Access Validation Vulnerability In Hewlett-Packard Advancestack J3210A

Reported February 8, 2002, by Tamer Sahin.

VERSION AFFECTED

·         Hewlett-Packard Advancestack J3210A Switching Hub

 

DESCRIPTION

An access validation vulnerability exists in Hewlett-Packard's (HP's) Advancestack J3210A Switching Hub that lets an unprivileged user reconfigure the device by connecting to the device's switch management URL at http://somehost/security/web_access.html.

 

VENDOR RESPONSE

 

The vendor, HP, has been notified but hasn't issued a patch.

 

CREDIT
Discovered by Tamer Sahin of Security Office

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish