ID CVE-2009-4189
Summary HP Operations Manager has a default password of OvW*busr1 for the ovwebusr account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet container. NOTE: this might overlap CVE-2009-3099 and CVE-2009-3843.
References
Vulnerable Configurations
  • cpe:2.3:a:hp:operations_manager
    cpe:2.3:a:hp:operations_manager
CVSS
Base: 10.0 (as of 04-12-2009 - 10:01)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
exploit-db via4
description Apache Tomcat Manager Application Deployer Authenticated Code Execution. CVE-2009-3548,CVE-2009-3843,CVE-2009-4188,CVE-2009-4189,CVE-2010-0557,CVE-2010-4094....
id EDB-ID:16317
last seen 2016-02-01
modified 2010-12-14
published 2010-12-14
reporter metasploit
source https://www.exploit-db.com/download/16317/
title Apache Tomcat Manager Application Deployer Authenticated Code Execution
metasploit via4
  • description This module can be used to execute a payload on Apache Tomcat servers that have an exposed "manager" application. The payload is uploaded as a WAR archive containing a jsp application using a PUT request. The manager application can also be abused using /manager/html/upload, but that method is not implemented in this module. NOTE: The compatible payload sets vary based on the selected target. For example, you must select the Windows target to use native Windows payloads.
    id MSF:EXPLOIT/MULTI/HTTP/TOMCAT_MGR_DEPLOY
    last seen 2019-02-23
    modified 2018-08-20
    published 2013-01-07
    reliability Excellent
    reporter Rapid7
    source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/tomcat_mgr_deploy.rb
    title Apache Tomcat Manager Application Deployer Authenticated Code Execution
  • description This module can be used to execute a payload on Apache Tomcat servers that have an exposed "manager" application. The payload is uploaded as a WAR archive containing a jsp application using a POST request against the /manager/html/upload component. NOTE: The compatible payload sets vary based on the selected target. For example, you must select the Windows target to use native Windows payloads.
    id MSF:EXPLOIT/MULTI/HTTP/TOMCAT_MGR_UPLOAD
    last seen 2019-03-28
    modified 2018-08-20
    published 2014-01-27
    reliability Excellent
    reporter Rapid7
    source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/tomcat_mgr_upload.rb
    title Apache Tomcat Manager Authenticated Upload Code Execution
  • description This module simply attempts to login to a Tomcat Application Manager instance using a specific user/pass.
    id MSF:AUXILIARY/SCANNER/HTTP/TOMCAT_MGR_LOGIN
    last seen 2019-01-01
    modified 2018-02-13
    published 2013-02-20
    reliability Normal
    reporter Rapid7
    source https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/tomcat_mgr_login.rb
    title Tomcat Application Manager Login Utility
packetstorm via4
data source https://packetstormsecurity.com/files/download/125021/tomcat_mgr_upload.rb.txt
id PACKETSTORM:125021
last seen 2016-12-05
published 2014-02-01
reporter rangercha
source https://packetstormsecurity.com/files/125021/Apache-Tomcat-Manager-Code-Execution.html
title Apache Tomcat Manager Code Execution
refmap via4
misc http://www.intevydis.com/blog/?p=87
Last major update 04-12-2009 - 00:00
Published 03-12-2009 - 12:30
Back to Top