Lucene search

[email protected]CVE-2009-3843

HistoryNov 24, 2009 - 12:30 a.m.

CVE-2009-3843

2009-11-2400:30:00

CWE-264

[email protected]

web.nvd.nist.gov

117

In Wild

operations manager

windows

xml

remote code execution

security vulnerability

cve-2009-3843

nvd

9.6 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.887 High

EPSS

Percentile

98.7%

JSON

HP Operations Manager 8.10 on Windows contains a “hidden account” in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.

Affected configurations

NVD

Node

hpoperations_managerMatch8.10windows

CPENameOperatorVersion
hp:operations_managerhp operations managereq8.10

CPE	Name	Operator	Version
hp:operations_manager	hp operations manager	eq	8.10

References

marc.info/?l=bugtraq&m=125873415424980&w=2

secunia.com/advisories/37444

securitytracker.com/id?1023222

www.osvdb.org/60317

www.zerodayinitiative.com/advisories/ZDI-09-085/

exchange.xforce.ibmcloud.com/vulnerabilities/54361

9.6 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.887 High

EPSS

Percentile

98.7%

JSON

Related for CVE-2009-3843

saint4 securityvulns3 zdi1 seebug1 packetstorm2 attackerkb1 nvd2 cvelist2 prion2 checkpoint_advisories1 cve1 zdt1 openvas2 kitploit3