Vulnwatch mailing list archives
Immunity Advisory: Compaq Web Management vulnerability
From: Chris Wysopal <weld () vulnwatch org>
Date: Fri, 12 Mar 2004 16:48:02 -0500 (EST)
Excerpt: Remote, unauthenticated certificate upload in Compaq Web Management (HP HTTP) Compaq Web Management includes a number of daemons, which listen on a number of TCP ports, and also to SNMP requests. On port 2381, an SSL HTTP server runs. If the system is configured to let anonymous users browse it, a common configuration, then a bug in the validation system allows users to upload their own certificates to be trusted by the client system. This would then allow that machine to be administered remotely via such mechanisms as Secure Task Execution. Full Advisory: http://www.immunitysec.com/downloads/hp_http.sxw.pdf
Current thread:
- Immunity Advisory: Compaq Web Management vulnerability Chris Wysopal (Mar 12)