Vulnerabilities > CVE-2009-4189 - Credentials Management vulnerability in HP Operations Manager
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
HP Operations Manager has a default password of OvW*busr1 for the ovwebusr account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet container. NOTE: this might overlap CVE-2009-3099 and CVE-2009-3843.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Exploit-Db
| description | Apache Tomcat Manager Application Deployer Authenticated Code Execution. CVE-2009-3548,CVE-2009-3843,CVE-2009-4188,CVE-2009-4189,CVE-2010-0557,CVE-2010-4094.... |
| id | EDB-ID:16317 |
| last seen | 2016-02-01 |
| modified | 2010-12-14 |
| published | 2010-12-14 |
| reporter | metasploit |
| source | https://www.exploit-db.com/download/16317/ |
| title | Apache Tomcat Manager Application Deployer Authenticated Code Execution |
Metasploit
description This module can be used to execute a payload on Apache Tomcat servers that have an exposed "manager" application. The payload is uploaded as a WAR archive containing a jsp application using a POST request against the /manager/html/upload component. NOTE: The compatible payload sets vary based on the selected target. For example, you must select the Windows target to use native Windows payloads. id MSF:EXPLOIT/MULTI/HTTP/TOMCAT_MGR_UPLOAD last seen 2020-06-10 modified 2018-08-20 published 2014-01-27 references - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3843
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4189
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4188
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0557
- http://www-01.ibm.com/support/docview.wss?uid=swg21419179
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4094
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548
- http://tomcat.apache.org/tomcat-5.5-doc/manager-howto.html
reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/http/tomcat_mgr_upload.rb title Apache Tomcat Manager Authenticated Upload Code Execution description This module simply attempts to login to a Tomcat Application Manager instance using a specific user/pass. id MSF:AUXILIARY/SCANNER/HTTP/TOMCAT_MGR_LOGIN last seen 2019-11-17 modified 2019-06-27 published 2013-05-29 references - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3843
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4189
- http://www.harmonysecurity.com/blog/2009/11/hp-operations-manager-backdoor-account.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4188
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0557
- http://www-01.ibm.com/support/docview.wss?uid=swg21419179
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4094
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548
- http://tomcat.apache.org/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0502
reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/auxiliary/scanner/http/tomcat_mgr_login.rb title Tomcat Application Manager Login Utility description This module can be used to execute a payload on Apache Tomcat servers that have an exposed "manager" application. The payload is uploaded as a WAR archive containing a jsp application using a PUT request. The manager application can also be abused using /manager/html/upload, but that method is not implemented in this module. NOTE: The compatible payload sets vary based on the selected target. For example, you must select the Windows target to use native Windows payloads. id MSF:EXPLOIT/MULTI/HTTP/TOMCAT_MGR_DEPLOY last seen 2020-05-21 modified 2018-08-20 published 2013-01-07 references - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3843
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4189
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4188
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0557
- http://www-01.ibm.com/support/docview.wss?uid=swg21419179
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4094
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3548
- http://tomcat.apache.org/tomcat-5.5-doc/manager-howto.html
reporter Rapid7 source https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/multi/http/tomcat_mgr_deploy.rb title Apache Tomcat Manager Application Deployer Authenticated Code Execution
Packetstorm
| data source | https://packetstormsecurity.com/files/download/125021/tomcat_mgr_upload.rb.txt |
| id | PACKETSTORM:125021 |
| last seen | 2016-12-05 |
| published | 2014-02-01 |
| reporter | rangercha |
| source | https://packetstormsecurity.com/files/125021/Apache-Tomcat-Manager-Code-Execution.html |
| title | Apache Tomcat Manager Code Execution |