SAINT CorporationSAINT:88789BF22A82B3B79355F9F1C375C644HP Operations Manager hidden Tomcat account
10 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.887 High
EPSS
Percentile
98.7%
Added: 06/18/2010
CVE: CVE-2009-3843
BID: 37086
OSVDB: 60317
Background
HP Operations Manager is a consolidated event and performance management console that correlates infrastructure, network and end-user experience events across an IT infrastructure.
Problem
A hidden Apache Tomcat account allows remote attackers to use the org.apache.catalina.manager.HTMLManagerServlet class to upload arbitrary files, leading to arbitrary code execution.
Resolution
Apply the patch referenced in HPSBMA02478 SSRT090251.
References
<http://www.zerodayinitiative.com/advisories/ZDI-09-085/>
Limitations
Exploit works on HP Operations Manager A.08.10 on Windows Server 2003 and Windows Server 2008.
Platforms
Windows
Related
10 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.887 High
EPSS
Percentile
98.7%