Compaq Web-enabled Management Software HTTP Server Arbitrary Traffic Proxy

This script is Copyright (C) 2002-2013 Digital Defense Inc.


Synopsis :

The remote web management agent can be abused to serve as a network
proxy.

Description :

The remote Compaq Web Management Agent install can be used as an HTTP
proxy. An attacker can use this to bypass firewall rules or hide the
source of web-based attacks.

See also :

http://h18000.www1.hp.com/products/servers/management/SSRT0758.html

Solution :

Due to the information leak associated with this service, you should
disable the Compaq Management Agent or filter access to TCP ports 2301
and 280.

If this service is required, contact the vendor for a software
update.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Web Servers

Nessus Plugin ID: 10963 (DDI_Compaq_Mgmt_Proxy.nasl)

Bugtraq ID:

CVE ID: CVE-2001-0374