Immunity Advisory: Compaq Web Management Vulnerability
Immunity, Inc. released an advisory regarding a vulnerability in Compaq Web Management (HP HTTP). "Compaq Web Management includes a number of daemons, which listen on a number of TCP ports, and also to SNMP requests. On port 2381, an SSL HTTP server runs. If the system is configured to let anonymous users browse it, a common configuration, then a bug in the validation system allows users to upload their own certificates to be trusted by the client system. This would allow that machine to be administered remotely via such mechanisms as Secure Task Execution. This is considered a cricical problem, as Compaq Web Management is often installed on every machine in an enterprise."
Complete advisory is available at:
http://www.immunitysec.com/downloads/hp_http.sxw.pdf

Chowhound
Comic Vine
GameFAQs
GameSpot
Giant Bomb
TechRepublic