Lucene search
SAINT CorporationSAINT:94DD62E7D4C2602EDF0704F85789EDD0HistoryJun 18, 2010 - 12:00 a.m.
HP Operations Manager hidden Tomcat account
2010-06-1800:00:00
SAINT Corporation
download.saintcorporation.com
93
EPSS
0.863
Percentile
98.6%
Added: 06/18/2010
CVE: CVE-2009-3843
BID: 37086
OSVDB: 60317
Background
HP Operations Manager is a consolidated event and performance management console that correlates infrastructure, network and end-user experience events across an IT infrastructure.
Problem
A hidden Apache Tomcat account allows remote attackers to use the org.apache.catalina.manager.HTMLManagerServlet class to upload arbitrary files, leading to arbitrary code execution.
Resolution
Apply the patch referenced in HPSBMA02478 SSRT090251.
References
<http://www.zerodayinitiative.com/advisories/ZDI-09-085/>
Limitations
Exploit works on HP Operations Manager A.08.10 on Windows Server 2003 and Windows Server 2008.
Platforms
Windows
Related
saint
saint
HP Operations Manager hidden Tomcat account
2010-06-18 00:00:00
HP Operations Manager hidden Tomcat account
2010-06-18 00:00:00
HP Operations Manager hidden Tomcat account
2010-06-18 00:00:00
securityvulns
securityvulns
HP Operations Manager backdoor account
2009-11-23 00:00:00
cve
cve
CVE-2009-3843
2009-11-24 00:30:00
CVE-2009-4189
2009-12-03 17:30:02
attackerkb
attackerkb
CVE-2009-3843
2009-11-24 00:00:00
nvd
nvd
CVE-2009-3843
2009-11-24 00:30:00
CVE-2009-4189
2009-12-03 17:30:02
cvelist
cvelist
CVE-2009-3843
2009-11-24 00:00:00
CVE-2009-4189
2009-12-03 17:00:00
prion
prion
Unrestricted file upload
2009-11-24 00:30:00
Unrestricted file upload
2009-12-03 17:30:00
zdi
zdi
packetstorm
packetstorm
Apache Tomcat Manager Application Deployer Upload and Execute
2010-02-19 00:00:00
Apache Tomcat Manager Code Execution
2014-02-01 00:00:00
seebug
seebug
HP Operations Manager 8.10 ćéšèŽŠć·æŒæŽ
2009-11-24 00:00:00
checkpoint_advisories
checkpoint_advisories
metasploit
metasploit
Apache Tomcat Manager Application Deployer Authenticated Code Execution
2013-01-31 05:23:41
Apache Tomcat Manager Authenticated Upload Code Execution
2014-01-30 20:03:52
Tomcat Application Manager Login Utility
2013-10-21 20:13:46
exploitdb
exploitdb
zdt
zdt
Apache Tomcat Manager Code Execution Exploit
2014-02-04 00:00:00
openvas
openvas
kitploit
kitploit
Sn1per v5.0 - Automated Pentest Recon Scanner
2018-07-05 13:45:00
Sn1per v6.0 - Automated Pentest Framework For Offensive Security Experts
2018-11-24 12:43:00
Sn1per v7.0 - Automated Pentest Framework For Offensive Security Experts
2019-05-12 13:09:00