642
Secunia Advisory SA49966
IMPACT ASSESSMENT:
High
Discussion:
HP has acknowledged some vulnerabilities in HP Network Node Manager, which can be exploited by malicious, local users to disclose potentially sensitive information and by malicious people to disclose potentially sensitive information, manipulate certain data, hijack a user's session, conduct DNS cache poisoning attacks, bypass certain security restrictions, cause a DoS (Denial of Service), and compromise a vulnerable system.
Impact:
The vulnerabilities could be remotely exploited resulting in unauthorized information disclosure, modification, Denial of Service (DoS).
Solution:
See Resolution on HP Support document c03405642 for HP hotfixes.
HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. For more information see: https://www.hp.com/go/swa.