[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[VulnWatch] Immunity Advisory: Compaq Web Management vulnerability

To: vulnwatch@xxxxxxxxxxxxx
Subject: [VulnWatch] Immunity Advisory: Compaq Web Management vulnerability
From: Chris Wysopal <weld@xxxxxxxxxxxxx>
Date: Fri, 12 Mar 2004 16:48:02 -0500 (EST)

Excerpt:

Remote, unauthenticated certificate upload in Compaq Web Management (HP
HTTP) Compaq Web Management includes a number of daemons, which listen on
a number of TCP ports, and also to SNMP requests. On port 2381, an SSL
HTTP server runs. If the system is configured to let anonymous users
browse it, a common configuration, then a bug in the validation system
allows users to upload their own certificates to be trusted by the client
system. This would then allow that machine to be administered remotely via
such mechanisms as Secure Task Execution.

Full Advisory:

http://www.immunitysec.com/downloads/hp_http.sxw.pdf

Prev by Date: [VulnWatch] With regards to the Adobe Acrobat Reader advisory (#NISR03022004)
Next by Date: [VulnWatch] Immunity Advisory: Computer Associates Unicenter TNG
Previous by thread: [VulnWatch] With regards to the Adobe Acrobat Reader advisory (#NISR03022004)
Next by thread: [VulnWatch] Immunity Advisory: Computer Associates Unicenter TNG
Index(es):
- Date
- Thread