APP: HP Intelligent Management Center Database Credentials Information Disclosure

This signature detects attempts to exploit a known vulnerability in HP Intelligent Management Center Database. A successful attack can result in disclosure of the server's administrator credentials, leading to arbitrary code execution.

Extended Description

3Com Intelligent Management Center is prone to multiple directory-traversal, cross-site scripting, and information-disclosure vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these issues will allow an attacker to traverse through arbitrary directories and gain access to sensitive information, view local files in the context of the webserver process, and execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. 3Com Intelligent Management Center 3.3 SP1 and 3.3.9 are vulnerable; other versions may also be affected.

Affected Products

3com intelligent_management_center_(imc)

Short Name
APP:HPOV:INT-MGMT-CTR-INFO-DIS
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
Center Credentials Database Disclosure HP Information Intelligent Management bid:40298
Release Date
10/06/2010
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3375
False Positive
Unknown
Vendors

3com

Found a potential security threat?