BID:9859

HP HTTP Server Trusted Certificate Compromise Vulnerability

Info

HP HTTP Server Trusted Certificate Compromise Vulnerability

Bugtraq ID:	9859
Class:	Design Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 12 2004 12:00AM
Updated:	Mar 12 2004 12:00AM
Credit:	Discovery is credited to Dave Aitel.
Vulnerable:	HP HTTP Server 5.92 + Compaq Web-Based Management Agent + HP Web-Enabled Management Software HP HTTP Server 5.0 + Compaq Web-Based Management Agent + HP Web-Enabled Management Software

Not Vulnerable:	HP HTTP Server 5.93 + Compaq Web-Based Management Agent + HP Web-Enabled Management Software

Discussion

HP HTTP Server Trusted Certificate Compromise Vulnerability

The HP HTTP Server included with HP Web-Enabled Management Software (Compaq Web Management) allows users to upload client-side certificates that will authenticate them against the service. This vulnerability only exists if the Anonymous Access option is enabled. This option is not enabled by default.

This vulnerability is reported to exist on HP HTTP Server versions 5.0 through 5.92.

Exploit / POC

HP HTTP Server Trusted Certificate Compromise Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Solution / Fix

HP HTTP Server Trusted Certificate Compromise Vulnerability

Solution:
HP has released a fix for this issue:

HP HTTP Server 5.0

HP SP25747.exe
http://h18023.www1.hp.com/support/files/Server/us/download/20197.html

HP HTTP Server 5.92

HP SP25747.exe
http://h18023.www1.hp.com/support/files/Server/us/download/20197.html

References

HP HTTP Server Trusted Certificate Compromise Vulnerability

References:

Compaq Web Management (HP HTTP) (Immunity, Inc)