CVE-2009-4189
HP Operations Manager - Remote Code Execution via Default Credentials and File Upload
Title source: llmExploitation Summary
EIP tracks 4 public exploits for CVE-2009-4189.
PoCs published by MC, jduck, including Metasploit module auxiliary/scanner/http/tomcat_mgr_login.
AI-analyzed exploit summary This Metasploit module attempts to brute-force login credentials for the Tomcat Application Manager by testing various default or weak credentials. It does not exploit a specific vulnerability but checks for weak authentication configurations referenced in multiple CVEs.
Description
HP Operations Manager has a default password of OvW*busr1 for the ovwebusr account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet container. NOTE: this might overlap CVE-2009-3099 and CVE-2009-3843.
Exploits (4)
This Metasploit module attempts to brute-force login credentials for the Tomcat Application Manager by testing various default or weak credentials. It does not exploit a specific vulnerability but checks for weak authentication configurations referenced in multiple CVEs.
This Metasploit module exploits Apache Tomcat's Manager application to upload and execute a malicious WAR archive via authenticated access. It handles CSRF tokens, session management, and payload deployment, targeting multiple platforms (Java, Windows, Linux).
This Metasploit module exploits Apache Tomcat's Manager application to deploy a malicious WAR file containing a JSP payload, achieving remote code execution. It authenticates with provided credentials, uploads the payload via PUT request, triggers execution, and cleans up by undeploying the application.
This Metasploit module exploits Apache Tomcat's Manager application to deploy a malicious WAR archive containing a JSP payload, achieving authenticated remote code execution. It supports automatic target detection and payload execution, followed by cleanup.