Vulnerability Name:

CVE-2001-0134 (CCN-5935)

Assigned:2001-01-12
Published:2001-01-12
Updated:2016-10-18
Summary:Buffer overflow in cpqlogin.htm in web-enabled agents for various Compaq management software products such as Insight Manager and Management Agents allows remote attackers to execute arbitrary commands via a long user name.
CVSS v3 Severity:10.0 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Tue Jan 16 2001 - 09:56:06 CST
iXsecurity.20001120.compaq-authbo.a

Source: MITRE
Type: CNA
CVE-2001-0134

Source: BUGTRAQ
Type: UNKNOWN
20010116 iXsecurity.20001120.compaq-authbo.a

Source: CCN
Type: CIAC Information Bulletin L-042
Compaq Web-enabled Management Software Buffer Overflow

Source: CCN
Type: eSecurityOnline Web Site
Compaq web-enabled management software buffer overflow vulnerability

Source: CCN
Type: US-CERT VU#137024
Compaq web-enabled management software contains buffer overflow in authentication username

Source: CCN
Type: OSVDB ID: 11312
Multiple Compaq Management Software cpqlogin.htm Remote Overflow

Source: BID
Type: Patch, Vendor Advisory
2200

Source: CCN
Type: BID-2200
Compaq Web Admin Buffer Overflow Vulnerability

Source: CCN
Type: Compaq Security Advisory, Reference SSRT0705
Compaq web-enabled management software security vulnerability.

Source: COMPAQ
Type: Patch
SSRT0705

Source: XF
Type: UNKNOWN
compaq-web-management-bo(5935)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:compaq:armada_insight_manager:4.20:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:armada_insight_manager:4.20j:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:enterprise_volume_manager-command_scripter:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:enterprise_volume_manager-command_scripter:1.1:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:foundation_agents:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:foundation_agents:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:foundation_agents:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:foundation_agents:4.90:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:insight_management_agent:4.37e:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:insight_management_desktop_web_agent:3.7:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:insight_manager_lc:1.3c:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:insight_manager_lc:1.50a:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:insight_manager_xe:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:insight_manager_xe:1.21:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:intelligent_cluster_administrator:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:intelligent_cluster_administrator:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:management_agents:4.30j:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:management_agents:4.35j:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:management_agents:4.36e:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:management_agents:4.36j:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:open_san_manager:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:sanworks_resource_monitor:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:storage_allocation_reporter:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:survey_utility:2.17:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:survey_utility:2.18:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:survey_utility:2.33:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:system_healthcheck:3.0:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:digital:unix:4.0f:*:*:*:*:*:*:*
  • OR cpe:/o:digital:unix:4.0g:*:*:*:*:*:*:*
  • OR cpe:/o:digital:unix:5.0:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:compaq:system_healthcheck:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:insight_management_desktop_web_agent:3.7:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:open_san_manager:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:sanworks_resource_monitor:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:storage_allocation_reporter:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:armada_insight_manager:4.20:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:armada_insight_manager:4.20j:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:insight_manager_lc:1.50a:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:insight_manager_xe:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:insight_manager_xe:1.21:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:intelligent_cluster_administrator:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:intelligent_cluster_administrator:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:survey_utility:2.17:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:survey_utility:2.18:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:survey_utility:2.33:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:foundation_agents:4.90:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:foundation_agents:4.0:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:foundation_agents:2.1:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:foundation_agents:1.0:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:insight_manager_lc:1.3c:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:management_agents:4.36j:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:management_agents:4.36e:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:management_agents:4.35j:*:*:*:*:*:*:*
  • OR cpe:/a:compaq:management_agents:4.30j:*:*:*:*:*:*:*
  • OR cpe:/o:digital:unix:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:digital:unix:4.0g:*:*:*:*:*:*:*
  • OR cpe:/o:digital:unix:4.0f:*:*:*:*:*:*:*
  • AND
  • cpe:/o:compaq:tru64:4.0f:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:5.0:*:*:*:*:*:*:*
  • OR cpe:/o:compaq:tru64:4.0g:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    compaq armada insight manager 4.20
    compaq armada insight manager 4.20j
    compaq enterprise volume manager-command scripter 1.0
    compaq enterprise volume manager-command scripter 1.1
    compaq foundation agents 1.0
    compaq foundation agents 2.1
    compaq foundation agents 4.0
    compaq foundation agents 4.90
    compaq insight management agent 4.37e
    compaq insight management desktop web agent 3.7
    compaq insight manager lc 1.3c
    compaq insight manager lc 1.50a
    compaq insight manager xe 1.0
    compaq insight manager xe 1.21
    compaq intelligent cluster administrator 1.0
    compaq intelligent cluster administrator 2.1
    compaq management agents 4.30j
    compaq management agents 4.35j
    compaq management agents 4.36e
    compaq management agents 4.36j
    compaq open san manager 1.0
    compaq sanworks resource monitor 1.0
    compaq storage allocation reporter 1.0
    compaq survey utility 2.17
    compaq survey utility 2.18
    compaq survey utility 2.33
    compaq system healthcheck 3.0
    digital unix 4.0f
    digital unix 4.0g
    digital unix 5.0
    compaq system healthcheck 3.0
    compaq insight management desktop web agent 3.7
    compaq open san manager 1.0
    compaq sanworks resource monitor 1.0
    compaq storage allocation reporter 1.0
    compaq armada insight manager 4.20
    compaq armada insight manager 4.20j
    compaq insight manager lc 1.50a
    compaq insight manager xe 1.0
    compaq insight manager xe 1.21
    compaq intelligent cluster administrator 1.0
    compaq intelligent cluster administrator 2.1
    compaq survey utility 2.17
    compaq survey utility 2.18
    compaq survey utility 2.33
    compaq foundation agents 4.90
    compaq foundation agents 4.0
    compaq foundation agents 2.1
    compaq foundation agents 1.0
    compaq insight manager lc 1.3c
    compaq management agents 4.36j
    compaq management agents 4.36e
    compaq management agents 4.35j
    compaq management agents 4.30j
    digital unix 5.0
    digital unix 4.0g
    digital unix 4.0f
    compaq tru64 4.0f
    compaq tru64 5.0
    compaq tru64 4.0g