APP: HP ProCurve Manager SNAC GetDomainControllerServlet Policy Bypass

This signature detects attempts to exploit a known vulnerability against HP ProCurve Manager SNAC. A successful attack can lead to authentication bypass.

Extended Description

UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.

Affected Products

Hp procurve_manager

References

BugTraq: 62349

CVE: CVE-2013-4811

Short Name
APP:HP-PROCURVE-BYPASS
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
Bypass CVE-2013-4811 GetDomainControllerServlet HP Manager Policy ProCurve SNAC bid:62349
Release Date
10/07/2013
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3375
False Positive
Unknown
Vendors

Hp

CVSS Score

10.0

Found a potential security threat?