Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
10
CVSSv2

CVE-2009-3843

Published: 24/11/2009 Updated: 17/08/2017
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
VMScore: 1000
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Operations Manager

Vulnerability Summary

HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote malicious users to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

hp operations manager 8.10

Exploits

Exploit DB: Apache Tomcat Manager - Application Deployer (Authenticated) Code Execution (Metasploit)
## # $Id: tomcat_mgr_deployrb 11330 2010-12-14 17:26:44Z egypt $ ## ## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions Please see the Metasploit # Framework web site for more information on licensing and terms of use # metasploitcom/framework/ ## require 'msf/core' cla ...

Github Repositories

https://github.com/RootUp/AutoSploit

Autosploit = Automating Metasploit Modules.

Autosploit = Automating Metasploit Modules Execute MSF Modules on a target machine MS08_067 MS17_010 MS03_026 MS12_020 MS10_061 MS09_050 MS06_040 MS05_039 MS12_020 OSVDB-73573 CVE-2017-5689 CVE-2012-1823 CVE-2006-2369 CVE-2009-3843 SMB Session Pipe Auditor Gathering GPP Saved Passwords Checks for multiple auxiliary modules Execute MSF Modules on a target machine if applicati

https://github.com/krishpranav/autosploit

A simple ruby tool to automate metasploit modules

autosploit A simple ruby tool to automate metasploit modules Installation git clone githubcom/krishpranav/autosploit cd autosploit bash autosploitsh Execute MSF Modules on a target machine MS08_067 MS17_010 MS03_026 MS12_020 MS10_061 MS09_050 MS06_040 MS05_039 MS12_020 OSVDB-73573 CVE-2017-5689 CVE-2012-1823 CVE-2006-2369 CVE-

References

CWE-264http://marc.info/?l=bugtraq&m=125873415424980&w=2http://www.osvdb.org/60317http://secunia.com/advisories/37444http://www.zerodayinitiative.com/advisories/ZDI-09-085/http://securitytracker.com/id?1023222https://exchange.xforce.ibmcloud.com/vulnerabilities/54361https://nvd.nist.govhttps://github.com/RootUp/AutoSploithttps://www.exploit-db.com/exploits/16317/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400CVE-2023-7252CVE-2024-21111denial of serviceCVE-2024-29661CVE-2024-22856remote attackersencryptionCVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook