Lucene search

[email protected]CVE-2009-3843

HistoryNov 24, 2009 - 12:30 a.m.

CVE-2009-3843

2009-11-2400:30:00

CWE-264

[email protected]

web.nvd.nist.gov

112

In Wild

operations manager

windows

xml

remote code execution

security vulnerability

cve-2009-3843

nvd

9.4 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.887 High

EPSS

Percentile

98.7%

JSON

HP Operations Manager 8.10 on Windows contains a “hidden account” in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.

CPENameOperatorVersion
hp:operations_managerhp operations managereq8.10

CPE	Name	Operator	Version
hp:operations_manager	hp operations manager	eq	8.10

References

marc.info/?l=bugtraq&m=125873415424980&w=2

secunia.com/advisories/37444

securitytracker.com/id?1023222

www.osvdb.org/60317

www.zerodayinitiative.com/advisories/ZDI-09-085/

exchange.xforce.ibmcloud.com/vulnerabilities/54361

9.4 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.887 High

EPSS

Percentile

98.7%

JSON

Related for CVE-2009-3843

saint4 securityvulns3 prion2 seebug1 zdi1 packetstorm2 attackerkb1 checkpoint_advisories1 cve1 zdt1 openvas2 kitploit3