HP Web-enabled Management Software HTTP Server Remote Overflow
Remote / Network Access
Denial of Service,
Loss of Integrity,
Loss of Availability
A remote overflow exists in the HP Web-enabled Management Software HTTP server, running any Web Based Enterprise Management Agent or Utility that resides on TCP port 2301. The server fails to validate user supplied input resulting in a buffer overflow. With a specially crafted request, an attacker can cause a denial of service condition (server crash) or potentially execute arbitrary code.
Upgrade to version 5.96 or higher, as it has been reported to fix this
vulnerability. It is also possible to correct the flaw by implementing
the following workaround(s):
Downloaded the patch file from hp; file is a self-extracting executable with
a filename based on the Smart Component Number. Have all the associated files
listed below in a single directory on your hard drive.
From a DOS command shell change to that drive and directory and type:
This will replace the necessary files.