Preemptive Protection against HP Performance Manager Apache Tomcat Policy Bypass
| Check Point Reference: | CPAI-2010-134 | |
| Date Published: | ||
| Preemptive Since: | ||
| Severity: | ||
| Source: | Secunia Advisory SA39847 | |
| Industry Reference(s): | CVE-2009-3548 | |
| Protection Provided by: |
IPS-1
|
|
| Who is Vulnerable? HP Performance Manager 8.10 | ||
| Vulnerability Description A vulnerability exists in HP Performance Manager, a web-based analysis and visualization tool that analyzes performance trends of applications, systems, and services. HP Performance Manager incorporates Apache Tomcat 5 to help serve custom web applications. The vulnerability is due to insufficient access control within the Apache Tomcat Manager component. A remote attacker can leverage this vulnerability by sending a crafted HTTP request using a set of default credentials. Once authenticated, the attacker can upload a malicious web application to a vulnerable system. |
||
|
Update/Patch Available Vendor advisory |
|
|
Vulnerability Details The vulnerability is due to insufficient access control within the Apache Tomcat Manager component. |
Protection Overview
IPS-1 has been preemptive against this vulnerability since February of 2002. IPS-1 detects and blocks attempts to authentication using any of a number of user-configurable bad usernames.
To configure the defense, select your product from the list below and follow the related protection steps.