CVE-2013-4822
published 2013-10-13CVE-2013-4822: Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (aka BIMS) allows remote…
PriorityP275critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
62.62%
99.1th percentile
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (aka BIMS) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1606.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hp | imc_branch_intelligent_management_system_software_module | — | — |
| hp | imc_branch_intelligent_management_system_software_module | — | — |
| hp | imc_branch_intelligent_management_system_software_module | — | — |
| hp | intelligent_management_center | — | — |
| hp | intelligent_management_center | — | — |
| hp | intelligent_management_center | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect HTTP GET to /upload/upload with a 'fileName' parameter containing path traversal sequences (e.g. WEB-INF/web.xml) — this is the check/probe request used to fingerprint the vulnerable UploadServlet. ↗
- →Detect HTTP PUT to /upload/upload with a 'fileName' parameter ending in .jsp — this is the payload upload step of the exploit. ↗
- →A vulnerable server responds to the GET probe with HTTP 200, Content-Type: application/doc, and body containing 'com.h3c.imc.bims.acs.server.UploadServlet'. Use this response signature for detection. ↗
- →Target server banner contains 'Apache-Coyote'; use this in conjunction with the /upload/upload endpoint to narrow detection scope to HP iMC BIMS instances. ↗
- →After upload, the attacker executes the dropped JSP via HTTP GET to /upload/<random_alphanumeric>.jsp on port 8080. Monitor for GET requests to /upload/*.jsp as a post-exploitation indicator. ↗
- ·The exploit targets HP iMC BIMS versions 5.1 E0201 through 5.2 E0401 on Windows only; the directory traversal payload path (..\web\apps\upload\) is Windows-specific and will not apply to non-Windows deployments. ↗
- ·The module uses ARCH_JAVA payloads; the uploaded JSP payload must not contain bare CR/LF sequences or it will be corrupted by the vulnerable application. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
HP Intelligent Management Center BIms UploadServlet - Directory Traversal (Metasploit)
exploitdb·2013-10-22
CVE-2013-4822 HP Intelligent Management Center BIms UploadServlet - Directory Traversal (Metasploit)
HP Intelligent Management Center BIms UploadServlet - Directory Traversal (Metasploit)
---
##
# This module requires Metasploit: http//metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
require 'msf/core'
class Metasploit3 [ /Apache-Coyote/ ] }
include Msf::Exploit::Remote::HttpClient
include Msf::Exploit::FileDropper
def initialize(info = {})
super(update_info(info,
'Name' => 'HP Intelligent Management Center BIMS UploadServlet Directory Traversal',
'Description' => %q{
This module exploits a directory traversal vulnerability on the version 5.2 of the BIMS
component from the HP Intelligent Management Center. The vulnerability exists in the
UploadServlet, allowing the user to download and upload arbitrary files. This module has
been tested suc
Metasploit
HP Intelligent Management Center BIMS UploadServlet Directory Traversal
metasploit
HP Intelligent Management Center BIMS UploadServlet Directory Traversal
HP Intelligent Management Center BIMS UploadServlet Directory Traversal
This module exploits a directory traversal vulnerability on the version 5.2 of the BIMS component from the HP Intelligent Management Center. The vulnerability exists in the UploadServlet, allowing the user to download and upload arbitrary files. This module has been tested successfully on HP Intelligent Management Center with BIMS 5.2 E0401 on Windows 2003 SP2.
No writeups or analysis indexed.
2013-10-13
Published