Vulnerability Description
Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable.
CVSS Score
10.0
HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hp | Power Manager | All versions |
Related Weaknesses (CWE)
References
- http://marc.info/?l=bugtraq&m=125744000032141&w=2
- http://secunia.com/advisories/37276Vendor Advisory
- http://securitytracker.com/id?1023140
- http://www.osvdb.org/59684
- http://www.securityfocus.com/archive/1/507708/100/0/threaded
- http://www.securityfocus.com/bid/36933
- http://www.vupen.com/english/advisories/2009/3154Vendor Advisory
- http://www.zerodayinitiative.com/advisories/ZDI-09-081/
- http://marc.info/?l=bugtraq&m=125744000032141&w=2
- http://secunia.com/advisories/37276Vendor Advisory
- http://securitytracker.com/id?1023140
- http://www.osvdb.org/59684
- http://www.securityfocus.com/archive/1/507708/100/0/threaded
- http://www.securityfocus.com/bid/36933
- http://www.vupen.com/english/advisories/2009/3154Vendor Advisory
FAQ
What is CVE-2009-2685?
CVE-2009-2685 is a vulnerability with a CVSS score of 10.0 (HIGH). Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable.
How severe is CVE-2009-2685?
CVE-2009-2685 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-2685?
Check the references section above for vendor advisories and patch information. Affected products include: Hp Power Manager.