Apache Tomcat Application Manager Default Ovwebusr Password Vulnerability

2016年9月29日

Email
Facebook
Twitter
Google+
Linkedin

危険度: : 緊急

CVE識別番号: CVE-2009-4189,CVE-2009-4189

概要

HP Operations Manager has a default password of OvW*busr1 for the ovwebusr account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet container.

トレンドマイクロの対策

Apply associated Trend Micro DPI Rules.

対応方法

Trend Micro Deep Security DPI Rule Number: 1003854

Trend Micro Deep Security DPI Rule Name: 1003854 - Identified Login Attempt To Apache Tomcat Manager Using Default Credentials

影響を受けるソフトウェア

hp operations_manager