CVE-2009-3843

Published: Nov 24, 2009Modified: Apr 23, 2026

10.0

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 10.0 / Impact: 10.0

Source: NVD

Description

HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.

Affected (1)

Products: Hp: Operations Manager

1 product

Operations Manager

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Hp Operations Manager	Version 8.10

Related CWEs

References (12)

http://marc.info/?l=bugtraq&m=125873415424980&w=2

Source: hp-security-alert@hp.com

http://secunia.com/advisories/37444

Source: hp-security-alert@hp.com

Vendor Advisory

http://securitytracker.com/id?1023222

Source: hp-security-alert@hp.com

http://www.osvdb.org/60317

Source: hp-security-alert@hp.com

http://www.zerodayinitiative.com/advisories/ZDI-09-085/

Source: hp-security-alert@hp.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/54361

Source: hp-security-alert@hp.com

http://marc.info/?l=bugtraq&m=125873415424980&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/37444

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://securitytracker.com/id?1023222

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.osvdb.org/60317

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.zerodayinitiative.com/advisories/ZDI-09-085/

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/54361

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.