HP.PCM.SNAC.GetDomainControllerServlet.Policy.Bypass
Description
This indicates an attack attempt to exploit a Security Bypass Vulnerability in HP ProCurve Manager SNAC.
The vulnerability is due to an design flaw when the vulnerable system handles a request for GetDomainControllerServlet class. A remote attacker can exploit this to bypass security checks of vulnerable system, via a crafted HTTP request.
Affected Products
HP Identity Driven Manager 4.0
HP ProCurve Manager 3.20
HP ProCurve Manager 4.0
HP ProCurve Manager Plus 3.20
HP ProCurve Manager Plus 4.0
Impact
Security Bypass: Remote attackers can bypass security checks of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
http://h20565.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?docId=emr_nac03897409
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |