APP: HP Universal CMDB Server Axis2 Default Credentials Remote Code Execution
This signature detects attempts to exploit a known vulnerability in HP Universal CMDB Server. The vulnerability is due to an authentication weakness in the product's configuration. When the software is installed, default credentials are assigned to the Axis2 web services component. A remote attacker can leverage this vulnerability to upload a malicious web service to a target system, enabling arbitrary code execution within the security context of an Axis2 web service.
Extended Description
Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2104.
Affected Products
Hp universal_configuration_management_database
References
BugTraq: 68363
CVE: CVE-2014-2617
URL: http://retrogod.altervista.org/9sg_ca_d2d.html http://www.rapid7.com/security-center/advisories/R7-0037.jsp http://spl0it.org/files/talks/source_barcelona10/Hacking%20SAP%20BusinessObjects.pdf http://www.zerodayinitiative.com/advisories/zdi-14-230/ https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c04357076
Short Name
APP:UNIVERSAL-CMDB-AXIS2-RCE
Severity
Major
Recommended
False
Recommended Action
Drop
Category
APP
Keywords
Axis2 CMDB CVE-2010-0219 CVE-2014-2617 Code Credentials Default Execution HP Remote Server Universal bid:68363
Release Date
07/21/2011
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Hp
CVSS Score
10.0