CVE-2013-4811

Name of the Vulnerable Software and Affected Versions HP ProCurve Manager versions 3.20 through 4.0 HP ProCurve Manager+ versions 3.20 through 4.0 Identity Driven Manager version 4.0

Description The issue concerns the UpdateDomainControllerServlet in the SNAC registration server, which fails to properly validate the adCert argument. This allows remote attackers to upload .jsp files, enabling them to execute arbitrary code.

Recommendations For HP ProCurve Manager versions 3.20 through 4.0, consider disabling the UpdateDomainControllerServlet until a patch is available. For HP ProCurve Manager+ versions 3.20 through 4.0, restrict access to the SNAC registration server to minimize the risk of exploitation. For Identity Driven Manager version 4.0, avoid using the adCert argument in the affected servlet until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.