Information Security all in one place!

HP Network Node Manager: Remote Unauthorized Disclosure of Information

NOTICE: The information in this Security Bulletin should be acted upon as soon as possible.
Potential Security Impact: Remote unauthorized disclosure of information

Source: Hewlett-Packard Company, HP Software Security Response Team

A potential security vulnerability has been identified with HP Network Node Manager i (NNMi) for HP-UX, Linux, Solaris, and Windows. The vulnerability could be remotely exploited resulting in unauthorized disclosure of information.

References: CVE-2007-1858

SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP Network Node Manager i (NNMi) v8.x, v9.0x, v9.1x for HP-UX, Linux, Solaris, and Windows

English: This is white-on-black HP jewel logo,...


HP has made the following procedure available to resolve the vulnerability.

Backup the appropriate file to another directory.

$NnmInstallDir\nonOV\jboss\nms\server\nms\deploy\jboss-web.deployer\server.xml [Windows]

$NnmInstallDir/nonOV/jboss/nms/server/nms/deploy/jboss-web.deployer/server.xml [HP-UX, Linux, Solaris]

Edit the original server.xml file.

Add the following to the end of the SSL Connector entry. The entry must be one continuous string with no line breaks.


For example, in NNMi v9.10 the entry would be:

<Connector port=”${jboss.https.port}” … ciphers=…/>

Save and verify

Save the file.

Stop and restart NNMi.

Bring up the UI to verify that NNMi is still functioning correctly.


Edit the server.xml file as described above.


HP-UX Software Assistant: HP-UX Software Assistant is an enhanced application that replaces HP-UX Security Patch Check. It analyzes all Security Bulletins issued by HP and lists recommended actions that may apply to a specific HP-UX system. It can also download patches and create a depot automatically. For more information see:

The following text is for use by the HP-UX Software Assistant.


HP-UX B.11.31
HP-UX B.11.23 (IA)
action: edit the server.xml file as described in the Resolution

Let's hear what you have to say.

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s