HP Intelligent Management Center 'IctDownloadServlet' Information Disclosure Vulnerability
BID:58676
Info
HP Intelligent Management Center 'IctDownloadServlet' Information Disclosure Vulnerability
| Bugtraq ID: | 58676 |
| Class: | Design Error |
| CVE: |
CVE-2012-5204 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 07 2013 12:00AM |
| Updated: | Jun 12 2013 02:36PM |
| Credit: | Andrea Micalizzi aka rgod |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
HP Intelligent Management Center 'IctDownloadServlet' Information Disclosure Vulnerability
HP Intelligent Management Center is prone to an information-disclosure vulnerability.
Remote attackers can exploit this issue to gain access to sensitive information that may aid in further attacks.
Note: This issue was previously discussed in BID 58385 (Multiple HP Products Multiple Unspecified Remote Security Vulnerabilities), but has been given its own record to better document it.
The following product versions are affected:
HP Intelligent Management Center Enterprise Edition 5.1 E0202 and prior versions
HP Intelligent Management Center Standard Edition 5.1 E0202 and prior versions
HP Intelligent Management Center for Automated Network Manager 5.1 E0202 and prior versions
HP Intelligent Management Center is prone to an information-disclosure vulnerability.
Remote attackers can exploit this issue to gain access to sensitive information that may aid in further attacks.
Note: This issue was previously discussed in BID 58385 (Multiple HP Products Multiple Unspecified Remote Security Vulnerabilities), but has been given its own record to better document it.
The following product versions are affected:
HP Intelligent Management Center Enterprise Edition 5.1 E0202 and prior versions
HP Intelligent Management Center Standard Edition 5.1 E0202 and prior versions
HP Intelligent Management Center for Automated Network Manager 5.1 E0202 and prior versions
Exploit / POC
HP Intelligent Management Center 'IctDownloadServlet' Information Disclosure Vulnerability
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
Solution / Fix
HP Intelligent Management Center 'IctDownloadServlet' Information Disclosure Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
HP Intelligent Management Center 'IctDownloadServlet' Information Disclosure Vulnerability
References:
References:
- HP Homepage (HP)