CVE-2013-4813

Name of the Vulnerable Software and Affected Versions HP ProCurve Manager versions 3.20 through 4.0 HP PCM+ versions 3.20 through 4.0 Identity Driven Manager version 4.0

Description The issue allows remote attackers to execute arbitrary commands via a HEAD request. This is related to the Agent (aka AgentController) servlet in the affected software.

Recommendations For HP ProCurve Manager versions 3.20 through 4.0, consider disabling the AgentController servlet until a patch is available. For HP PCM+ versions 3.20 through 4.0, restrict access to the AgentController servlet to minimize the risk of exploitation. For Identity Driven Manager version 4.0, avoid using the vulnerable AgentController servlet until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.