cbcvebase.
CVE-2009-4188
published 2009-12-03

CVE-2009-4188: HP Operations Dashboard has a default password of j2deployer for the j2deployer account, which allows remote attackers to execute arbitrary code via a session…

PriorityP274critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
69.49%
99.3th percentile
HP Operations Dashboard has a default password of j2deployer for the j2deployer account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet container. NOTE: this might overlap CVE-2009-3098.

Detection & IOCsextracted from sources · hover to see the quote

otherj2deployer:j2deployer
path/manager
  • Detect authentication attempts using the default credential pair j2deployer:j2deployer against the HP Operations Dashboard Tomcat manager interface
  • Monitor for file upload requests (POST) to the /manager servlet in Tomcat, especially from accounts with the manager role, as exploitation involves unrestricted file upload via this endpoint
  • Alert on remote code execution attempts leveraging the j2deployer account session against HP Operations Dashboard 2.1 on Windows
  • ·The default password 'j2deployer' for the j2deployer account must be changed immediately upon deployment; failure to do so exposes the Tomcat manager servlet to unauthenticated remote attackers
  • ·This vulnerability may overlap with CVE-2009-3098; operators should assess both CVEs when evaluating exposure
  • ·HP Operations Dashboard 2.1 for Windows is confirmed vulnerable; other versions may also be affected and should be evaluated
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.