Summary
| Detail | |||
|---|---|---|---|
| Vendor | Hp | First view | 2011-04-06 |
| Product | Network Node Manager I | Last view | 2014-04-19 |
| Version | 9.03 | Type | Application |
| Update | * | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:a:hp:network_node_manager_i | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 10 | 2014-04-19 | CVE-2013-6218 | Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, 9.1x, and 9.2x allows remote attackers to execute arbitrary code via unknown vectors. |
| 5 | 2013-07-29 | CVE-2011-1483 | wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise Application Platform 4.2.0.CP09, 4.3, and 5.1.1; JBoss Enterprise Portal Platform 4.3.CP06 and 5.1.1; JBoss Enterprise SOA Platform 4.2.CP05, 4.3.CP05, and 5.1.0; JBoss Communications Platform 1.2.11 and 5.1.1; JBoss Enterprise BRMS Platform 5.1.0; and JBoss Enterprise Web Platform 5.1.1 does not properly handle recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted request containing an XML document with a DOCTYPE declaration and a large number of nested entity references, a similar issue to CVE-2003-1564. |
| 4.3 | 2013-02-06 | CVE-2012-3279 | Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i (NNMi) 8.x, 9.0x, 9.1x, and 9.20 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 4.3 | 2012-08-07 | CVE-2012-2022 | Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node Manager i (NNMi) 8.x, 9.0x, 9.1x, and 9.20 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 4.3 | 2012-07-05 | CVE-2012-2018 | Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 8.x, 9.0x, and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| 4.3 | 2011-11-16 | CVE-2011-4156 | Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0x and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4155. |
| 4.3 | 2011-11-16 | CVE-2011-4155 | Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0x and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-4156. |
| 4.3 | 2011-05-13 | CVE-2011-1855 | Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x allows local users to read or modify (1) log files or (2) other data via unknown vectors. |
| 6.5 | 2011-04-22 | CVE-2011-1534 | Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x allows remote authenticated users to obtain access to processes via unknown vectors. |
| 4 | 2011-04-06 | CVE-2011-0895 | Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x and 8.1x allows remote authenticated users to obtain sensitive information via unknown vectors. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 100% (5) | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') |
Open Source Vulnerability Database (OSVDB)
| id | Description |
|---|---|
| 76963 | HP Network Node Manager i Unspecified XSS (2011-4156) |
| 76962 | HP Network Node Manager i Unspecified XSS (2011-4155) |
| 75613 | JBoss Multiple Product Web Services Native DTD Parsing Remote DoS |
| 73162 | HP Network Node Manager i (NNMi) Unspecified Local Log File Access |
| 71967 | HP Network Node Manager i (NNMi) Unspecified Remote Access Restriction Bypass |
| 71585 | HP Network Node Manager i (NNMi) Unspecified Remote Information Disclosure |
Information Assurance Vulnerability Management (IAVM)
| id | Description |
|---|---|
| 2012-B-0074 | Multiple Cross-Site Scripting Vulnerabilities in HP Network Node Manager i (N... Severity: Category I - VMSKEY: V0033555 |
| 2011-B-0119 | Multiple Red Hat JBoss Products Remote Denial of Service Vulnerability Severity: Category II - VMSKEY: V0030272 |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | HP Network Node Manager cross site scripting attempt RuleID : 20845 - Type : SERVER-WEBAPP - Revision : 9 |
Nessus® Vulnerability Scanner
| id | Description |
|---|---|
| 2014-12-08 | Name: The remote web server hosts an application that is affected by a cross- site ... File: hp_nnmi_HPSBMU02798-rhel.nasl - Type: ACT_GATHER_INFO |
| 2013-09-26 | Name: The remote web server hosts an application that is affected by a cross- site ... File: hp_nnmi_HPSB3C02687.nasl - Type: ACT_GATHER_INFO |
| 2013-01-24 | Name: The remote Red Hat host is missing a security update. File: redhat-RHSA-2011-1301.nasl - Type: ACT_GATHER_INFO |
| 2013-01-24 | Name: The remote Red Hat host is missing a security update. File: redhat-RHSA-2011-1306.nasl - Type: ACT_GATHER_INFO |
| 2013-01-24 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2011-1309.nasl - Type: ACT_GATHER_INFO |
| 2012-03-06 | Name: The remote HP-UX host is missing a security-related patch. File: hpux_PHSS_41983.nasl - Type: ACT_GATHER_INFO |
| 2012-03-06 | Name: The remote HP-UX host is missing a security-related patch. File: hpux_PHSS_42328.nasl - Type: ACT_GATHER_INFO |
