HP Operations Manager hidden Tomcat account

Added: 06/18/2010
CVE: CVE-2009-3843
BID: 37086
OSVDB: 60317

Background

HP Operations Manager is a consolidated event and performance management console that correlates infrastructure, network and end-user experience events across an IT infrastructure.

Problem

A hidden Apache Tomcat account allows remote attackers to use the org.apache.catalina.manager.HTMLManagerServlet class to upload arbitrary files, leading to arbitrary code execution.

Resolution

Apply the patch referenced in HPSBMA02478 SSRT090251.

References

http://www.zerodayinitiative.com/advisories/ZDI-09-085/

Limitations

Exploit works on HP Operations Manager A.08.10 on Windows Server 2003 and Windows Server 2008.

Platforms

Windows

Back to exploit index