CVE-2009-3843
Summary
| CVE | CVE-2009-3843 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2009-11-24 00:30:00 UTC |
| Updated | 2017-08-17 01:31:00 UTC |
| Description | HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload. |
Risk And Classification
Problem Types: CWE-264
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Hp | Operations Manager | 8.10 | All | windows | All |
| Application | Hp | Operations Manager | 8.10 | All | windows | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 60317 | OSVDB | www.osvdb.org | |
| Zero Day Initiative | MISC | www.zerodayinitiative.com | |
| HP Operations Manager Undocumented Account - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| '[security bulletin] HPSBMA02478 SSRT090251 rev.1 - HP Operations Manager for Windows, Remote Unautho' - MARC | HP | marc.info | |
| SecurityTracker.com Archives - HP Operations Manager Hidden Account Lets Remote Users Access the System | SECTRACK | securitytracker.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.