Signature Detail
Short Name |
APP:HPOV:INT-MGMT-CTR-INFO-DIS |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
HP Intelligent Management Center Database Credentials Information Disclosure |
Release Date |
2010/10/06 |
Update Number |
1786 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
APP: HP Intelligent Management Center Database Credentials Information Disclosure
This signature detects attempts to exploit a known vulnerability in HP Intelligent Management Center Database. A successful attack can result in disclosure of the server's administrator credentials, leading to arbitrary code execution.
Extended Description
3Com Intelligent Management Center is prone to multiple directory-traversal, cross-site scripting, and information-disclosure vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these issues will allow an attacker to traverse through arbitrary directories and gain access to sensitive information, view local files in the context of the webserver process, and execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. 3Com Intelligent Management Center 3.3 SP1 and 3.3.9 are vulnerable; other versions may also be affected.
Affected Products
- 3Com Intelligent Management Center (IMC) 3.3.9 R2 606
- 3Com Intelligent Management Center (IMC) 3.3 SP1 R2 606
References