CVE-2009-4188

Currently unrated

Key Information:

Vendor: HP
Status: Operations Dashboard
Vendor: CVE Published:; 3 December 2009

Summary

HP Operations Dashboard has a default password of j2deployer for the j2deployer account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet container. NOTE: this might overlap CVE-2009-3098.

References

http://www.securityfocus.com/bid/36258

vdb-entryx_refsource_BID

http://www.intevydis.com/blog/?p=87

x_refsource_MISC

EPSS Score

75% chance of being exploited in the next 30 days.

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Dec 3, 2009