Compaq Insight Agent acts as proxy

2001-01-09T00:00:00
ID OSVDB:787
Type osvdb
Reporter OSVDB
Modified 2001-01-09T00:00:00

Description

Vulnerability Description

The Compaq Web Management Agent (Insight Agent) can be used as an HTTP proxy, which lets an attacker 'tunnel' HTTP requests through the vulnerable host. This could potentially be used to bypass firewall or other network restrictions, or to mask the attacker's origins.

Technical Description

The Insight Agent runs on port 2301 of the host. Making a standard HTTP proxy request to the web service running on that host will determine if the vulnerability exists or not.

Solution Description

Due to the information leak associated with this service, we recommend that you disable the Compaq Management Agent or filter access to TCP port 2301 and 280. If this service is required, installing the appropriate upgrade from Compaq will fix this issue. The issue is referenced in Compaq security advisory SSRT0715.

Short Description

The Compaq Web Management Agent (Insight Agent) can be used as an HTTP proxy, which lets an attacker 'tunnel' HTTP requests through the vulnerable host. This could potentially be used to bypass firewall or other network restrictions, or to mask the attacker's origins.

References:

Vendor Specific Advisory URL Related OSVDB ID: 1958 Related OSVDB ID: 2070 Keyword: CIM SSRT0715 CVE-2001-0374