First published: Fri Sep 13 2013(Updated: )
The Agent (aka AgentController) servlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allows remote attackers to execute arbitrary commands via a HEAD request, aka ZDI-CAN-1745.
Credit: hp-security-alert@hp.com
Affected Software | Affected Version | How to fix |
---|---|---|
HP ProCurve Identity Driven Manager | =4.0 | |
HP ProCurve Manager | =3.20 | |
HP ProCurve Manager | =3.20 | |
HP ProCurve Manager | =4.0 | |
HP ProCurve Manager | =4.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2013-4813 is considered critical due to its ability to allow remote code execution.
To fix CVE-2013-4813, upgrade to the latest versions of HP ProCurve Manager or Identity Driven Manager as specified by HP.
CVE-2013-4813 affects HP ProCurve Manager versions 3.20 and 4.0, and Identity Driven Manager version 4.0.
Yes, CVE-2013-4813 can be exploited remotely through specially crafted HEAD requests.
CVE-2013-4813 is associated with remote command execution vulnerabilities.