PT-2009-6068 · Microsoft+2 · Windows+2
Stephen Fewer
·
Publicado
2009-11-24
·
Atualizado
2017-08-17
·
CVE-2009-3843
CVSS v2.0
10
Alta
| Vetor | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
HP Operations Manager version 8.10 on Windows
Description
The issue allows remote attackers to conduct unrestricted file upload attacks and execute arbitrary code by utilizing the
org.apache.catalina.manager.HTMLManagerServlet class to make requests to "manager/html/upload". This is made possible by a "hidden account" in the XML file that specifies Tomcat users.Recommendations
For HP Operations Manager version 8.10 on Windows, consider disabling the
org.apache.catalina.manager.HTMLManagerServlet class as a temporary workaround until a patch is available. Restrict access to the manager/html/upload endpoint to minimize the risk of exploitation.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Apache Tomcat
Hp Operations Manager
Windows