HP Intelligent Management Center 'RssServlet' Servlet Information Disclosure Vulnerability

Bugtraq ID:	58969
Class:	Design Error
CVE:	CVE-2012-5207
Remote:	Yes
Local:	No
Published:	Mar 07 2013 12:00AM
Updated:	Mar 07 2013 12:00AM
Credit:	Andrea Micalizzi aka rgod
Vulnerable:	HP Intelligent Management Center Standard Edition 5.1 E0202 HP Intelligent Management Center for Automated Network Manager 5.1 E0202 HP Intelligent Management Center Enterprise Edition 5.1 E0202
Not Vulnerable:	HP Intelligent Management Center Standard Edition for Windows 5.2_E0401 HP Intelligent Management Center Standard Edition for Linux 5.2_E0401 HP Intelligent Management Center Enterprise Edition for Windows 5.2_E0401 HP Intelligent Management Center Enterprise Edition for Linux 5.2_E0401 HP IMC for Automated Network Manager Enterprise Edition (Windows) 5.2_E0401 HP IMC for Automated Network Manager Enterprise Edition (Linux) 5.2_E0401

HP Intelligent Management Center 'RssServlet' Servlet Information Disclosure Vulnerability

HP Intelligent Management Center is prone to an information-disclosure vulnerability.

Remote attackers can exploit this issue to gain access to sensitive information that may aid in further attacks.

Note: This issue was previously discussed in BID 58385 (Multiple HP Products Multiple Unspecified Remote Security Vulnerabilities), but has been given its own record to better document it.

The following product versions are affected:

HP Intelligent Management Center Enterprise Edition 5.1 E0202 and prior versions
HP Intelligent Management Center Standard Edition 5.1 E0202 and prior versions
HP Intelligent Management Center for Automated Network Manager 5.1 E0202 and prior versions

HP Intelligent Management Center 'RssServlet' Servlet Information Disclosure Vulnerability

Currently, we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].