Check Point Advisories

Preemptive Protection against HP Performance Manager Apache Tomcat Policy Bypass

Check Point Reference: CPAI-2010-134
Date Published: 25 Jun 2010
Severity: Critical
Last Updated: Friday 01 January, 2010
Source: Secunia Advisory SA39847
Industry Reference:CVE-2009-3548
Protection Provided by:
Who is Vulnerable? HP Performance Manager 8.10
Vulnerability Description A vulnerability exists in HP Performance Manager, a web-based analysis and visualization tool that analyzes performance trends of applications, systems, and services. HP Performance Manager incorporates Apache Tomcat 5 to help serve custom web applications. The vulnerability is due to insufficient access control within the Apache Tomcat Manager component. A remote attacker can leverage this vulnerability by sending a crafted HTTP request using a set of default credentials. Once authenticated, the attacker can upload a malicious web application to a vulnerable system.
Update/Patch AvaliableVendor advisory
Vulnerability DetailsThe vulnerability is due to insufficient access control within the Apache Tomcat Manager component.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK