{"vuid":"VU#205766","idnumber":"205766","name":"HP OpenView Select Access fails to properly decode UTF-8 encoded unicode characters in URLs","keywords":["Hewlett Packard","HP","OpenView Select Access","remote unauthorized access","UTF-8","URL"],"overview":"There is a vulnerability in the way HP OpenView Select Access decodes UTF-8 encoded unicode characters in URLs. This vulnerability could allow a remote user to gain access to resources the user would otherwise be unauthorized to access.","clean_desc":"HP OpenView Select Access is a software package that provides user identity management and allows secure access to network services and enterprise resources through a web interface. There is a vulnerability in the way OpenView Select Access decodes UTF-8 encoded unicode characters in URLs.","impact":"A remote user could gain access to resources the user would otherwise be unauthorized to access.","resolution":"Apply patch According to HP Security Bulletin HPSBMA01045 (login required), HP has made the following patches available: hp OpenView Select Access 5.0 Patch 4C \nhp OpenView Select Access 5.1 Patch 1Z\nhp OpenView Select Access 5.2 Patch G\nhp OpenView Select Access 6.0 Patch A These patches can be obtained from: http://support.openview.hp.com/cpe/select_access/patch_sa.jsp","workarounds":"","sysaffected":"","thanks":"This vulnerability was reported by the Hewlett-Packard Company and the HP Software Security Response Team","author":"This document was written by Damon Morda.","public":["http://www.openview.hp.com/products/select/","http://www.ietf.org/rfc/rfc2279.txt","http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBMA01045","http://secunia.com/advisories/11722/"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-05-26T15:24:39Z","publicdate":"2004-05-24T00:00:00Z","datefirstpublished":"2004-05-26T16:36:55Z","dateupdated":"2004-06-16T17:13:18Z","revision":22,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"7","cam_impact":"8","cam_easeofexploitation":"10","cam_attackeraccessrequired":"13","cam_scorecurrent":"2.73","cam_scorecurrentwidelyknown":"3.4125","cam_scorecurrentwidelyknownexploited":"6.1425","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":2.73,"vulnote":null}