CVE-2009-3843

critical HPE
CVSS v3 Base Score
10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS Score
86.8%
Exploitation probability in 30 days
Top 1% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
Low
Confidentiality
C
Integrity
C
Availability
C
Published: November 24, 2009 (6015 days ago)
Last Modified: April 23, 2026
Vendor: HPE
Source: NVD

Description

HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.

CWE

CWE-264

Affected Products

hp operations manager

References

🔗 marc.info 🔗 secunia.com 🔗 securitytracker.com 🔗 www.osvdb.org 🔗 www.zerodayinitiative.com