This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects attempts to exploit a directory traversal vulnerability in HP Intelligent Management Center which could result in information disclosure.
HP Intelligent Management Center is a network management application.
HP Intelligent Management Center is prone to an information-disclosure vulnerability. Specifically, this issue occurs because the 'IctDownloadServlet' servlet allows for the disclosure of files readable by SYSTEM. Attackers can exploit this issue to disclose administrative credentials and that may possibly aid in remote code execution.
Remote attackers can exploit this issue to gain access to sensitive information that may aid in further attacks.
Note: This issue was previously discussed in BID 58385 (Multiple HP Products Multiple Unspecified Remote Security Vulnerabilities), but has been given its own record to better document it.
The following product versions are affected:
HP Intelligent Management Center Enterprise Edition 5.1 E0202 and prior versions
HP Intelligent Management Center Standard Edition 5.1 E0202 and prior versions
HP Intelligent Management Center for Automated Network Manager 5.1 E0202 and prior versions
- HP Intelligent Management Center