Short Name |
APP:UNIVERSAL-CMDB-AXIS2-RCE |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
HP Universal CMDB Server Axis2 Default Credentials Remote Code Execution |
Release Date |
2011/07/21 |
Update Number |
1959 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known vulnerability in HP Universal CMDB Server. The vulnerability is due to an authentication weakness in the product's configuration. When the software is installed, default credentials are assigned to the Axis2 web services component. A remote attacker can leverage this vulnerability to upload a malicious web service to a target system, enabling arbitrary code execution within the security context of an Axis2 web service.
Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors, aka ZDI-CAN-2104.