| VID |
12048 |
| Severity |
40 |
| Port |
2301 |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Compaq Insight Manager HTTP Server is vulnerable to a format string vulnerability.
Compaq Insight Manager is a software package that provides Web-based management functionality for Compaq servers. The Compaq Web Based Management Agent for Servers provides device information for all managed subsystems and alerts for SNMP traps.
Compaq Insight Manager version 5.00 H and prior are vulnerable to a format string attack. By sending a specially-crafted HTTP GET DebugSearchPaths request containing format strings, a remote attacker could execute arbitrary codes on the affected system with LocalSystem privileges.
* Note: The Compaq Insight Manager HTTP Server may be crashed by this check. Therefore restarting the service is required in order to regain normal functionality.
* References:
http://www.securiteam.com/windowsntfocus/5HP0J00AUU.html
http://archives.neohapsis.com/archives/fulldisclosure/2003-q3/1373.html
* Platforms Affected:
Compaq Insight Manager 5.00 H and prior
Windows Any version |
| Recommendation |
No patch or upgrade available as of June 2014.
As a workaround, disable the Web-Enabled Agent. For how to disable the Web-Enabled Agent, refer to documentation in the "Disabling the Web-Enabled Agents" at
http://h18013.www1.hp.com/products/servers/management/security.html |
| Related URL |
(CVE) |
| Related URL |
8336 (SecurityFocus) |
| Related URL |
12823 (ISS) |
|
