CVE-2014-7883
published 2015-02-15CVE-2014-7883: HP Universal CMDB (UCMDB) Probe 9.05, 10.01, and 10.11 enables the HTTP TRACE method, which allows remote attackers to obtain sensitive information by reading…
PriorityP337medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
37.02%
98.3th percentile
HP Universal CMDB (UCMDB) Probe 9.05, 10.01, and 10.11 enables the HTTP TRACE method, which allows remote attackers to obtain sensitive information by reading the headers of a response.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hp | universal_configuration_management_database | — | — |
| hp | universal_configuration_management_database | — | — |
| hp | universal_configuration_management_database | — | — |
Detection & IOCsextracted from sources · hover to see the quote
url/jmx-console/HtmlAdaptor?action=invokeOpByName&name=UCMDB%3Aservice%3DAuthorization+Services&methodName=createUser&arg0=&arg1=zdi-poc&arg2=pocuser&arg3=zdi-poc&arg4=pocuser↗
commandcurl -I "http://foobar:8080/jmx-console/HtmlAdaptor?action=invokeOpByName&name=UCMDB%3Aservice%3DAuthorization+Services&methodName=createUser&arg0=&arg1=zdi-poc&arg2=pocuser&arg3=zdi-poc&arg4=pocuser"↗
- →Detect HTTP HEAD (and other non-GET/POST) method requests to the JMX-Console path /jmx-console/HtmlAdaptor, which bypasses access controls enforced only on GET and POST. ↗
- →Alert on HTTP TRACE method requests to HP UCMDB Probe endpoints, which can expose sensitive header information. ↗
- →Monitor for requests to /jmx-console/HtmlAdaptor containing 'createUser' in the query string, indicating attempted account creation via authentication bypass. ↗
- →Inspect web.xml security constraints on the JMX Console; if only GET and POST are listed under protected methods, the application is vulnerable to method-bypass attacks. ↗
- ·The vulnerability is identical in nature to CVE-2010-0738 (JBoss JMX-Console Authentication Bypass); detection logic developed for that CVE may be reusable here. ↗
- ·The JMX Console is installed and exposed by default; affected versions include UCMDB 10.10 and potentially others. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://www.kb.cert.org/vuls/id/867593http://www.securitytracker.com/id/1031688https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04553906http://www.kb.cert.org/vuls/id/867593http://www.securitytracker.com/id/1031688https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04553906
2015-02-15
Published