CVE-2009-4188
HP Operations Dashboard - RCE
Title source: llmDescription
HP Operations Dashboard has a default password of j2deployer for the j2deployer account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet container. NOTE: this might overlap CVE-2009-3098.
Exploits (4)
exploitdb
WRITEUP
VERIFIED
by Intevydis · textremotemultiple
https://www.exploit-db.com/exploits/33211
metasploit
WORKING POC
EXCELLENT
rubypocjava
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/tomcat_mgr_upload.rb
metasploit
WORKING POC
EXCELLENT
by jduck · rubypocjava
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/tomcat_mgr_deploy.rb
Scores
EPSS
0.8783
EPSS Percentile
99.5%
Details
CWE
CWE-255
Status
published
Products (1)
hp/operations_dashboard
Published
Dec 03, 2009
Tracked Since
Feb 18, 2026