1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: HP ProCurve Manager CVE-2013-4811

Web Attack: HP ProCurve Manager CVE-2013-4811

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts of leveraging a path traversal vulnerability in the HP ProvCurve Manager SNAC which could lead to system compromise.

Additional Information

Procurve Manager (PCM) is a software for network management. Identity Driven Manager (IDM) is a plug-in to HP PCM+.

Multiple HP products are prone to a remote code-execution vulnerability that exist in the 'UpdateDomainControllerServlet' servlet. Specifically, this issue occurs because it fails to properly sanitize the 'adCert' argument. An attacker can exploit this issue to upload a specially crafted '.jsp' file.

Successfully exploiting this issue may allow an attacker to execute arbitrary code with SYSTEM privileges. Failed exploit attempts may result in a denial-of-service condition.

Note: This issue was previously discussed in BID 62301 (Multiple HP Products Multiple Unspecified Remote Security Vulnerabilities), but has been given its own record to better document it.

Affected

  • Multiple HP products are prone to a remote code-execution vulnerability that exist in the 'UpdateDomainControllerServlet' servlet.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube