CVE-2012-5201
published 2013-03-09CVE-2012-5201: Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401…
PriorityP278critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
63.74%
99.1th percentile
Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1611.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hp | intelligent_management_center | <= 5.1 | — |
| hp | intelligent_management_center | — | — |
| hp | intelligent_management_center | — | — |
| hp | intelligent_management_center_for_automated_network_manager | <= 5.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated HTTP POST requests to the mibFileUpload endpoint with a multipart/form-data body containing a ZIP file — this is the core exploit delivery mechanism. ↗
- →Alert on HTTP POST to /imc/webdm/mibbrowser/mibFileUpload with Content-Type multipart/form-data containing a .zip attachment — no authentication header or session cookie required by the application. ↗
- →Detect ZIP archives uploaded to the mibFileUpload endpoint whose internal file paths contain directory traversal sequences (e.g., '../../../../../../../ROOT/') targeting the Tomcat ROOT web directory. ↗
- →Alert on new .jsp files appearing under the Tomcat ROOT web directory following a POST to mibFileUpload — indicates successful path-traversal file drop and potential webshell deployment. ↗
- →Use the Server response header 'Apache-Coyote' as a fingerprint to confirm the target is the HP iMC Tomcat instance; correlate with exploit traffic to port 8080. ↗
- →A GET request to /imc/login.jsf returning HTTP 200 with body matching 'HP Intelligent Management Center' confirms a vulnerable target is being probed (exploit check phase). ↗
- ·The Metasploit module targets HP iMC 5.1 E0202 on Windows 2003 SP2 specifically; the CVE affects all versions before 5.2 E0401, so detection should not be scoped only to this version. ↗
- ·The JSP payload has newline characters (0x0d0a and 0x0a) stripped before embedding in the ZIP; signature-based detection of the payload content must account for this encoding transformation. ↗
- ·The exploit works around an incompatible MIME boundary implementation by removing a leading CRLF before the boundary marker; MIME-parsing IDS rules must handle this non-standard formatting. ↗
- ·The JSESSIONID cookie value sent with the upload request is a random 32-byte hex string and is not a valid session — the endpoint accepts the upload without authentication regardless of cookie value. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
HP Intelligent Management Center - Arbitrary File Upload (Metasploit)
exploitdb·2013-03-26
CVE-2012-5201 HP Intelligent Management Center - Arbitrary File Upload (Metasploit)
HP Intelligent Management Center - Arbitrary File Upload (Metasploit)
---
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# web site for more information on licensing and terms of use.
# http://metasploit.com/
##
require 'msf/core'
class Metasploit3 [ /Apache-Coyote/ ] }
include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::FileDropper
def initialize(info = {})
super(update_info(info,
'Name' => 'HP Intelligent Management Center Arbitrary File Upload',
'Description' => %q{
This module exploits a code execution flaw in HP Intelligent Management Center.
The vulnerability exists in the mibFileUpload which is accepting unauthenticated
file uploads and handling zip contents in a insecu
Metasploit
HP Intelligent Management Center Arbitrary File Upload
metasploit
HP Intelligent Management Center Arbitrary File Upload
HP Intelligent Management Center Arbitrary File Upload
This module exploits a code execution flaw in HP Intelligent Management Center. The vulnerability exists in the mibFileUpload which is accepting unauthenticated file uploads and handling zip contents in an insecure way. Combining both weaknesses a remote attacker can accomplish arbitrary file upload. This module has been tested successfully on HP Intelligent Management Center 5.1 E0202 over Windows 2003 SP2.
No writeups or analysis indexed.
2013-03-09
Published