Sign-up

ID

VAR-200912-0129


CVE

CVE-2009-4189


TITLE

HP Operations Manager Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2009-005174

DESCRIPTION

HP Operations Manager has a default password of OvW*busr1 for the ovwebusr account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet container. NOTE: this might overlap CVE-2009-3099 and CVE-2009-3843. Operations Manager is prone to a file-upload vulnerability

Trust: 1.98

sources: NVD: CVE-2009-4189 // JVNDB: JVNDB-2009-005174 // BID: 79264 // VULMON: CVE-2009-4189

AFFECTED PRODUCTS

vendor:hpmodel:operations managerscope:eqversion:*

Trust: 1.0

vendor:hewlett packardmodel:hp operations managerscope: - version: -

Trust: 0.8

vendor:hpmodel:operations managerscope: - version: -

Trust: 0.6

vendor:hpmodel:operations managerscope:eqversion:0

Trust: 0.3

sources: BID: 79264 // JVNDB: JVNDB-2009-005174 // CNNVD: CNNVD-200912-049 // NVD: CVE-2009-4189

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2009-4189
value: HIGH

Trust: 1.8

CNNVD: CNNVD-200912-049
value: CRITICAL

Trust: 0.6

VULMON: CVE-2009-4189
value: HIGH

Trust: 0.1

VULMON: CVE-2009-4189
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

sources: VULMON: CVE-2009-4189 // JVNDB: JVNDB-2009-005174 // CNNVD: CNNVD-200912-049 // NVD: CVE-2009-4189

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.8

sources: JVNDB: JVNDB-2009-005174 // NVD: CVE-2009-4189

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200912-049

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-200912-049

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2009-4189

EXPLOIT AVAILABILITY
sources:
            
            
            VULMON: CVE-2009-4189

PATCH
title:Operations Managerurl:http://www8.hp.com/us/en/software-solutions/software.html?compuri=1170678#.t-6gvxc0o80
Trust: 0.8
title:metasploitable3url:https://github.com/acic-africa/metasploitable3 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2009-4189 // 
            
            
            
            JVNDB: JVNDB-2009-005174

EXTERNAL IDS
db:NVDid:CVE-2009-4189
Trust: 2.8
db:JVNDBid:JVNDB-2009-005174
Trust: 0.8
db:CNNVDid:CNNVD-200912-049
Trust: 0.6
db:BIDid:79264
Trust: 0.4
db:EXPLOIT-DBid:16317
Trust: 0.1
db:VULMONid:CVE-2009-4189
Trust: 0.1
sources:
            
            
            VULMON: CVE-2009-4189 // 
            
            
            
            BID: 79264 // 
            
            
            
            JVNDB: JVNDB-2009-005174 // 
            
            
            
            CNNVD: CNNVD-200912-049 // 
            
            
            
            NVD: CVE-2009-4189

REFERENCES
url:http://www.intevydis.com/blog/?p=87
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-4189
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-4189
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/255.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://www.securityfocus.com/bid/79264
Trust: 0.1
url:https://github.com/acic-africa/metasploitable3
Trust: 0.1
url:https://www.exploit-db.com/exploits/16317/
Trust: 0.1
sources:
            
            
            VULMON: CVE-2009-4189 // 
            
            
            
            BID: 79264 // 
            
            
            
            JVNDB: JVNDB-2009-005174 // 
            
            
            
            CNNVD: CNNVD-200912-049 // 
            
            
            
            NVD: CVE-2009-4189

CREDITS
Unknown
Trust: 0.3
sources:
            
            
            BID: 79264

SOURCES
db:VULMONid:CVE-2009-4189
db:BIDid:79264
db:JVNDBid:JVNDB-2009-005174
db:CNNVDid:CNNVD-200912-049
db:NVDid:CVE-2009-4189

LAST UPDATE DATE
2022-05-04T08:58:44.461000+00:00

SOURCES UPDATE DATE
db:VULMONid:CVE-2009-4189date:2009-12-04T00:00:00
db:BIDid:79264date:2009-12-03T00:00:00
db:JVNDBid:JVNDB-2009-005174date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200912-049date:2009-12-04T00:00:00
db:NVDid:CVE-2009-4189date:2009-12-04T05:00:00

SOURCES RELEASE DATE
db:VULMONid:CVE-2009-4189date:2009-12-03T00:00:00
db:BIDid:79264date:2009-12-03T00:00:00
db:JVNDBid:JVNDB-2009-005174date:2012-09-25T00:00:00
db:CNNVDid:CNNVD-200912-049date:2009-12-03T00:00:00
db:NVDid:CVE-2009-4189date:2009-12-03T17:30:00