CVE-2014-7883
Description
HP Universal CMDB (UCMDB) Probe 9.05, 10.01, and 10.11 enables the HTTP TRACE method, which allows remote attackers to obtain sensitive information by reading the headers of a response.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
Hewlett-Packard (HP) UCMDB - JMX-Console Authentication Bypass
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| hp | universal_configuration_management_database | 9.05 | |
| hp | universal_configuration_management_database | 10.01 | |
| hp | universal_configuration_management_database | 10.11 | |
References
- http://www.kb.cert.org/vuls/id/867593
- http://www.securitytracker.com/id/1031688
- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04553906
- http://www.kb.cert.org/vuls/id/867593
- http://www.securitytracker.com/id/1031688
- https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04553906
CWEs
CWE-200
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.