HP Intelligent Management Center 'FaultDownloadServlet' Information Disclosure Vulnerability
BID:58675
Info
HP Intelligent Management Center 'FaultDownloadServlet' Information Disclosure Vulnerability
| Bugtraq ID: | 58675 |
| Class: | Design Error |
| CVE: |
CVE-2012-5202 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 07 2013 12:00AM |
| Updated: | Jun 12 2013 02:36PM |
| Credit: | Andrea Micalizzi aka rgod |
| Vulnerable: |
HP Intelligent Management Center User Access Manager (UAM) 5.0 |
| Not Vulnerable: | |
Discussion
HP Intelligent Management Center 'FaultDownloadServlet' Information Disclosure Vulnerability
HP Intelligent Management Center is prone to an information-disclosure vulnerability.
Remote attackers can exploit this issue to gain access to sensitive information that may aid in further attacks.
Note: This issue was previously discussed in BID 58385 (Multiple HP Products Multiple Unspecified Remote Security Vulnerabilities), but has been given its own record to better document it.
HP Intelligent Management Center is prone to an information-disclosure vulnerability.
Remote attackers can exploit this issue to gain access to sensitive information that may aid in further attacks.
Note: This issue was previously discussed in BID 58385 (Multiple HP Products Multiple Unspecified Remote Security Vulnerabilities), but has been given its own record to better document it.
Exploit / POC
HP Intelligent Management Center 'FaultDownloadServlet' Information Disclosure Vulnerability
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
Solution / Fix
HP Intelligent Management Center 'FaultDownloadServlet' Information Disclosure Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
HP Intelligent Management Center 'FaultDownloadServlet' Information Disclosure Vulnerability
References:
References:
- HP Homepage (HP)