Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Compaq Web Management, BJs Alerts of Possible Credit Card Theft

Mar 13, 2004 8:37AM PST

Immunity Advisory: Compaq Web Management Vulnerability

Immunity, Inc. released an advisory regarding a vulnerability in Compaq Web Management (HP HTTP). "Compaq Web Management includes a number of daemons, which listen on a number of TCP ports, and also to SNMP requests. On port 2381, an SSL HTTP server runs. If the system is configured to let anonymous users browse it, a common configuration, then a bug in the validation system allows users to upload their own certificates to be trusted by the client system. This would allow that machine to be administered remotely via such mechanisms as Secure Task Execution. This is considered a cricical problem, as Compaq Web Management is often installed on every machine in an enterprise."

Complete advisory is available at:

http://www.immunitysec.com/downloads/hp_http.sxw.pdf

Discussion is locked