Vulnerabilities > CVE-2009-4188 - Credentials Management vulnerability in HP Operations Dashboard
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
HP Operations Dashboard has a default password of j2deployer for the j2deployer account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet container. NOTE: this might overlap CVE-2009-3098.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
description HP Operations Dashboard 2.1 Portal Default Manager Account Remote Security Vulnerability. CVE-2009-4188. Remote exploits for multiple platform id EDB-ID:33211 last seen 2016-02-03 modified 2009-09-03 published 2009-09-03 reporter Intevydis source https://www.exploit-db.com/download/33211/ title HP Operations Dashboard 2.1 Portal Default Manager Account Remote Security Vulnerability description Apache Tomcat Manager Application Deployer Authenticated Code Execution. CVE-2009-3548,CVE-2009-3843,CVE-2009-4188,CVE-2009-4189,CVE-2010-0557,CVE-2010-4094.... id EDB-ID:16317 last seen 2016-02-01 modified 2010-12-14 published 2010-12-14 reporter metasploit source https://www.exploit-db.com/download/16317/ title Apache Tomcat Manager Application Deployer Authenticated Code Execution
Metasploit
description This module can be used to execute a payload on Apache Tomcat servers that have an exposed "manager" application. The payload is uploaded as a WAR archive containing a jsp application using a POST request against the /manager/html/upload component. NOTE: The compatible payload sets vary based on the selected target. For example, you must select the Windows target to use native Windows payloads. id MSF:EXPLOIT/MULTI/HTTP/TOMCAT_MGR_UPLOAD last seen 2020-06-10 modified 2018-08-20 published 2014-01-27 references - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3843
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4189
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4188
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0557
- http://www-01.ibm.com/support/docview.wss?uid=swg21419179
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4094
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548
- http://tomcat.apache.org/tomcat-5.5-doc/manager-howto.html
reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/http/tomcat_mgr_upload.rb title Apache Tomcat Manager Authenticated Upload Code Execution description This module simply attempts to login to a Tomcat Application Manager instance using a specific user/pass. id MSF:AUXILIARY/SCANNER/HTTP/TOMCAT_MGR_LOGIN last seen 2019-11-17 modified 2019-06-27 published 2013-05-29 references - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3843
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4189
- http://www.harmonysecurity.com/blog/2009/11/hp-operations-manager-backdoor-account.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4188
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0557
- http://www-01.ibm.com/support/docview.wss?uid=swg21419179
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4094
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548
- http://tomcat.apache.org/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0502
reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/http/tomcat_mgr_login.rb title Tomcat Application Manager Login Utility description This module can be used to execute a payload on Apache Tomcat servers that have an exposed "manager" application. The payload is uploaded as a WAR archive containing a jsp application using a PUT request. The manager application can also be abused using /manager/html/upload, but that method is not implemented in this module. NOTE: The compatible payload sets vary based on the selected target. For example, you must select the Windows target to use native Windows payloads. id MSF:EXPLOIT/MULTI/HTTP/TOMCAT_MGR_DEPLOY last seen 2020-05-21 modified 2018-08-20 published 2013-01-07 references - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3843
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4189
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4188
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0557
- http://www-01.ibm.com/support/docview.wss?uid=swg21419179
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4094
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548
- http://tomcat.apache.org/tomcat-5.5-doc/manager-howto.html
reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/http/tomcat_mgr_deploy.rb title Apache Tomcat Manager Application Deployer Authenticated Code Execution
Packetstorm
| data source | https://packetstormsecurity.com/files/download/125021/tomcat_mgr_upload.rb.txt |
| id | PACKETSTORM:125021 |
| last seen | 2016-12-05 |
| published | 2014-02-01 |
| reporter | rangercha |
| source | https://packetstormsecurity.com/files/125021/Apache-Tomcat-Manager-Code-Execution.html |
| title | Apache Tomcat Manager Code Execution |