| VID |
29074 |
| Severity |
30 |
| Port |
2301 |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Compaq Web-Based Management Agent has multiple remote vulnerabilities
The Compaq Web Based Management Agent for Servers provides device information for all managed subsystems and alerts for SNMP traps. Several vulnerabilities exists in the agent. By exploiting these vulnerabilities, a remote attacker can determine if a specified file on the system exists or not. A remote attacker can also cause the service to crash.
A remote attacker can request the following type of URL to determine whether a specified file exists on the server:
http://[target]:2301/<!.DebugSearchPaths>?Url=%2F..%2F..%2F..%2F..%2Fboot.ini
Several URLs can trigger a stack overflow. But it was not indicate whether these overflows could result in arbitrary code execution. The URLs include:
http://[target]:2301/<!.StringRedirecturl>
http://[target]:2301/<!>
http://[target]:2301/survey/<!>
http://[target]:2301/<!.StringHttpRequest=Url>
http://[target]:2301/survey/<!.StringHttpRequest=Url>
http://[target]:2301/<!.St ringIsapiECB=lpszPathInfo>
http://[target]:2301/<!.ObjectIsapiECB>
A buffer overflow can also be triggered with the following HTTP request:
GET /<!.FunctionContentType=(About 250 AAAAA:s)> HTTP/1.0
A remote attacker can also view a 'TAG' list by requesting the following URL:
http://[target]:2301/<!.TableDisplayTags>
The above listed URLs can be used via the HTTPS port (tcp 2381), as well.
* References:
http://www.securiteam.com/securitynews/5CP0S15AAC.html
http://www.securitytracker.com/alerts/2003/Apr/1006453.html
* Platforms Affected:
Compaq Insight Manager Any version
Microsoft Windows Any version |
| Recommendation |
No patch or upgrade available as of June 2014.
As a workaround, disable the Web-Enabled Agent. For how to disable the Web-Enabled Agent, refer to documentation in the "Disabling the Web-Enabled Agents" at http://h18000.www1.hp.com/products/servers/management/agentsecurity.html |
| Related URL |
(CVE) |
| Related URL |
8009,8014,8015,8019 (SecurityFocus) |
| Related URL |
12426,11736,11737,11738,12660 (ISS) |
|
