CVE-2009-4189
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2009-4189
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
HP Operations Manager has a default password of OvW*busr1 for the ovwebusr account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet container. NOTE: this might overlap CVE-2009-3099 and CVE-2009-3843.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
HP Operations Manager 默认密码漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
HP Operations Manager基础架构和应用程序为公司业务流程提供支持,HP Operations Manager存在使用OvW*busr1的默认密码的ovwebusr账号的,远程攻击者远程攻击者可以使用这个默认口令和账号向Tomcat servlet容器的/manager servlet上传受限制的文件。注意:这可能与CVE-2009-3099和CVE-2009-3843交迭。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2009-4189
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2009-4189
请登录查看更多情报信息。
Same Patch Batch · n/a · 2009-12-03 · 12 CVEs total
| CVE-2009-4192 | Interspire Knowledge Manager 'file_manager.php'P参数 目录遍历漏洞 | |
| CVE-2009-4193 | Merkaartor 'merkaartor.log'临时文件信息泄露漏洞 | |
| CVE-2009-4194 | kmint21 Golden FTP Server 目录遍历漏洞 | |
| CVE-2009-1566 | Roxio Creator 图形维度分配整数溢出漏洞 | |
| CVE-2009-0895 | Novell eDirectory NDS Verb 0x1请求堆溢出漏洞 | |
| CVE-2009-1567 | Larts Photobox Uploader ActiveX控件URL解析栈溢出漏洞 | |
| CVE-2009-4186 | Apple Safari (CSS)背景URI值拒绝服务漏洞 | |
| CVE-2009-4187 | Sun Java System Portal Server Gateway构成多个跨站脚本漏洞 | |
| CVE-2009-4188 | HP Operations Dashboard默认管理账号口令漏洞 | |
| CVE-2009-4190 | Sun OpenSolaris 核心未明拒绝服务漏洞 | |
| CVE-2009-4191 | Sun Solaris和OpenSolaris 未明特权提升漏洞 |
IV. Related Vulnerabilities
V. Comments for CVE-2009-4189
No comments yet