7 matches found
CVE-2009-3843
creationtimestamp| type| source ---|---|--- 2010-12-14 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/16317 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/tomcatmgrdeploy.rb 2018-05-29 15:50:33+00:00| seen|...
Apache Tomcat Manager Application Deployer Upload and Execute
$Id: tomcatmgrdeploy.rb 8552 2010-02-18 18:18:43Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framewor...
Unrestricted file upload
HP Operations Manager has a default password of OvWbusr1 for the ovwebusr account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet container. NOTE: this...
CVE-2009-4189
HP Operations Manager has a default password of OvWbusr1 for the ovwebusr account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet container. NOTE: this...
CVE-2009-3843
HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make...
CVE-2009-3843
CVE-2009-3843 : The HP Operations Manager 8.10 on Windows is reported to contain a hidden Tomcat user account in an XML file. This enables a remote attacker to perform an unrestricted file upload via /manager/html/upload and execute arbitrary code. Connected sources reference Tomcat manager uploa...
HP Operations Manager 8.10 后门账号漏洞
BUGTRAQ ID: 37086 CVE ID: CVE-2009-3843 HP Operations Manager是用于协调IT基础架构中网络、最终用户体验事件的综合事件和性能管理控制台。 HP Operations Manager的Tomcat用户XML文件中存在隐藏的账号,恶意用户可以使用这个账号访问org.apache.catalina.manager.HTMLManagerServlet类,而这个servlet允许远程用户通过POST请求向/manager/html/upload上传文件。如果攻击者上传了恶意内容,之后就可以在服务器上访问并以SYSTEM用户权限执行任意代...