Vulnerabilities > CVE-2001-0374 - Security Bypass vulnerability in Web-Enabled Management
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The HTTP server in Compaq web-enabled management software for (1) Foundation Agents, (2) Survey, (3) Power Manager, (4) Availability Agents, (5) Intelligent Cluster Administrator, and (6) Insight Manager can be used as a generic proxy server, which allows remote attackers to bypass access restrictions via the management port, 2301.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | Web Servers |
| NASL id | DDI_COMPAQ_MGMT_PROXY.NASL |
| description | The remote Compaq Web Management Agent install can be used as an HTTP proxy. An attacker can use this to bypass firewall rules or hide the source of web-based attacks. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 10963 |
| published | 2002-05-22 |
| reporter | This script is Copyright (C) 2002-2018 Digital Defense Inc. |
| source | https://www.tenable.com/plugins/nessus/10963 |
| title | Compaq Web-enabled Management Software HTTP Server Arbitrary Traffic Proxy |