Vigil@nce: OpenNMS, several vulnerabilities
October 2008 by Vigil@nce
Several vulnerabilities of OpenNMS can be used by an attacker for
HTTP Response Splitting or Cross Site Scripting.
– Gravity: 2/4
– Consequences: client access/rights, data creation/edition
– Provenance: intranet client
– Means of attack: 2 attacks
– Ability of attacker: beginner (1/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Number of vulnerabilities in this bulletin: 2
– Creation date: 07/10/2008
IMPACTED PRODUCTS
– Unix - plateform
DESCRIPTION
The OpenNMS product is used to manage computers (availability,
information, events). It has several vulnerabilities.
An attacker can insert line feeds in HTTP headers in order to
alter the rendering or the behavior of the web site. [grav:2/4]
An attacker can create a Cross Site Scripting in 16 web pages.
[grav:2/4]
An attacker can for example obtain administrative rights on the
web server.
CHARACTERISTICS
– Identifiers: VIGILANCE-VUL-8151
– Url: http://vigilance.aql.fr/vulnerability/8151