Immunity Advisory: Compaq Web Management vulnerability

[Chris Wysopal <weld () vulnwatch org>]

Excerpt:

Remote, unauthenticated certificate upload in Compaq Web Management (HP
HTTP) Compaq Web Management includes a number of daemons, which listen on
a number of TCP ports, and also to SNMP requests. On port 2381, an SSL
HTTP server runs. If the system is configured to let anonymous users
browse it, a common configuration, then a bug in the validation system
allows users to upload their own certificates to be trusted by the client
system. This would then allow that machine to be administered remotely via
such mechanisms as Secure Task Execution.

Full Advisory:

http://www.immunitysec.com/downloads/hp_http.sxw.pdf