---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: HP OpenView Operations Apache Chunked Encoding Vulnerability SECUNIA ADVISORY ID: SA21917 VERIFY ADVISORY: http://secunia.com/advisories/21917/ CRITICAL: Moderately critical IMPACT: DoS, System access WHERE: >From local network SOFTWARE: HP OpenView Operations for Windows 7.x http://secunia.com/product/11952/ HP OpenView Operations 7.x http://secunia.com/product/2099/ HP OpenView Operations 8.x http://secunia.com/product/4199/ DESCRIPTION: HP has acknowledged a vulnerability in HP OpenView Operations and HP OpenView Operations for Windows, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a vulnerable system. The vulnerability is caused due to an error in the included Apache web server in the handling of malformed requests encoded using chunked encoding. This can be exploited to crash the child process by sending a specially crafted request. Successful exploitation causes resource consumption when the lost child process is being replaced, or may allow execution of arbitrary code. The vulnerability has been reported in the following products: * HP OpenView Operations 7.1, 8.0, and 8.1. * HP OpenView Operations for Windows a.07.21, a.07.20, a.07.10, and a.07.00. SOLUTION: Apply patches (see vendor advisory). ORIGINAL ADVISORY: HPSBMA02149 SSRT050968: http://itrc.hp.com/service/cki/docDisplay.do?docId=c00767033 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------