CyberSec.Space Logo
CVEブラウザに戻る

CVE-2009-3843

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1490%
EPSS Percentile5.38th
Published2009年11月24日
Last Modified2026年4月23日

Vulnerability Description

HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.

Affected Platforms (CPE)

📦
Hp

Operations Manager

= 8.10

References & Advisories

🔗 http://marc.info/?l=bugtraq&m=125873415424980&w=2
🔗 http://secunia.com/advisories/37444
🔗 http://securitytracker.com/id?1023222
🔗 http://www.osvdb.org/60317
🔗 http://www.zerodayinitiative.com/advisories/ZDI-09-085/
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/54361
🔗 http://marc.info/?l=bugtraq&m=125873415424980&w=2
🔗 http://secunia.com/advisories/37444

関連する脆弱性情報

CVE-2021-3189110.0

A vulnerability has been identified in Desigo CC (All versions with OIS Extension Module), GMA-Manager (All versions with OIS runn...

CVE-2020-941110.0

The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerabilit...

CVE-2020-1184410.0

Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Ma...

CVE-2007-323210.0

The IBM TotalStorage DS400 with firmware 4.15 uses a blank password for the (1) root, (2) user, (3) manager, (4) administrator, an...