CVE-2014-7883

HP Universal CMDB Probe 9.05, 10.01, 10.11 - Exposure of Sensitive Information via HTTP TRACE Method

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-7883. PoCs published by Hans-Martin Muench.

AI-analyzed exploit summary The exploit demonstrates an authentication bypass in HP UCMDB's JMX-Console by using the HEAD method to bypass security constraints limited to GET and POST. It creates a new user via a crafted curl command, leveraging the vulnerability to gain unauthorized access.

Description

HP Universal CMDB (UCMDB) Probe 9.05, 10.01, and 10.11 enables the HTTP TRACE method, which allows remote attackers to obtain sensitive information by reading the headers of a response.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Hans-Martin Muench · textwebappswindows
https://www.exploit-db.com/exploits/35982

The exploit demonstrates an authentication bypass in HP UCMDB's JMX-Console by using the HEAD method to bypass security constraints limited to GET and POST. It creates a new user via a crafted curl command, leveraging the vulnerability to gain unauthorized access.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: HP Universal CMDB (UCMDB) 10.10
No auth needed
Prerequisites: Network access to the JMX-Console on port 8080
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/867593
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1031688

Scores

EPSS 0.3702
EPSS Percentile 98.3%

Details

CWE
CWE-200
Status published
Products (3)
hp/universal_configuration_management_database 9.05
hp/universal_configuration_management_database 10.01
hp/universal_configuration_management_database 10.11
Published Feb 15, 2015
Tracked Since Feb 18, 2026