Detections
Analytics
Compaq Web-enabled Management Software HTTP Server Arbitrary Traffic Proxy
high Nessus Plugin ID 10963
Synopsis
The remote web management agent can be abused to serve as a network proxy.Description
The remote Compaq Web Management Agent install can be used as an HTTP proxy. An attacker can use this to bypass firewall rules or hide the source of web-based attacks.Solution
Due to the information leak associated with this service, you should disable the Compaq Management Agent or filter access to TCP ports 2301 and 280.If this service is required, contact the vendor for a software update.
See Also
http://h18000.www1.hp.com/products/servers/management/SSRT0758.html
Plugin Details
Severity: High
ID: 10963
File Name: DDI_Compaq_Mgmt_Proxy.nasl
Version: 1.19
Type: remote
Family: Web Servers
Published: 5/22/2002
Updated: 8/22/2018
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
Required KB Items: www/compaq
Vulnerability Publication Date: 1/9/2001
Reference Information
CVE: CVE-2001-0374