CVE-2009-3843
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
24/11/2009
Last modified:
09/04/2025
Description
HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
Impact
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:hp:operations_manager:8.10:*:windows:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://marc.info/?l=bugtraq&m=125873415424980&w=2
- http://marc.info/?l=bugtraq&m=125873415424980&w=2
- http://secunia.com/advisories/37444
- http://securitytracker.com/id?1023222=
- http://www.osvdb.org/60317
- http://www.zerodayinitiative.com/advisories/ZDI-09-085/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54361
- http://marc.info/?l=bugtraq&m=125873415424980&w=2
- http://marc.info/?l=bugtraq&m=125873415424980&w=2
- http://secunia.com/advisories/37444
- http://securitytracker.com/id?1023222=
- http://www.osvdb.org/60317
- http://www.zerodayinitiative.com/advisories/ZDI-09-085/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/54361