Update Protection against HP Operations Manager Server Unauthorized File Upload Vulnerability
| Check Point Reference: | CPAI-2009-312 | |
| Date Published: | ||
| Severity: | ||
| Last Updated: | ||
| Source: | Secunia Advisory: 37444 | |
| Industry Reference(s): | CVE-2009-3843 CVE-2009-3548 CVE-2009-4189 |
|
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? HP Operations Manager for Windows 8.10 | ||
| Vulnerability Description An unauthorized file upload vulnerability exists in HP Operations Manager, a consolidated event and performance management console that correlates infrastructure, network and end-user experience events across an IT infrastructure.The vulnerability is due to insufficient access control within the Apache Tomcat Manager component. A remote attacker can trigger the vulnerability by sending a crafted HTTP request to /manager/html/upload and once authenticated, upload a malicious web application to a vulnerable system. |
||
|
Update/Patch Available HP has released an advisory addressing this vulnerability: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01931960 |
|
|
Vulnerability Details The vulnerability is due to insufficient access control within the Apache Tomcat Manager Component. |
Protection Overview
This protection will detect and block attempts to access the HP operations manager file upload area using default credentials.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.