Update Protection against HP Intelligent Management Center Database Credentials Information Disclosure Vulnerability
| Check Point Reference: | CPAI-2010-223 | |
| Date Published: | ||
| Severity: | ||
| Source: | Secunia Advisory: SA39891 | |
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? HP Intelligent Management Center prior to 3.3 SP2 (R2606P13) | ||
| Vulnerability Description A policy bypass vulnerability has been reported in in HP Intelligent Management Center (IMC). HP 3Com IMC is a modular management system designed to integrate the management of devices, services and users. A remote unauthenticated attacker could exploit this issue to retrieve database credentials setup for the affected application. |
||
|
Update/Patch Available Apply patch: Intelligent Management Center v3.3 SP2 (R2606P13) |
|
|
Vulnerability Details The vulnerability is due to insufficient access control for configuration files containing database credentials. A remote attacker may exploit this issue via a specially crafted HTTP request, to retrieve database credentials setup for the affected application. Successful exploitation of this vulnerability will allow the attacker gain read/write access to the application's database content. |
Protection Overview
This protection will detect and block crafted HTTP requests sent to the vulnerable system.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, Protection tab, and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.