Vulnerability Note VU#991240
Compaq web-enabled management software acts as generic proxy
Remote attackers may be able to relay connections through systems running the Compaq web-enabled management software. Attackers relaying connection in this way may be able to access restricted portions of the network or disguise their identity while attacking other systems. Many Compaq products are affected, from personal computers to commercial UNIX operating systems.
The Compaq web-enabled management software allows system management information to be accessed through a web interface. As an unintended side effect, remote attackers may be able to relay connections through systems running the vulnerable software. This is attractive to intruders because they may use this feature to hide their identity (disguised as the system running the web-enabled management software) while attacking other systems. If the vulnerable system has access to more than one network, the attacker may also be able to bypass normal firewall restrictions or access restricted networks.
Affected Compaq products include those running Microsoft Windows 9x, Windows NT, Windows 2000, NetWare, SCO Open Server, SCO UnixWare 7, RedHat 6.2, RedHat 7.0, Tru64Unix, and OpenVMS. Web-enabled management software is also supported for Compaq storage products.
A remote intruder may be able to relay TCP connections through systems running the vulnerable software.
Apply a Patch
Disable the Web-Enabled Management Software
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Compaq Computer Corporation||Affected||-||06 Apr 2001|
CVSS Metrics (Learn More)
This document was written by Cory F. Cohen.
- CVE IDs: Unknown
- Date Public: 22 Mar 2001
- Date First Published: 06 Apr 2001
- Date Last Updated: 30 Aug 2001
- Severity Metric: 9.81
- Document Revision: 7
If you have feedback, comments, or additional information about this vulnerability, please send us email.