Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-4179

CWE-119Buffer Overflow6 documents5 sources
Severity
10.0CRITICAL
EPSS
77.5%
top 1.01%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
HP Openview Network Node Manager
Timeline
PublishedDec 10
Latest updateMay 2

Description

Stack-based buffer overflow in ovalarm.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Accept-Language header in an OVABverbose action.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDhp/openview_network_node_manager7.0.1, 7.51, 7.53+2

Patches

Patch: h20000.www2.hp.comPatch: www.securityfocus.comPatch: h20000.www2.hp.com

🔴Vulnerability Details

2
GHSA
GHSA-jx3c-974v-96w4: Stack-based buffer overflow in ovalarm2022-05-02
CVEList
CVE-2009-4179: Stack-based buffer overflow in ovalarm2009-12-10

💥Exploits & PoCs

2
Exploit-DB
HP OpenView Network Node Manager (OV NNM) - 'ovalarm.exe' CGI Buffer Overflow (Metasploit)2010-11-11
Exploit-DB
HP OpenView Network Node Manager (OV NNM) 7.53 - 'ovalarm.exe' CGI Remote Buffer Overflow2009-12-12

🔍Detection Rules

1
Suricata
ET WEB_SERVER Possible HP OpenView Network Node Manager ovalarm.exe CGI Buffer Overflow Attempt2010-07-30
CVE-2009-4179 (CRITICAL CVSS 10) | Stack-based buffer overflow in oval | cvebase.io